Oprogramowanie rootkit


(Lenadulas) #1

Mam problem, po uruchomieniu komputera wyskakuje mi ostrzeżenie od avasta że znaleziono oprogramowanie rootkit. proszę, pomóżcie


(96jasio96) #2

Zamieść logi z HijackThis i ComboFix


(Lenadulas) #3

logi z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:07:09, on 2009-05-16

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20583)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Winamp\winampa.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Nowe Gadu-Gadu\gg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\GIGABYTE\VGA Utility\Utility.exe

C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrator\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: GIGABYTE VGA Utility.lnk = ?

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier - Szybkie uruchomienie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Usługa inteligentnego transferu w tle (BITS) - Unknown owner - C:\WINDOWS\

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Magazyn chroniony ProtectedStorageSSDPSRV (ProtectedStorageSSDPSRV) - Unknown owner - C:\WINDOWS\system32\advpackm.exe

--

End of file - 8227 bytes

z ComboFix:

ComboFix 09-05-15.06 - Administrator 2009-05-16 19:20.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.408 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090515-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\burnlib.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\dsp_sps.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\enc_aacplus.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\enc_flac.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\enc_flake.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\enc_lame.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\enc_vorbis.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\enc_wav.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\enc_wma.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\gen_crasher.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\gen_dropbox.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\gen_ff.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\gen_hotkeys.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\gen_ml.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\gen_tray.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_cdda.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_dshow.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_flac.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_flv.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_linein.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_midi.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_mod.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_mp3.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_mp4.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_nsv.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_swf.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_vorbis.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_wav.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_wave.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_wm.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\in_wv.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_autotag.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_bookmarks.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_dash.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_disc.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_history.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_impex.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_local.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_nowplaying.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_online.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_orb.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_playlists.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_plg.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_pmp.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_rg.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_transcode.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\ml_wire.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\out_disk.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\out_ds.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\out_wave.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\playlist.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\pmp_activesync.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\pmp_ipod.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\pmp_njb.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\pmp_p4s.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\pmp_usb.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\tagz.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\vis_avs.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\vis_milk2.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\vis_nsfs.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\winamp.lng

c:\docume~1\ADMINI~1\USTAWI~1\Temp\WLZF2CD.tmp\winampa.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\burnlib.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\dsp_sps.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\enc_aacplus.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\enc_flac.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\enc_flake.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\enc_lame.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\enc_vorbis.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\enc_wav.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\enc_wma.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\gen_crasher.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\gen_dropbox.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\gen_ff.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\gen_hotkeys.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\gen_ml.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\gen_tray.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_cdda.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_dshow.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_flac.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_flv.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_linein.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_midi.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_mod.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_mp3.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_mp4.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_nsv.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_swf.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_vorbis.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_wav.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_wave.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_wm.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\in_wv.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_autotag.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_bookmarks.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_dash.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_disc.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_history.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_impex.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_local.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_nowplaying.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_online.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_orb.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_playlists.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_plg.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_pmp.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_rg.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_transcode.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\ml_wire.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\out_disk.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\out_ds.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\out_wave.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\playlist.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\pmp_activesync.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\pmp_ipod.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\pmp_njb.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\pmp_p4s.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\pmp_usb.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\tagz.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\vis_avs.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\vis_milk2.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\vis_nsfs.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\winamp.lng

c:\documents and settings\Administrator\Ustawienia lokalne\Temp\WLZF2CD.tmp\winampa.lng

c:\system\S-1-5-21-1482476501-1644491937-682003330-1013

c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini

c:\windows\system32\advpackm.exe

c:\windows\system32\digiwet.dll

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_ACPI32

-------\Legacy_protectedstoragessdpsrv

-------\Service_acpi32

-------\Service_ati64si

-------\Service_fips32cup

-------\Service_ksi32sk

-------\Service_netsik

-------\Service_ProtectedStorageSSDPSRV

-------\Service_ws2_32sik

((((((((((((((((((((((((( Pliki utworzone od 2009-04-16 do 2009-05-16 )))))))))))))))))))))))))))))))

.

2009-05-16 17:23 . 2009-05-16 17:23 -------- d-----w c:\windows\system32\oobe

2009-05-16 17:23 . 2009-05-16 17:23 -------- d-----w c:\windows\srchasst

2009-05-16 17:23 . 2009-05-16 17:23 -------- d-----w c:\windows\system32\xircom

2009-05-16 17:23 . 2009-05-16 17:23 -------- d-----w c:\windows\msagent

2009-05-16 17:23 . 2009-05-16 17:23 -------- d-----w c:\program files\microsoft frontpage

2009-05-15 18:06 . 2009-05-15 18:06 -------- d-sh--w C:\found.000

2009-05-15 11:57 . 2009-05-15 11:57 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Xfire

2009-05-15 11:57 . 2009-05-15 11:57 -------- d-s---w c:\program files\Xfire

2009-05-15 11:57 . 2009-05-15 11:57 271360 ----a-w c:\windows\system32\drivers\atksgt.sys

2009-05-15 11:57 . 2009-05-15 11:57 18048 ----a-w c:\windows\system32\drivers\lirsgt.sys

2009-05-14 15:14 . 2009-05-16 17:24 104000 ----a-w c:\windows\system32\drivers\c1183fb0.sys

2009-05-14 14:42 . 2009-05-14 15:14 100 --s-a-w c:\windows\system32\3625051505.dat

2009-05-13 18:57 . 2009-05-13 18:57 -------- d--h--r c:\documents and settings\Administrator\Dane aplikacji\SecuROM

2009-05-13 18:57 . 2009-05-13 18:57 107888 ----a-w c:\windows\system32\CmdLineExt.dll

2009-05-13 18:57 . 2009-05-13 18:57 -------- d-----w c:\program files\EA SPORTS

2009-05-13 12:33 . 2009-05-13 12:33 -------- d-----w c:\windows\Sun

2009-05-08 19:50 . 2009-05-08 19:50 -------- d-----w c:\program files\Demo 3D Garden Composer

2009-05-07 13:19 . 2003-06-18 23:31 17920 ----a-w c:\windows\system32\mdimon.dll

2009-05-07 13:18 . 2009-05-07 13:19 -------- d-----w c:\windows\SHELLNEW

2009-05-07 13:18 . 2009-05-07 13:18 -------- d-----w c:\program files\Microsoft.NET

2009-05-05 14:24 . 2009-05-05 14:24 -------- d-----w c:\documents and settings\Administrator.gstreamer-0.10

2009-05-05 14:23 . 2009-05-05 14:23 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\OpenFM

2009-05-03 11:04 . 2009-05-03 11:04 -------- d-----w c:\program files\Alwil Software

2009-05-03 10:56 . 2009-05-03 12:08 3396 ----a-w c:\windows\unins000.dat

2009-05-02 19:28 . 2005-05-26 13:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll

2009-05-02 07:43 . 2009-05-02 09:59 -------- d-----w c:\program files\Norton Security Scan

2009-05-01 21:04 . 2009-05-01 21:04 -------- d-----w c:\windows\system32\Adobe

2009-04-29 14:26 . 2009-05-11 15:35 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\gtk-2.0

2009-04-29 14:26 . 2009-04-29 14:26 -------- d-----w c:\documents and settings\Administrator.thumbnails

2009-04-29 14:25 . 2009-05-11 15:36 -------- d-----w c:\documents and settings\Administrator.gimp-2.6

2009-04-29 14:25 . 2009-04-29 14:25 -------- d-----w c:\documents and settings\Administrator.gegl-0.0

2009-04-29 14:24 . 2009-04-29 14:24 -------- d-----w c:\program files\GIMP-2.0

2009-04-29 11:54 . 2009-04-29 11:54 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant

2009-04-27 20:49 . 2009-04-27 20:49 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\HP

2009-04-27 20:49 . 2009-04-27 20:49 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\IsolatedStorage

2009-04-27 20:49 . 2009-04-27 20:49 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\HP

2009-04-27 20:49 . 2009-04-27 20:49 138 ----a-w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

2009-04-27 20:49 . 2009-05-16 17:24 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\ApplicationHistory

2009-04-27 12:10 . 2009-04-27 21:23 -------- d-----w c:\program files\PhotoScape

2009-04-27 11:08 . 2009-04-27 11:08 16176 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-04-27 11:00 . 2009-04-27 11:09 -------- d-----w c:\documents and settings\LocalService\Dane aplikacji\HP

2009-04-27 11:00 . 2009-04-27 11:00 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\HP

2009-04-27 10:59 . 2009-04-27 10:59 -------- d-----w C:\bin

2009-04-27 10:58 . 2009-04-27 10:58 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Sonic

2009-04-27 10:58 . 2009-04-27 10:58 -------- d-----w c:\program files\Common Files\Sonic Shared

2009-04-27 10:57 . 2009-04-27 10:58 -------- d-----w c:\program files\Common Files\HP

2009-04-27 10:56 . 2009-04-27 10:56 -------- d-----w c:\program files\Hewlett-Packard

2009-04-27 10:56 . 2009-04-27 10:56 -------- d-----w c:\program files\Common Files\Hewlett-Packard

2009-04-27 10:55 . 2006-03-03 19:02 57344 ----a-w c:\windows\system32\HPZisn12.dll

2009-04-27 10:55 . 2006-03-03 19:02 94208 ----a-w c:\windows\system32\HPZipt12.dll

2009-04-27 10:55 . 2006-03-03 19:02 204800 ----a-w c:\windows\system32\HPZipr12.dll

2009-04-27 10:55 . 2007-08-09 07:27 73728 ----a-w c:\windows\system32\HPZipm12.exe

2009-04-27 10:55 . 2006-03-03 19:03 65536 ----a-w c:\windows\system32\HPZinw12.exe

2009-04-27 10:55 . 2006-03-03 19:03 282680 ----a-w c:\windows\system32\HPZidr12.dll

2009-04-27 10:55 . 1998-10-29 14:45 306688 ----a-w c:\windows\IsUninst.exe

2009-04-27 10:55 . 2009-04-29 11:55 -------- d-----w c:\program files\HP

2009-04-27 10:54 . 2006-04-13 00:04 16496 ----a-r c:\windows\system32\drivers\HPZipr12.sys

2009-04-27 10:54 . 2006-04-13 00:04 49664 ----a-r c:\windows\system32\drivers\HPZid412.sys

2009-04-27 10:53 . 2009-04-27 11:00 119982 ----a-w c:\windows\hpoins11.dat

2009-04-27 10:53 . 2006-01-04 09:12 77824 ----a-r c:\windows\system32\HPZIDS01.dll

2009-04-27 10:53 . 2006-04-10 12:03 38400 ----a-w c:\windows\system32\hpz3l054.dll

2009-04-27 10:53 . 2006-04-13 00:04 282624 ----a-r c:\windows\system32\HPZc3212.dll

2009-04-27 10:53 . 2006-04-13 00:04 21568 ----a-r c:\windows\system32\drivers\HPZius12.sys

2009-04-27 10:53 . 2004-08-03 21:01 25856 ----a-w c:\windows\system32\drivers\usbprint.sys

2009-04-27 10:53 . 2006-04-13 00:02 254026 ----a-r c:\windows\system32\hpovst09.dll

2009-04-27 10:53 . 2006-04-13 00:02 827392 ----a-r c:\windows\system32\hpotiop2.dll

2009-04-27 10:53 . 2006-04-13 00:02 659456 ----a-r c:\windows\system32\hpowiax2.dll

2009-04-27 10:53 . 2004-08-03 20:58 15104 ----a-w c:\windows\system32\drivers\usbscan.sys

2009-04-27 09:40 . 2009-04-27 09:40 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Winamp Toolbar

2009-04-26 22:29 . 2009-05-11 13:55 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu

2009-04-26 22:28 . 2009-04-26 22:29 -------- d-----w c:\program files\Nowe Gadu-Gadu

2009-04-26 21:27 . 2009-04-26 21:27 -------- d-----w c:\program files\SlySoft

2009-04-26 21:11 . 2009-05-07 14:11 44832 ----a-w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-04-26 21:10 . 2009-04-26 21:10 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Ahead

2009-04-26 21:08 . 2009-04-26 21:11 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Ahead

2009-04-26 21:08 . 2009-04-26 21:08 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Ahead

2009-04-26 21:07 . 2009-04-26 21:07 -------- d-----w c:\program files\Nero

2009-04-26 21:07 . 2009-04-26 21:07 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero

2009-04-26 21:07 . 2009-04-26 21:08 -------- d-----w c:\program files\Common Files\Ahead

2009-04-26 21:05 . 2009-04-26 21:05 -------- d-----w c:\program files\AskTBar

2009-04-26 20:20 . 2009-04-26 20:20 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu

2009-04-26 20:06 . 2009-04-26 20:30 -------- d-----w c:\documents and settings\Administrator\Gadu-Gadu

2009-04-26 20:06 . 2009-04-26 20:06 -------- d-----w c:\program files\Gadu-Gadu

2009-04-26 20:05 . 2009-04-26 20:05 0 ----a-w c:\windows\nsreg.dat

2009-04-26 20:05 . 2009-04-26 20:05 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Mozilla

2009-04-26 20:02 . 2009-04-26 20:04 -------- d-----w c:\program files\NAPI-PROJEKT

2009-04-26 20:02 . 2009-04-26 20:02 -------- d-----w c:\program files\ALLPlayer

2009-04-26 19:56 . 2009-04-26 19:56 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar

2009-04-26 19:56 . 2009-04-26 19:56 -------- d-----w c:\program files\Winamp Toolbar

2009-04-26 19:49 . 2009-05-16 17:22 -------- d-sh--r C:\SYSTEM

2009-04-26 19:48 . 2009-04-26 19:54 -------- d-----w c:\windows\system32\NtmsData

2009-04-26 19:40 . 2001-10-31 08:14 1122304 ----a-w c:\windows\system32\mplvpx.dll

2009-04-26 19:40 . 2001-10-31 08:14 1552384 ----a-w c:\windows\system32\mplvm6.dll

2009-04-26 19:40 . 2001-10-31 08:14 1650688 ----a-w c:\windows\system32\mplva6.dll

2009-04-26 19:40 . 2001-10-31 08:14 1581056 ----a-w c:\windows\system32\mplvw7.dll

2009-04-26 19:40 . 2001-09-17 10:20 19968 ------w c:\windows\system32\cpuinf32.dll

2009-04-26 19:40 . 2001-10-31 08:14 65536 ----a-w c:\windows\system32\mplam6.dll

2009-04-26 19:40 . 2001-10-31 08:14 65536 ----a-w c:\windows\system32\mplapx.dll

2009-04-26 19:40 . 2001-10-31 08:14 77824 ----a-w c:\windows\system32\mplaa6.dll

2009-04-26 19:40 . 2001-10-31 08:14 77824 ----a-w c:\windows\system32\mplaw7.dll

2009-04-26 19:40 . 2003-03-25 03:49 152064 ----a-w c:\windows\system32\unrar.dll

2009-04-26 19:40 . 2004-10-30 13:39 761856 ----a-w c:\windows\system32\xvidcore.dll

2009-04-26 19:40 . 2009-04-26 19:40 -------- d-----w c:\program files\ACE Mega CoDecS Pack

2009-04-26 18:47 . 2009-04-26 18:49 -------- d-----w c:\windows\nview

2009-04-26 18:47 . 2006-06-23 07:49 208896 ----a-w c:\windows\system32\nvudisp.exe

2009-04-26 18:22 . 2009-05-15 18:07 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\InstallShield

2009-04-26 18:22 . 2009-04-26 18:22 -------- d-----w c:\program files\GIGABYTE

2009-04-26 18:13 . 2009-04-26 18:13 -------- d-----w c:\windows\system32\Lang

2009-04-26 18:12 . 2009-04-26 18:12 -------- d-----w C:\801f1b2a149004bfaa

2009-04-26 18:08 . 2009-04-26 18:08 -------- d-----w c:\program files\NVIDIA Corporation

2009-04-26 18:07 . 2006-03-23 17:53 442368 ----a-w c:\windows\system32\CapabilityTable.exe

2009-04-26 18:07 . 2006-04-14 12:00 208896 ------w c:\windows\system32\nvuide.exe

2009-04-26 18:07 . 2006-03-22 12:23 109568 ----a-w c:\windows\system32\drivers\nvtcp.sys

2009-04-26 18:07 . 2006-03-23 17:51 208896 ----a-w c:\windows\system32\nvunrm.exe

2009-04-26 18:07 . 2006-03-23 18:51 208896 ----a-w c:\windows\system32\nvusmb.exe

2009-04-26 18:07 . 2006-03-23 17:51 208896 ----a-w c:\windows\system32\NVUNINST.EXE

2009-04-26 18:04 . 2006-03-22 12:23 261120 ----a-w c:\windows\system32\drivers\nvsnpu.sys

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-15 11:42 . 2009-04-26 13:56 -------- d--h--w c:\program files\InstallShield Installation Information

2009-05-09 09:23 . 2009-04-26 13:51 -------- d-----w c:\program files\Common Files\InstallShield

2009-05-07 16:03 . 2001-10-26 18:15 66740 ----a-w c:\windows\system32\perfc015.dat

2009-05-07 16:03 . 2001-10-26 18:15 436478 ----a-w c:\windows\system32\perfh015.dat

2009-04-26 19:57 . 2009-04-26 19:54 -------- d-----w c:\program files\Winamp

.

------- Sigcheck -------

[-] 2007-07-10 13:06 642560 CE594E18FE0D0AF804F1F3694921CE62 c:\windows\system32\user32.dll

[-] 2007-07-13 22:56 814592 CE7193C5F7C01B19768E066087C1C919 c:\windows\system32\wininet.dll

[-] 2007-07-28 01:15 360576 C7BE59B07C6EB74BEA6FD67C1B164015 c:\windows\system32\drivers\tcpip.sys

[-] 2007-07-26 17:30 2145792 316ACC3AC43FC855204CE5E775F66B91 c:\windows\system32\ntoskrnl.exe

[-] 2007-07-13 22:42 974848 32F67215C57DF2C401BF93B7EE65987F c:\windows\explorer.exe

[-] 2007-07-27 19:47 1548288 89878732D5EB0C845AD2356081142F2A c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]

"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2009-04-26 57344]

[HKEY_CLASSES_ROOT\clsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-04-20 9818728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-23 7626752]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-23 86016]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-02-17 17508864]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-23 1519616]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-07-27 124928]

c:\documents and settings\Administrator\Menu Start\Programy\Autostart\

GIGABYTE VGA Utility.lnk - c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe [2009-4-26 40960]

Xfire.lnk - c:\program files\Xfire\Xfire.exe [2006-6-7 4154504]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

HP Photosmart Premier - Szybkie uruchomienie.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoSMHelp"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"%windir%\system32\sessmgr.exe"=

"c:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hposid01.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"=

"c:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"=

"c:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"=

"c:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"=

"d:\Program Files\Metin2_PL\metin2.bin"=

"c:\Program Files\Nowe Gadu-Gadu\gg.exe"=

R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-05-15 114768]

R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-05-15 20560]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-04-26 1684736]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{28abc5c0-4fcb-11cf-aax5-21cx1c643131}]

c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe

.

.

------- Skan uzupełniający -------

.

uStart Page = about:blank

uInternet Connection Wizard,ShellNext = iexplore

IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\nvappfilter.dll

FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\y0g5hvig.default\

FF - prefs.js: browser.startup.homepage - google.pl

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-16 19:24

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\c1183fb0]

"ImagePath"="\SystemRoot\System32\drivers\c1183fb0.sys"

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

  • > 'winlogon.exe'(768)

c:\windows\system32\cscui.dll

  • > 'lsass.exe'(824)

c:\windows\system32\nvappfilter.dll

  • > 'explorer.exe'(2492)

c:\windows\system32\SHDOCVW.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\msi.dll

c:\windows\system32\SETUPAPI.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\windows\system32\rundll32.exe

c:\program files\GIGABYTE\VGA Utility\Utility.exe

c:\program files\HP\Digital Imaging\bin\hpqimzone.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

c:\windows\system32\nvsvc32.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

.

**************************************************************************

.

Czas ukończenia: 2009-05-16 19:25 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-05-16 17:25

Przed: 12 424 900 608 bajtów wolnych

Po: 13 035 524 096 bajtów wolnych

429


(deFco247) #4

Logi wklejasz na wklej.org lub wklejto.pl ,a w poście dajesz tylko link. :wink:

Fix w HiJackThis: ( Do a system scan only -> zaznaczasz pola przy podanych niżej wpisach -> dajesz Fix checked )

Wklej do notatnika:

Folder::

C:\Program Files\AskTBar


File::

c:\windows\system32\drivers\c1183fb0.sys

c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe


Registry::

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\c1183fb0]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28abc5c0-4fcb-11cf-aax5-21cx1c643131}]

Plik zapisz jako CFScript.txt , najlepiej w tym samym folderze co Combofix.exe

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę Combofix.exe

Powinno się rozpocząć usuwanie.

Potem dajesz log z usuwania Combofix.


(Lenadulas) #5

log z usuwania:

http://wklej.org/id/91534/


(Gutek) #6

Wklej do Notatnika:

File::

c:\system\S-1-5-21-1482476501-1644491937-682003330-1013\system32.exe

c:\windows\system32\drivers\c1183fb0.sys

c:\windows\system32\3625051505.dat


Registry::

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"=-

[-HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28abc5c0-4fcb-11cf-aax5-21cx1c643131}]

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\c1183fb0]

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku -->

cfscript10uc2.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: **** Qoobox.

Po tym nowy log z Combo oraz wykonaj skan Dr. Web CureIt


(Lenadulas) #7

oto log z Combofix:

http://wklej.org/id/91591/

dzięki wielkie :slight_smile:


(96jasio96) #8

Log jest czysty .

:arrow: Usuń folder C:\Qoobox

:arrow: Wyłącz i włącz przywracanie systemu

:arrow: Usuń zbędniki z autostartu

:arrow: Usuń śmieci i wyczyść rejestr CCleaner'em

:arrow: Wykonaj pełne skanowanie Dr.Web CureIt!


(Leon$) #9

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki

b57f17008275c957m.jpg

powstanie plik o takiej ikonie

062aec4c9b51c033m.jpg

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

usuń foldery

:slight_smile:


(Lenadulas) #10

nie da rady usunąć c:\program files\AskTBar :frowning:


(deFco247) #11

W takim razie pobierz The Avenger.

Skopiuj ten tekst:

Folders to delete:

C:\Program Files\AskTBar

W oknie The Avengera klikasz Paste Script from Clipboard , wybierasz Execute i zgadzasz się na restart.

Po restarcie kasujesz plik C:\Avenger\backup.zip i dajesz nam do przejrzenia plik C:\avenger.txt


(Lenadulas) #12

plik z avangera:

http://wklej.org/id/91737/


(deFco247) #13

Wygląda na to, że ten folder został skasowany.

Usuń The Avenger z dysku.

Menu Start -> Uruchom... -> wpisz: %userprofile%\Pulpit\Combofix.exe /u

Posprzątaj komputer CCleanerem.

Zoptymalizuj startowanie komputera.

Wykonaj pełny skan Dr Web CureIt!.

Jeśli będą wirusy, to usuń je.


(Lenadulas) #14

nie mogę usunąć The Avenger z dysku, nie ma go na liście w dodaj\usuń.


(deFco247) #15

Nie usuwasz poprzez Dodaj/Usuń programy , tylko normalnie kasujesz jego pliki.


(Lenadulas) #16

ok, Dr Web CureIt usunął wszystkie wirusy, i to już koniec tak??? wszystko powinno być już dobrze???


(Michaelp128) #17

Dodatkowo pobierz Malwarebytes' Anti-Malware Uruchom pełne skanowanie. Jeżeli coś znajdzie, to usuń. Następnie daj log na forum.


(Lenadulas) #18

oto log ze skanowania:

http://wklej.org/id/91863/


(deFco247) #19

Malwarebytes' usunął resztki syfu z komputera. :slight_smile:

Już powinno być wszystko :spoko:


(Lenadulas) #20

dziękuję ślicznie za pomoc :slight_smile: