SafeGroup

Witam,
mam problem z moim Windowsem XP. Otóż po próbie wejścia do większości folderów pojawia się komunikat

Kod:
Attention, Huberty! Some dangerous viruses detected to your system. Microsoft Windows XP files corrupted. This may lead to destruction of important files in C:WINDOWS. Download protection software now! Click OK to download the antispyware (Recommended)

Po kliknięciu na "Tak" okienko się zamyka i nic sie nie dzieje. Czytałem na internecie o programie HiJackThis, ale nie bardzo umiem sie nim obsługiwać, więc proszę o wytłumaczenie, jak posługiwać się tym programem. Oto mój log:

Kod:
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:06:47, on 2008-07-16

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSsystem32svchost.exe

C:Program FilesWindows DefenderMsMpEng.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32Ati2evxx.exe

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:WINDOWSsystem32spoolsv.exe

C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

C:Program FilesBonjourmDNSResponder.exe

C:WINDOWSExplorer.EXE

C:Program FilesMicrosoft LifeCamMSCamS32.exe

C:WINDOWSsystem32svchost.exe

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:Program FilesCyberLinkPowerDVDPDVDServ.exe

C:Program FilesWindows DefenderMSASCui.exe

C:WINDOWSRTHDCPL.EXE

C:Program FilesJavajre1.6.0_06binjusched.exe

C:WINDOWSvVX1000.exe

D:ProgramyWinampwinampa.exe

C:Program FilesSAGEM WiFi managerWLANUTL.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

D:ProgramyAzureusAzureus.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: BHO.Filter - {4AD3A71E-8ED4-40F5-9A81-69245BDCBB75} - C:WINDOWSsystem32iefltr.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_06binssv.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesAskSBarbar1.binASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesAskSBarbar1.binASKSBAR.DLL

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"

O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide

O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"

O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_06binjusched.exe"

O4 - HKLM..Run: [VX1000] C:WINDOWSvVX1000.exe

O4 - HKLM..Run: [LifeCam] "C:Program FilesMicrosoft LifeCamLifeExp.exe"

O4 - HKLM..Run: [WinampAgent] D:ProgramyWinampwinampa.exe

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''USŁUGA LOKALNA'')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''USŁUGA SIECIOWA'')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''SYSTEM'')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''Default user'')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE

O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_06binssv.dll

O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_06binssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

--

End of file - 5486 bytes

Proszę o pomoc. Z góry dzięki. Pozdrawiam.

Na początku dajemy logi z hijackthis i Silent runners

Cytat: O2 - BHO: BHO.Filter - {4AD3A71E-8ED4-40F5-9A81-69245BDCBB75} - C:WINDOWSsystem32 iefltr.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - Crogram Files AskSBar bar1.binASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Crogram FilesAskSBarbar1.binASKSBAR.DLL

Usuń pogrubione pliki/foldery ręcznie z dysku w trybie awaryjnym i wyłączonym przywracaniem systemu. Wpisy kasujesz w hijacku.

Zastosuj

[Aby zobaczyć linki, zarejestruj się tutaj]

opcja nr 2

Po zabiegach dajesz logi z hijacka,

[Aby zobaczyć linki, zarejestruj się tutaj]

oraz raport ze smitfraudfix

Eee, mam mały problem. Mianowicie nie mogę wejść w tryb awaryjny. Mam płytę główną GIGABYTE S-Series NVIDIA nForce 560 GA-M56S-S3 (cokolwiek to znaczy Tongue

). Proszę o pomoc.

EDIT:
Już wiem. Otworzyłem tryb awaryjny przez Start --> Uruchom --> msconfig. Trochę ten poradnik był obcięty, ale TO NAPRAWDĘ DZIAŁA!!! Dziękuję bardzo Serafin , jestem Twoim dłużnikiem!!! Dzięki wielkie.

Bardzo się cieszę, że wszystko działa, ale logi musisz pokazać. Tongue

A te wpisy w hijacku miałem usunąć poprzez zaznaczenie tych trzech i naciśnięcie Fix checked, tak? Jeśli tak, to tak zrobiłem. A oto logi:

Hijack:

Kod:
Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:43:25, on 2008-07-17

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSsystem32svchost.exe

C:Program FilesWindows DefenderMsMpEng.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32Ati2evxx.exe

C:WINDOWSExplorer.EXE

C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

C:Program FilesAlwil SoftwareAvast4ashServ.exe

C:WINDOWSsystem32spoolsv.exe

C:PROGRA~1ALWILS~1Avast4ashDisp.exe

C:Program FilesCyberLinkPowerDVDPDVDServ.exe

C:WINDOWSRTHDCPL.EXE

C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

C:Program FilesJavajre1.6.0_06binjusched.exe

C:WINDOWSvVX1000.exe

D:ProgramyWinampwinampa.exe

C:Program FilesBonjourmDNSResponder.exe

C:Program FilesMicrosoft LifeCamMSCamS32.exe

C:WINDOWSsystem32svchost.exe

C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

C:Program FilesMozilla Firefoxfirefox.exe

C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_06binssv.dll

O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe

O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"

O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"

O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_06binjusched.exe"

O4 - HKLM..Run: [VX1000] C:WINDOWSvVX1000.exe

O4 - HKLM..Run: [LifeCam] "C:Program FilesMicrosoft LifeCamLifeExp.exe"

O4 - HKLM..Run: [WinampAgent] D:ProgramyWinampwinampa.exe

O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''USŁUGA LOKALNA'')

O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''USŁUGA SIECIOWA'')

O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''SYSTEM'')

O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''Default user'')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_06binssv.dll

O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_06binssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL

O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe

O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe

--

End of file - 4952 bytes

ComboFix:

Kod:
ComboFix 08-07-15.4 - Pimpuś 2008-07-17 14:43:48.2 - NTFSx86

Microsoft Windows XP Home Edition5.1.2600.2.1250.1.1045.18.623 [GMT 2:00]

Running from: C:Documents and SettingsPimpuśPulpitComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

.

((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17)))))))))))))))))))))))))))))))

.

2008-07-17 12:04 . 2008-07-17 12:04    271,360    --a------    C:WINDOWSsystem32driversatksgt.sys

2008-07-17 12:04 . 2008-07-17 12:04    18,048    --a------    C:WINDOWSsystem32driverslirsgt.sys

2008-07-17 12:00 . 2008-07-17 14:29    <DIR>    d--------    C:Program FilesGothic III

2008-07-16 22:16 . 2008-07-16 22:16    2,448    --a------    C:WINDOWSsystem32tmp.reg

2008-07-16 19:39 . 2007-09-06 00:22    289,144    --a------    C:WINDOWSsystem32VCCLSID.exe

2008-07-16 19:39 . 2006-04-27 17:49    288,417    --a------    C:WINDOWSsystem32SrchSTS.exe

2008-07-16 19:39 . 2008-05-29 09:35    86,528    --a------    C:WINDOWSsystem32VACFix.exe

2008-07-16 19:39 . 2008-05-18 21:40    82,944    --a------    C:WINDOWSsystem32IEDFix.exe

2008-07-16 19:39 . 2008-07-02 13:33    82,432    --a------    C:WINDOWSsystem32IEDFix.C.exe

2008-07-16 19:39 . 2008-05-23 18:21    81,920    --a------    C:WINDOWSsystem32404Fix.exe

2008-07-16 19:39 . 2003-06-05 21:13    53,248    --a------    C:WINDOWSsystem32Process.exe

2008-07-16 19:39 . 2004-07-31 18:50    51,200    --a------    C:WINDOWSsystem32dumphive.exe

2008-07-16 19:39 . 2007-10-04 00:36    25,600    --a------    C:WINDOWSsystem32WS2Fix.exe

2008-07-16 16:37 . 2008-07-16 16:37    <DIR>    d--------    C:Program FilesTrend Micro

2008-07-16 13:32 . 2008-07-16 13:32    20,992    --a------    C:WINDOWSsystem32inte_f.dll

2008-07-13 12:47 . 2008-07-13 12:47    <DIR>    d--------    C:cda

2008-07-08 15:24 . 2008-07-08 15:24    <DIR>    d--------    C:Program FilesMSXML 6.0

2008-07-07 14:40 . 2008-07-07 14:40    <DIR>    d--------    C:Documents and SettingsPimpuśDane aplikacjiMedia Player Classic

2008-07-07 14:07 . 2006-09-24 17:11    389,120    --a------    C:WINDOWSsystem32lameACM.acm

2008-07-07 14:07 . 2007-09-04 18:56    164,352    --a------    C:WINDOWSsystem32unrar.dll

2008-07-07 14:07 . 2007-09-21 02:52    118,784    --a------    C:WINDOWSsystem32ac3acm.acm

2008-07-07 14:07 . 2007-10-03 17:03    414    --a------    C:WINDOWSsystem32lame_acm.xml

2008-07-07 14:06 . 2008-07-07 14:13    <DIR>    d--------    C:Program FilesSubRip

2008-07-07 14:06 . 2008-07-07 14:06    <DIR>    d--------    C:Program FilesK-Lite Codec Pack

2008-07-07 14:06 . 2008-03-21 22:30    3,596,288    --a------    C:WINDOWSsystem32qt-dx331.dll

2008-07-07 14:06 . 2008-01-10 14:15    755,027    --a------    C:WINDOWSsystem32xvidcore.dll

2008-07-07 14:06 . 2008-03-31 23:25    682,496    --a------    C:WINDOWSsystem32divx.dll

2008-07-07 14:06 . 2008-01-10 14:16    159,839    --a------    C:WINDOWSsystem32xvidvfw.dll

2008-07-07 14:06 . 2008-03-21 22:28    81,920    --a------    C:WINDOWSsystem32dpl100.dll

2008-07-07 14:06 . 2008-03-28 19:41    7,680    --a------    C:WINDOWSsystem32ff_vfw.dll

2008-07-07 14:06 . 2007-07-10 18:10    547    --a------    C:WINDOWSsystem32ff_vfw.dll.manifest

2008-07-07 14:05 . 2008-07-07 14:05    <DIR>    d--------    C:Program FilesMSBuild

2008-07-07 14:02 . 2008-07-07 14:02    <DIR>    d--------    C:WINDOWSsystem32XPSViewer

2008-07-07 14:02 . 2008-07-07 14:02    <DIR>    d--------    C:Program FilesReference Assemblies

2008-07-07 14:01 . 2006-06-29 13:07    14,048    ---------    C:WINDOWSsystem32spmsg2.dll

2008-07-07 13:57 . 2008-07-07 13:57    <DIR>    d--------    C:Program FilesAviSynth 2.5

2008-07-06 20:02 . 2008-07-06 20:03    <DIR>    d--------    C:Documents and SettingsPimpuśDane aplikacjifoobar2000

2008-07-03 20:25 . 2008-07-03 20:29    <DIR>    d--------    C:Documents and SettingsPimpuśDane aplikacjiWinamp

2008-07-03 18:28 . 2008-07-03 18:29    <DIR>    d--------    C:Program FilesMicrosoft LifeCam

2008-07-03 18:27 . 2008-07-03 18:27    <DIR>    d--------    C:WINDOWSsystem32driversumdf

2008-07-03 18:27 . 2008-07-03 23:00    921,624    --a------    C:img2-001.raw

2008-07-03 18:26 . 2004-08-03 23:10    10,880    --a------    C:WINDOWSsystem32driversNdisIP.sys

2008-07-03 18:26 . 2004-08-03 23:10    10,880    --a--c---    C:WINDOWSsystem32dllcachendisip.sys

2008-07-03 18:26 . 2004-08-03 22:58    5,504    --a------    C:WINDOWSsystem32driversMSTEE.sys

2008-07-03 18:26 . 2004-08-03 22:58    5,504    --a--c---    C:WINDOWSsystem32dllcachemstee.sys

2008-07-01 12:27 . 2008-07-01 12:27    <DIR>    d--------    C:Program FilesSAGEM WiFi manager

2008-07-01 12:27 . 2007-01-16 13:52    20,608    --a------    C:WINDOWSsystem32driversBRGSp50.sys

2008-07-01 12:27 . 2007-01-16 13:52    17,664    --a------    C:WINDOWSsystem32driversZDPSp50.sys

2008-07-01 11:54 . 2007-01-10 10:14    450,560    --a------    C:WINDOWSsystem32driversWlanBZXP.sys

2008-06-30 21:41 . 2004-08-03 23:07    59,264    --a------    C:WINDOWSsystem32driversUSBAUDIO.sys

2008-06-30 21:41 . 2004-08-03 23:07    59,264    --a--c---    C:WINDOWSsystem32dllcacheusbaudio.sys

2008-06-30 18:31 . 2008-07-16 14:31    <DIR>    d--------    C:temp

2008-06-25 10:40 . 2008-06-25 10:40    <DIR>    d--------    C:Documents and SettingsPimpuśDane aplikacjiCyberLink

2008-06-20 18:59 . 2008-03-25 02:37    69,632    --a------    C:WINDOWSsystem32javacpl.cpl

2008-06-20 18:58 . 2008-06-20 18:59    <DIR>    d--------    C:Program FilesJava

2008-06-20 18:57 . 2008-06-20 18:57    <DIR>    d--------    C:Program FilesCommon FilesJava

2008-06-18 20:50 . 2005-05-03 18:43    69,632    --a------    C:WINDOWSAlcmtr.exe

2008-06-18 20:50 . 2007-11-14 15:18    553    --a------    C:WINDOWSUSetup.iss

2008-06-18 00:07 . 2008-06-18 16:22    238    --a------    C:WINDOWSmafosav.INI

2008-06-17 16:15 . 2008-06-17 17:50    <DIR>    d--------    C:Documents and SettingsPimpuśDane aplikacjiHamachi

2008-06-17 16:14 . 2008-06-17 16:14    25,280    --a------    C:WINDOWSsystem32drivershamachi.sys

2008-06-17 14:57 . 2008-07-16 21:12    <DIR>    d--------    C:Documents and SettingsPimpuśDane aplikacjiskypePM

2008-06-17 14:57 . 2008-06-17 14:57    56    --ah-----    C:WINDOWSsystem32ezsidmv.dat

2008-06-17 14:55 . 2008-06-17 14:55    <DIR>    d--------    C:Program FilesSkype

2008-06-17 14:55 . 2008-06-17 14:55    <DIR>    d--------    C:Program FilesCommon FilesSkype

2008-06-17 14:55 . 2008-07-16 21:48    <DIR>    d--------    C:Documents and SettingsPimpuśDane aplikacjiSkype

2008-06-17 14:55 . 2008-06-17 14:55    <DIR>    d--------    C:Documents and SettingsAll UsersDane aplikacjiSkype

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-17 10:00    ---------    d--h--w    C:Program FilesInstallShield Installation Information

2008-07-17 09:34    ---------    d-----w    C:Documents and SettingsPimpuśDane aplikacjiAzureus

2008-07-08 14:27    ---------    d-----w    C:Documents and SettingsAll UsersDane aplikacjiTrackMania

2008-06-20 17:42    246,784    ----a-w    C:WINDOWSsystem32mswsock.dll

2008-06-20 10:45    360,320    ----a-w    C:WINDOWSsystem32driverstcpip.sys

2008-06-20 10:44    138,368    ----a-w    C:WINDOWSsystem32driversafd.sys

2008-06-20 09:52    225,920    ----a-w    C:WINDOWSsystem32driverstcpip6.sys

2008-06-14 18:01    273,024    ------w    C:WINDOWSsystem32driversbthport.sys

2008-06-13 16:50    ---------    d-----w    C:Documents and SettingsPimpuśDane aplikacjiXfire

2008-06-09 12:25    ---------    d-----w    C:Program FilesGoogle

2008-06-09 11:17    ---------    d-----w    C:Program FilesCommon FilesAdobe

2008-06-09 11:16    ---------    d-----w    C:Program FilesAdobe Media Player

2008-06-07 09:33    ---------    d-----w    C:Documents and SettingsAll UsersDane aplikacjiApple Computer

2008-06-07 09:20    ---------    d-----w    C:Documents and SettingsPimpuśDane aplikacjiApple Computer

2008-06-07 09:19    ---------    d-----w    C:Program FilesBonjour

2008-06-07 09:19    ---------    d-----w    C:Program FilesApple Software Update

2008-06-07 09:18    ---------    d-----w    C:Program FilesCommon FilesApple

2008-06-07 09:18    ---------    d-----w    C:Documents and SettingsAll UsersDane aplikacjiApple

2008-06-02 16:10    4,752,384    ----a-w    C:WINDOWSsystem32driversRtkHDAud.sys

2008-05-31 12:12    ---------    d-----w    C:Documents and SettingsAll UsersDane aplikacjiAzureus

2008-05-28 12:52    16,862,720    ----a-w    C:WINDOWSRTHDCPL.exe

2008-05-25 15:37    ---------    d-----w    C:Program FilesCommon FilesDirectX

2008-05-18 08:49    ---------    d-----w    C:Documents and SettingsPimpuśDane aplikacjiMicrosoft Web Folders

2008-05-18 08:48    ---------    d-----w    C:Program Filesmicrosoft frontpage

2008-05-18 08:41    ---------    d-----w    C:Documents and SettingsPimpuśDane aplikacjiGadu-Gadu

2008-05-18 08:24    ---------    d-----w    C:Program FilesWindows Defender

2008-05-18 08:09    ---------    d-----w    C:Program FilesSAGEM

2008-05-18 07:50    ---------    d-----w    C:Program FilesCyberLink

2008-05-18 07:50    ---------    d-----w    C:Documents and SettingsAll UsersDane aplikacjiCyberLink

2008-05-18 07:49    ---------    d-----w    C:Program FilesCommon FilesNero

2008-05-18 07:48    ---------    d-----w    C:Program FilesAhead

2008-05-18 07:47    ---------    d-----w    C:Program FilesCommon FilesAhead

2008-05-18 07:41    ---------    d-----w    C:Program FilesAlwil Software

2008-05-18 07:36    15,600    ----a-w    C:WINDOWSgdrv.sys

2008-05-18 07:34    315,392    ----a-w    C:WINDOWSHideWin.exe

2008-05-18 07:34    ---------    d-----w    C:Program FilesRealtek

2008-05-18 07:34    ---------    d-----w    C:Program FilesDIFX

2008-05-18 07:34    ---------    d-----w    C:Program FilesCommon FilesInstallShield

2008-05-18 07:33    ---------    d-----w    C:Documents and SettingsPimpuśDane aplikacjiInstallShield

2008-05-18 07:20    ---------    d-----w    C:Program FilesUsługi online

2008-05-07 05:16    1,291,264    ----a-w    C:WINDOWSsystem32quartz.dll

2008-04-21 07:03    662,016    ----a-w    C:WINDOWSsystem32wininet.dll

.

((((((((((((((((((((((((((((( snapshot@2008-07-16_22.22.34.98 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-07-17 12:29:16    16,384    ----atw    C:WINDOWSTempPerflib_Perfdata_748.dat

+ 2005-09-22 21:49:12    95,744    ----a-w    C:WINDOWSWinSxSx86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841ATL80.dll

+ 2005-09-22 23:16:02    1,093,632    ----a-w    C:WINDOWSWinSxSx86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2mfc80.dll

+ 2005-09-22 23:16:06    1,079,808    ----a-w    C:WINDOWSWinSxSx86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2mfc80u.dll

+ 2005-09-22 23:16:08    69,632    ----a-w    C:WINDOWSWinSxSx86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2mfcm80.dll

+ 2005-09-22 23:16:10    57,344    ----a-w    C:WINDOWSWinSxSx86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2mfcm80u.dll

+ 2005-09-22 22:58:06    40,960    ----a-w    C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80CHS.dll

+ 2005-09-22 22:58:06    45,056    ----a-w    C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80CHT.dll

+ 2005-09-22 22:58:06    65,536    ----a-w    C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80DEU.dll

+ 2005-09-22 22:58:06    57,344    ----a-w    C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80ENU.dll

+ 2005-09-22 22:58:06    61,440    ----a-w    C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80ESP.dll

+ 2005-09-22 22:58:06    61,440    ----a-w    C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80FRA.dll

+ 2005-09-22 22:58:06    61,440    ----a-w    C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80ITA.dll

+ 2005-09-22 22:58:06    49,152    ----a-w    C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80JPN.dll

+ 2005-09-22 22:58:06    49,152    ----a-w    C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80KOR.dll

+ 2005-09-22 23:35:10    65,536    ----a-w    C:WINDOWSWinSxSx86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867vcomp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2008-05-16 01:19 79224]

"NeroFilterCheck"="C:WINDOWSsystem32NeroCheck.exe" [2001-07-09 11:50 155648]

"RemoteControl"="C:Program FilesCyberLinkPowerDVDPDVDServ.exe" [2003-10-31 19:42 32768]

"Adobe Reader Speed Launcher"="C:Program FilesAdobeReader 8.0ReaderReader_sl.exe" [2008-01-11 22:16 39792]

"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_06binjusched.exe" [2008-03-25 04:28 144784]

"VX1000"="C:WINDOWSvVX1000.exe" [2007-04-10 23:46 709992]

"LifeCam"="C:Program FilesMicrosoft LifeCamLifeExp.exe" [2007-05-17 23:45 279912]

"WinampAgent"="D:ProgramyWinampwinampa.exe" [2008-04-01 20:49 36352]

"RTHDCPL"="RTHDCPL.EXE" [2008-05-28 14:52 16862720 C:WINDOWSRTHDCPL.exe]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]

"CTFMON.EXE"="C:WINDOWSsystem32CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]

"VIDC.I420"= i420vfw.dll

"vidc.yv12"= yv12vfw.dll

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]

"%windir%\system32\sessmgr.exe"=

"D:\Gry\Counter Strike 1.6\hl.exe"=

"D:\Gry\TmNationsForever\TmForever.exe"=

"D:\Programy\eMule\emule.exe"=

"D:\Programy\Azureus\Azureus.exe"=

"D:\Gry\Worms 4 Totalna Rozwałka\WORMS 4 MAYHEM.EXE"=

"C:\Program Files\Bonjour\mDNSResponder.exe"=

"D:\Gry\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe"=

"C:\WINDOWS\system32\dpvsetup.exe"=

"C:\Program Files\Microsoft LifeCam\LifeCam.exe"=

"C:\Program Files\Microsoft LifeCam\LifeExp.exe"=

"C:\Program Files\Skype\Phone\Skype.exe"=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]

"8461:TCP"= 8461:TCP:GoD High Port

"8462:TCP"= 8462:TCP:GoD Low Port

R1 aswSP;avast! Self Protection;C:WINDOWSsystem32driversaswSP.sys [2008-05-16 01:20]

R2 aswFsBlk;aswFsBlk;C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2008-05-16 01:16]

R2 MSCamSvc;MSCamSvc;C:Program FilesMicrosoft LifeCamMSCamS32.exe [2007-05-17 23:45]

R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:WINDOWSsystem32DRIVERSWlanBZXP.sys [2007-01-10 10:14]

R3 VX1000;VX-1000;C:WINDOWSsystem32DRIVERSVX1000.sys [2007-04-10 23:46]

S3 ZDCndis5;ZDCndis5 Protocol Driver;C:WINDOWSsystem32ZDCndis5.SYS []

.

Contents of the ''Scheduled Tasks'' folder

"2008-07-03 16:25:46 C:WINDOWSTasksMicrosoft_Hardware_Launch_setup_exe.job"

- E:setup.exe

"2008-07-17 12:32:25 C:WINDOWSTasksMP Scheduled Scan.job"

- C:Program FilesWindows DefenderMpCmdRun.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-17 14:44:43

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-17 14:45:19

ComboFix-quarantined-files.txt2008-07-17 12:45:08

ComboFix2.txt2008-07-16 20:22:53

Pre-Run: 21,013,753,856 bajtów wolnych

Post-Run: 21,004,636,160 bajtów wolnych

204    --- E O F ---    2008-07-11 17:00:37

Silent runner:

Kod:
"Silent Runners.vbs", revision 58, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}

"avast!" = "C:PROGRA~1ALWILS~1Avast4ashDisp.exe" ["ALWIL Software"]

"NeroFilterCheck" = "C:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"]

"RemoteControl" = ""C:Program FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."]

"Windows Defender" = ""C:Program FilesWindows DefenderMSASCui.exe" -hide" [MS]

"Adobe Reader Speed Launcher" = ""C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"" ["Adobe Systems Incorporated"]

"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]

"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]

"SunJavaUpdateSched" = ""C:Program FilesJavajre1.6.0_06binjusched.exe"" ["Sun Microsystems, Inc."]

"VX1000" = "C:WINDOWSvVX1000.exe" [MS]

"LifeCam" = ""C:Program FilesMicrosoft LifeCamLifeExp.exe"" [MS]

"WinampAgent" = "D:ProgramyWinampwinampa.exe" [null data]

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

InProcServer32(Default) = "C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]

{4AD3A71E-8ED4-40F5-9A81-69245BDCBB75}(Default) = (no title provided)

-> {HKLM...CLSID} = "BHO.Filter"

InProcServer32(Default) = "C:WINDOWSsystem32iefltr.dll" [null data]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

InProcServer32(Default) = "C:Program FilesJavajre1.6.0_06binssv.dll" ["Sun Microsystems, Inc."]

{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}(Default) = "Ask Toolbar BHO"

-> {HKLM...CLSID} = "Ask Toolbar BHO"

InProcServer32(Default) = "C:Program FilesAskSBarbar1.binASKSBAR.DLL" ["Ask.com"]

HKLMSOFTWAREMicrosoftWindowsCurrentVersionShell ExtensionsApproved

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "D:ProgramyWinRARrarext.dll" [null data]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

InProcServer32(Default) = "C:PROGRA~1MICROS~2OfficeOLKFSTUB.DLL" [MS]

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks

<<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"

-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"

InProcServer32(Default) = "C:PROGRA~1WINDOW~4MpShHook.dll" [MS]

HKLMSOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

InProcServer32(Default) = "C:WINDOWSsystem32WPDShServiceObj.dll" [MS]

HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify

<<!>> AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLMSOFTWAREClassesFoldershellexColumnHandlers

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

InProcServer32(Default) = "C:Program FilesCommon FilesAdobeAcrobatActiveXPDFShell.dll" ["Adobe Systems, Inc."]

HKLMSOFTWAREClasses*shellexContextMenuHandlers

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "D:ProgramyWinRARrarext.dll" [null data]

HKLMSOFTWAREClassesDirectoryshellexContextMenuHandlers

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "D:ProgramyWinRARrarext.dll" [null data]

HKLMSOFTWAREClassesFoldershellexContextMenuHandlers

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "D:ProgramyWinRARrarext.dll" [null data]

Group Policies {policy setting}:

--------------------------------

Note: detected settings may not have any effect.

HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral

"Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCUControl PanelDesktop

"Wallpaper" = "C:Documents and SettingsPimpuśUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"

Enabled Screen Saver:

---------------------

HKCUControl PanelDesktop

"SCRNSAVE.EXE" = "C:WINDOWSsystem32logon.scr" [MS]

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersHandlers

MPCPlayCDAudioOnArrival

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayCDAudio"

HKLMSOFTWAREClassesMediaPlayerClassic.AutorunshellPlayCDAudiocommand(Default) = ""C:Program FilesK-Lite Codec PackMedia Player Classicmplayerc.exe" %1 /cd" ["Gabest"]

MPCPlayDVDMovieOnArrival

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayDVDMovie"

HKLMSOFTWAREClassesMediaPlayerClassic.AutorunshellPlayDVDMoviecommand(Default) = ""C:Program FilesK-Lite Codec PackMedia Player Classicmplayerc.exe" %1 /dvd" ["Gabest"]

MPCPlayMusicFilesOnArrival

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayMusicFiles"

HKLMSOFTWAREClassesMediaPlayerClassic.AutorunshellPlayMusicFilescommand(Default) = ""C:Program FilesK-Lite Codec PackMedia Player Classicmplayerc.exe" %1" ["Gabest"]

MPCPlayVideoFilesOnArrival

"Provider" = "Media Player Classic"

"InvokeProgID" = "MediaPlayerClassic.Autorun"

"InvokeVerb" = "PlayVideoFiles"

HKLMSOFTWAREClassesMediaPlayerClassic.AutorunshellPlayVideoFilescommand(Default) = ""C:Program FilesK-Lite Codec PackMedia Player Classicmplayerc.exe" %1" ["Gabest"]

MSWPDShellNamespaceHandler

"Provider" = "@%SystemRoot%system32wpdshext.dll,-501"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = " "

-> {HKLM...CLSID} = "WPDShextAutoplay"

LocalServer32(Default) = "C:WINDOWSsystem32WPDShextAutoplay.exe" [MS]

NeroAutoPlay2CDAudio

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay2"

"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"

HKLMSOFTWAREClassesNero.AutoPlay2shellHandleCDBurningOnArrival_CDAudiocommand(Default) = "C:Program FilesAheadneronero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2CopyCD

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay2"

"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"

HKLMSOFTWAREClassesNero.AutoPlay2shellPlayCDAudioOnArrival_CopyCDcommand(Default) = "C:Program FilesAheadneronero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2DataDisc

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay2"

"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"

HKLMSOFTWAREClassesNero.AutoPlay2shellHandleCDBurningOnArrival_DataDisccommand(Default) = "C:Program FilesAheadneronero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2LaunchNeroStartSmart

"Provider" = "Nero StartSmart"

"InvokeProgID" = "Nero.AutoPlay2"

"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"

HKLMSOFTWAREClassesNero.AutoPlay2shellHandleCDBurningOnArrival_LaunchNeroStartSmartcommand(Default) = "C:Program FilesAheadNero StartSmartNeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]

PDVDPlayDVDMovieOnArrival

"Provider" = "PowerDVD"

"InvokeProgID" = "DVD"

"InvokeVerb" = "PlayWithPowerDVD"

HKLMSOFTWAREClassesDVDshellPlayWithPowerDVDCommand(Default) = ""C:Program FilesCyberLinkPowerDVDPowerDVD.exe" "%l"" ["CyberLink Corp."]

Picasa2ImportPicturesOnArrival

"Provider" = "Picasa2"

"InvokeProgID" = "picasa2.autoplay"

"InvokeVerb" = "import"

HKLMSOFTWAREClassespicasa2.autoplayshellimportcommand(Default) = "D:ProgramyPicasa2Picasa2.exe "%1"" ["Google Inc."]

WinampMTPHandler

"Provider" = "Winamp"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = "D:ProgramyWinampwinamp.exe"

HKLMSOFTWAREClassesShell.HWEventHandlerShellExecuteCLSID(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "ShellExecute HW Event Handler"

LocalServer32(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival

"Provider" = "Winamp"

"InvokeProgID" = "Winamp.File"

"InvokeVerb" = "Play"

HKLMSOFTWAREClassesWinamp.FileshellPlaycommand(Default) = ""D:ProgramyWinampwinamp.exe" "%1"" ["Nullsoft"]

HKLMSOFTWAREClassesWinamp.FileshellPlayDropTargetCLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"

-> {HKLM...CLSID} = (no title provided)

LocalServer32(Default) = ""D:ProgramyWinampwinamp.exe"" ["Nullsoft"]

Startup items in "Pimpuś" & "All Users" startup folders:

--------------------------------------------------------

C:Documents and SettingsAll UsersMenu StartProgramyAutostart

"Adobe Gamma Loader" -> shortcut to: "C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"Microsoft Office" -> shortcut to: "C:Program FilesMicrosoft OfficeOfficeOSA9.EXE -b -l" [MS]

"Program sieciowy dla SAGEM Wi-Fi 11g USB adapter" -> shortcut to: "C:Program FilesSAGEM WiFi managerWLANUTL.exe" [" "]

Enabled Scheduled Tasks:

------------------------

"Microsoft_Hardware_Launch_setup_exe" -> launches: "E:setup.exe" [file not found]

"MP Scheduled Scan" -> launches: "C:Program FilesWindows DefenderMpCmdRun.exe Scan -RestrictPrivileges" [MS]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLMSYSTEMCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}

000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]

000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

000000000004LibraryPath = "C:Program FilesBonjourmdnsNSP.dll" ["Apple Inc."]

Transport Service Providers

HKLMSYSTEMCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}

0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 17

%SystemRoot%system32rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"

-> {HKLM...CLSID} = "Ask Toolbar"

InProcServer32(Default) = "C:Program FilesAskSBarbar1.binASKSBAR.DLL" ["Ask.com"]

HKLMSOFTWAREMicrosoftInternet ExplorerToolbar

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" = (no title provided)

-> {HKLM...CLSID} = "Ask Toolbar"

InProcServer32(Default) = "C:Program FilesAskSBarbar1.binASKSBAR.DLL" ["Ask.com"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSOFTWAREMicrosoftInternet ExplorerExtensions

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.6.0_06"

InProcServer32(Default) = "C:Program FilesJavajre1.6.0_06binssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.6.0_06"

InProcServer32(Default) = "C:Program FilesJavajre1.6.0_06binnpjpi160_06.dll" ["Sun Microsystems, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."]

avast! Antivirus, avast! Antivirus, ""C:Program FilesAlwil SoftwareAvast4ashServ.exe"" ["ALWIL Software"]

avast! iAVS4 Control Service, aswUpdSv, ""C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe"" ["ALWIL Software"]

avast! Mail Scanner, avast! Mail Scanner, ""C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"]

Bonjour Service, Bonjour Service, ""C:Program FilesBonjourmDNSResponder.exe"" ["Apple Inc."]

MSCamSvc, MSCamSvc, ""C:Program FilesMicrosoft LifeCamMSCamS32.exe"" [MS]

Urządzenie mobilne Apple, Apple Mobile Device, ""C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe"" ["Apple, Inc."]

Windows Defender, WinDefend, ""C:Program FilesWindows DefenderMsMpEng.exe"" [MS]

---------- (launch time: 2008-07-16 19:31:27)

<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 22 seconds, including 4 seconds for message boxes)

Wszystko się zgadza?

Do wykonania w trybie awaryjnym i wyłączonym przywracaniem systemu:

Otwórz notatnik i wklej w nim to:

Kod:
file::

C:WINDOWSsystem32inte_f.dll

registry::

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]

"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=-

[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]

Plik>>>Zapisz jako... CFScript
Przeciągnij plik na ikonkę Combofixa i rozpocznie się proces usuwania podczas którego może wystąpić reset komputera.

Pobierz program

[Aby zobaczyć linki, zarejestruj się tutaj]

* Dwuklik na SDFix.exe następnie program wypakuje się na dysk systemowy (standardowo C:SDFix)
* Zrestartuj komputer i wejdź do trybu awaryjnego (klawisz F8 przed bootem Windowsa)
* Wejdź do folderu z SDFix kliknij dwa razy na plik RunThis.bat
* Wciśnij Ynastąpi proces usuwania.
* Kiedy usuwanie się ukończy wciśnij dowolny klawisz (Any Key). Nastąpi restart komputera.
* Po restarcie SDFix uruchomi się ponownie, żeby dokończyć proces usuwania kiedy pojawi się w oknie programu Finished, wciśnij dowolny klawisz do zakończenia scryptu i załadowania ikon na pulpicie.
* Pokaż Report.txt znajdujący się w folderze SDFix.

Po zabiegach dajesz nowe logi z hijacka, Combofix oraz raport z SDFix

Słuchaj, myślałem, że to wszystko już i zreinstalowałem system Tongue

. Więc muszę coś jeszcze robić, czy nie?

Walka do końca, nie format!
od 5 lat jadę na jednym sysie (XP), przedtem 5 lat na Win 98, ale nigdy nie robiłem przeinstalki z powodu takiego g....... wirusa(?), mimo że na 98 miałem już taką sytuację przy której obraz był tylko na lewej połówce monitora Tongue

Hahaha, fajny wirus Tongue

. Mimo to wolę reinstalkę, bo jest dużo łatwiejsza i szybsza. Ale Wasza pomoc i tak się przydała, bo musiałem nagrać pliki przed formatem, a ten robak mi na to nie pozwalał. Nie jestem jeszcze tak bardzo zaawansowany w sprawach informatyki. Może kiedyś:rolleyes:... Dzięki wszystkim za pomoc! Pozdro! Smile

Nygger

Serafin

Nygger

Serafin

Nygger

Serafin

Nygger

gog

Nygger