Liczba postów: 5
Liczba wątków: 1
Dołączył: 16.07.2008
Reputacja:
0
Witam,
mam problem z moim Windowsem XP. Otóż po próbie wejścia do większości folderów pojawia się komunikat Kod: Attention, Huberty! Some dangerous viruses detected to your system. Microsoft Windows XP files corrupted. This may lead to destruction of important files in C:WINDOWS. Download protection software now! Click OK to download the antispyware (Recommended)
Po kliknięciu na "Tak" okienko się zamyka i nic sie nie dzieje. Czytałem na internecie o programie HiJackThis, ale nie bardzo umiem sie nim obsługiwać, więc proszę o wytłumaczenie, jak posługiwać się tym programem. Oto mój log: Kod: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:47, on 2008-07-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSExplorer.EXE
C:Program FilesMicrosoft LifeCamMSCamS32.exe
C:WINDOWSsystem32svchost.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:Program FilesWindows DefenderMSASCui.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesJavajre1.6.0_06binjusched.exe
C:WINDOWSvVX1000.exe
D:ProgramyWinampwinampa.exe
C:Program FilesSAGEM WiFi managerWLANUTL.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
D:ProgramyAzureusAzureus.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: BHO.Filter - {4AD3A71E-8ED4-40F5-9A81-69245BDCBB75} - C:WINDOWSsystem32iefltr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_06binssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesAskSBarbar1.binASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesAskSBarbar1.binASKSBAR.DLL
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_06binjusched.exe"
O4 - HKLM..Run: [VX1000] C:WINDOWSvVX1000.exe
O4 - HKLM..Run: [LifeCam] "C:Program FilesMicrosoft LifeCamLifeExp.exe"
O4 - HKLM..Run: [WinampAgent] D:ProgramyWinampwinampa.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''USŁUGA LOKALNA'')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''USŁUGA SIECIOWA'')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''SYSTEM'')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''Default user'')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 - Global Startup: Program sieciowy dla SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_06binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_06binssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
--
End of file - 5486 bytes
Proszę o pomoc. Z góry dzięki. Pozdrawiam.
Liczba postów: 850
Liczba wątków: 12
Dołączył: 15.07.2006
Reputacja:
0
Na początku dajemy logi z hijackthis i Silent runners
Cytat: O2 - BHO: BHO.Filter - {4AD3A71E-8ED4-40F5-9A81-69245BDCBB75} - C:WINDOWSsystem32 iefltr.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - Crogram Files AskSBar bar1.binASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Crogram FilesAskSBarbar1.binASKSBAR.DLL
Usuń pogrubione pliki/foldery ręcznie z dysku w trybie awaryjnym i wyłączonym przywracaniem systemu. Wpisy kasujesz w hijacku.
Zastosuj [Aby zobaczyć linki, zarejestruj się tutaj] opcja nr 2
Po zabiegach dajesz logi z hijacka, [Aby zobaczyć linki, zarejestruj się tutaj] oraz raport ze smitfraudfix
"Nie jestem konsumentem mieszczącym się w standardzie
Nie jestem gatunkiem skazanym na wymarcie
Nie jestem obiektem medialnego hałasu
Jestem nielegalnym zabójcą czasu"
Liczba postów: 5
Liczba wątków: 1
Dołączył: 16.07.2008
Reputacja:
0
Eee, mam mały problem. Mianowicie nie mogę wejść w tryb awaryjny. Mam płytę główną GIGABYTE S-Series NVIDIA nForce 560 GA-M56S-S3 (cokolwiek to znaczy ). Proszę o pomoc.
EDIT:
Już wiem. Otworzyłem tryb awaryjny przez Start --> Uruchom --> msconfig. Trochę ten poradnik był obcięty, ale TO NAPRAWDĘ DZIAŁA!!! Dziękuję bardzo Serafin , jestem Twoim dłużnikiem!!! Dzięki wielkie.
Liczba postów: 850
Liczba wątków: 12
Dołączył: 15.07.2006
Reputacja:
0
Bardzo się cieszę, że wszystko działa, ale logi musisz pokazać.
"Nie jestem konsumentem mieszczącym się w standardzie
Nie jestem gatunkiem skazanym na wymarcie
Nie jestem obiektem medialnego hałasu
Jestem nielegalnym zabójcą czasu"
Liczba postów: 5
Liczba wątków: 1
Dołączył: 16.07.2008
Reputacja:
0
A te wpisy w hijacku miałem usunąć poprzez zaznaczenie tych trzech i naciśnięcie Fix checked, tak? Jeśli tak, to tak zrobiłem. A oto logi:
Hijack: Kod: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:25, on 2008-07-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:WINDOWSRTHDCPL.EXE
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesJavajre1.6.0_06binjusched.exe
C:WINDOWSvVX1000.exe
D:ProgramyWinampwinampa.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesMicrosoft LifeCamMSCamS32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_06binssv.dll
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLinkPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_06binjusched.exe"
O4 - HKLM..Run: [VX1000] C:WINDOWSvVX1000.exe
O4 - HKLM..Run: [LifeCam] "C:Program FilesMicrosoft LifeCamLifeExp.exe"
O4 - HKLM..Run: [WinampAgent] D:ProgramyWinampwinampa.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''USŁUGA LOKALNA'')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''USŁUGA SIECIOWA'')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''SYSTEM'')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ''Default user'')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_06binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_06binssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra ''Tools'' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
--
End of file - 4952 bytes
ComboFix: Kod: ComboFix 08-07-15.4 - Pimpuś 2008-07-17 14:43:48.2 - NTFSx86
Microsoft Windows XP Home Edition5.1.2600.2.1250.1.1045.18.623 [GMT 2:00]
Running from: C:Documents and SettingsPimpuśPulpitComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17)))))))))))))))))))))))))))))))
.
2008-07-17 12:04 . 2008-07-17 12:04 271,360 --a------ C:WINDOWSsystem32driversatksgt.sys
2008-07-17 12:04 . 2008-07-17 12:04 18,048 --a------ C:WINDOWSsystem32driverslirsgt.sys
2008-07-17 12:00 . 2008-07-17 14:29 <DIR> d-------- C:Program FilesGothic III
2008-07-16 22:16 . 2008-07-16 22:16 2,448 --a------ C:WINDOWSsystem32tmp.reg
2008-07-16 19:39 . 2007-09-06 00:22 289,144 --a------ C:WINDOWSsystem32VCCLSID.exe
2008-07-16 19:39 . 2006-04-27 17:49 288,417 --a------ C:WINDOWSsystem32SrchSTS.exe
2008-07-16 19:39 . 2008-05-29 09:35 86,528 --a------ C:WINDOWSsystem32VACFix.exe
2008-07-16 19:39 . 2008-05-18 21:40 82,944 --a------ C:WINDOWSsystem32IEDFix.exe
2008-07-16 19:39 . 2008-07-02 13:33 82,432 --a------ C:WINDOWSsystem32IEDFix.C.exe
2008-07-16 19:39 . 2008-05-23 18:21 81,920 --a------ C:WINDOWSsystem32404Fix.exe
2008-07-16 19:39 . 2003-06-05 21:13 53,248 --a------ C:WINDOWSsystem32Process.exe
2008-07-16 19:39 . 2004-07-31 18:50 51,200 --a------ C:WINDOWSsystem32dumphive.exe
2008-07-16 19:39 . 2007-10-04 00:36 25,600 --a------ C:WINDOWSsystem32WS2Fix.exe
2008-07-16 16:37 . 2008-07-16 16:37 <DIR> d-------- C:Program FilesTrend Micro
2008-07-16 13:32 . 2008-07-16 13:32 20,992 --a------ C:WINDOWSsystem32inte_f.dll
2008-07-13 12:47 . 2008-07-13 12:47 <DIR> d-------- C:cda
2008-07-08 15:24 . 2008-07-08 15:24 <DIR> d-------- C:Program FilesMSXML 6.0
2008-07-07 14:40 . 2008-07-07 14:40 <DIR> d-------- C:Documents and SettingsPimpuśDane aplikacjiMedia Player Classic
2008-07-07 14:07 . 2006-09-24 17:11 389,120 --a------ C:WINDOWSsystem32lameACM.acm
2008-07-07 14:07 . 2007-09-04 18:56 164,352 --a------ C:WINDOWSsystem32unrar.dll
2008-07-07 14:07 . 2007-09-21 02:52 118,784 --a------ C:WINDOWSsystem32ac3acm.acm
2008-07-07 14:07 . 2007-10-03 17:03 414 --a------ C:WINDOWSsystem32lame_acm.xml
2008-07-07 14:06 . 2008-07-07 14:13 <DIR> d-------- C:Program FilesSubRip
2008-07-07 14:06 . 2008-07-07 14:06 <DIR> d-------- C:Program FilesK-Lite Codec Pack
2008-07-07 14:06 . 2008-03-21 22:30 3,596,288 --a------ C:WINDOWSsystem32qt-dx331.dll
2008-07-07 14:06 . 2008-01-10 14:15 755,027 --a------ C:WINDOWSsystem32xvidcore.dll
2008-07-07 14:06 . 2008-03-31 23:25 682,496 --a------ C:WINDOWSsystem32divx.dll
2008-07-07 14:06 . 2008-01-10 14:16 159,839 --a------ C:WINDOWSsystem32xvidvfw.dll
2008-07-07 14:06 . 2008-03-21 22:28 81,920 --a------ C:WINDOWSsystem32dpl100.dll
2008-07-07 14:06 . 2008-03-28 19:41 7,680 --a------ C:WINDOWSsystem32ff_vfw.dll
2008-07-07 14:06 . 2007-07-10 18:10 547 --a------ C:WINDOWSsystem32ff_vfw.dll.manifest
2008-07-07 14:05 . 2008-07-07 14:05 <DIR> d-------- C:Program FilesMSBuild
2008-07-07 14:02 . 2008-07-07 14:02 <DIR> d-------- C:WINDOWSsystem32XPSViewer
2008-07-07 14:02 . 2008-07-07 14:02 <DIR> d-------- C:Program FilesReference Assemblies
2008-07-07 14:01 . 2006-06-29 13:07 14,048 --------- C:WINDOWSsystem32spmsg2.dll
2008-07-07 13:57 . 2008-07-07 13:57 <DIR> d-------- C:Program FilesAviSynth 2.5
2008-07-06 20:02 . 2008-07-06 20:03 <DIR> d-------- C:Documents and SettingsPimpuśDane aplikacjifoobar2000
2008-07-03 20:25 . 2008-07-03 20:29 <DIR> d-------- C:Documents and SettingsPimpuśDane aplikacjiWinamp
2008-07-03 18:28 . 2008-07-03 18:29 <DIR> d-------- C:Program FilesMicrosoft LifeCam
2008-07-03 18:27 . 2008-07-03 18:27 <DIR> d-------- C:WINDOWSsystem32driversumdf
2008-07-03 18:27 . 2008-07-03 23:00 921,624 --a------ C:img2-001.raw
2008-07-03 18:26 . 2004-08-03 23:10 10,880 --a------ C:WINDOWSsystem32driversNdisIP.sys
2008-07-03 18:26 . 2004-08-03 23:10 10,880 --a--c--- C:WINDOWSsystem32dllcachendisip.sys
2008-07-03 18:26 . 2004-08-03 22:58 5,504 --a------ C:WINDOWSsystem32driversMSTEE.sys
2008-07-03 18:26 . 2004-08-03 22:58 5,504 --a--c--- C:WINDOWSsystem32dllcachemstee.sys
2008-07-01 12:27 . 2008-07-01 12:27 <DIR> d-------- C:Program FilesSAGEM WiFi manager
2008-07-01 12:27 . 2007-01-16 13:52 20,608 --a------ C:WINDOWSsystem32driversBRGSp50.sys
2008-07-01 12:27 . 2007-01-16 13:52 17,664 --a------ C:WINDOWSsystem32driversZDPSp50.sys
2008-07-01 11:54 . 2007-01-10 10:14 450,560 --a------ C:WINDOWSsystem32driversWlanBZXP.sys
2008-06-30 21:41 . 2004-08-03 23:07 59,264 --a------ C:WINDOWSsystem32driversUSBAUDIO.sys
2008-06-30 21:41 . 2004-08-03 23:07 59,264 --a--c--- C:WINDOWSsystem32dllcacheusbaudio.sys
2008-06-30 18:31 . 2008-07-16 14:31 <DIR> d-------- C:temp
2008-06-25 10:40 . 2008-06-25 10:40 <DIR> d-------- C:Documents and SettingsPimpuśDane aplikacjiCyberLink
2008-06-20 18:59 . 2008-03-25 02:37 69,632 --a------ C:WINDOWSsystem32javacpl.cpl
2008-06-20 18:58 . 2008-06-20 18:59 <DIR> d-------- C:Program FilesJava
2008-06-20 18:57 . 2008-06-20 18:57 <DIR> d-------- C:Program FilesCommon FilesJava
2008-06-18 20:50 . 2005-05-03 18:43 69,632 --a------ C:WINDOWSAlcmtr.exe
2008-06-18 20:50 . 2007-11-14 15:18 553 --a------ C:WINDOWSUSetup.iss
2008-06-18 00:07 . 2008-06-18 16:22 238 --a------ C:WINDOWSmafosav.INI
2008-06-17 16:15 . 2008-06-17 17:50 <DIR> d-------- C:Documents and SettingsPimpuśDane aplikacjiHamachi
2008-06-17 16:14 . 2008-06-17 16:14 25,280 --a------ C:WINDOWSsystem32drivershamachi.sys
2008-06-17 14:57 . 2008-07-16 21:12 <DIR> d-------- C:Documents and SettingsPimpuśDane aplikacjiskypePM
2008-06-17 14:57 . 2008-06-17 14:57 56 --ah----- C:WINDOWSsystem32ezsidmv.dat
2008-06-17 14:55 . 2008-06-17 14:55 <DIR> d-------- C:Program FilesSkype
2008-06-17 14:55 . 2008-06-17 14:55 <DIR> d-------- C:Program FilesCommon FilesSkype
2008-06-17 14:55 . 2008-07-16 21:48 <DIR> d-------- C:Documents and SettingsPimpuśDane aplikacjiSkype
2008-06-17 14:55 . 2008-06-17 14:55 <DIR> d-------- C:Documents and SettingsAll UsersDane aplikacjiSkype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-17 10:00 --------- d--h--w C:Program FilesInstallShield Installation Information
2008-07-17 09:34 --------- d-----w C:Documents and SettingsPimpuśDane aplikacjiAzureus
2008-07-08 14:27 --------- d-----w C:Documents and SettingsAll UsersDane aplikacjiTrackMania
2008-06-20 17:42 246,784 ----a-w C:WINDOWSsystem32mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:WINDOWSsystem32driverstcpip.sys
2008-06-20 10:44 138,368 ----a-w C:WINDOWSsystem32driversafd.sys
2008-06-20 09:52 225,920 ----a-w C:WINDOWSsystem32driverstcpip6.sys
2008-06-14 18:01 273,024 ------w C:WINDOWSsystem32driversbthport.sys
2008-06-13 16:50 --------- d-----w C:Documents and SettingsPimpuśDane aplikacjiXfire
2008-06-09 12:25 --------- d-----w C:Program FilesGoogle
2008-06-09 11:17 --------- d-----w C:Program FilesCommon FilesAdobe
2008-06-09 11:16 --------- d-----w C:Program FilesAdobe Media Player
2008-06-07 09:33 --------- d-----w C:Documents and SettingsAll UsersDane aplikacjiApple Computer
2008-06-07 09:20 --------- d-----w C:Documents and SettingsPimpuśDane aplikacjiApple Computer
2008-06-07 09:19 --------- d-----w C:Program FilesBonjour
2008-06-07 09:19 --------- d-----w C:Program FilesApple Software Update
2008-06-07 09:18 --------- d-----w C:Program FilesCommon FilesApple
2008-06-07 09:18 --------- d-----w C:Documents and SettingsAll UsersDane aplikacjiApple
2008-06-02 16:10 4,752,384 ----a-w C:WINDOWSsystem32driversRtkHDAud.sys
2008-05-31 12:12 --------- d-----w C:Documents and SettingsAll UsersDane aplikacjiAzureus
2008-05-28 12:52 16,862,720 ----a-w C:WINDOWSRTHDCPL.exe
2008-05-25 15:37 --------- d-----w C:Program FilesCommon FilesDirectX
2008-05-18 08:49 --------- d-----w C:Documents and SettingsPimpuśDane aplikacjiMicrosoft Web Folders
2008-05-18 08:48 --------- d-----w C:Program Filesmicrosoft frontpage
2008-05-18 08:41 --------- d-----w C:Documents and SettingsPimpuśDane aplikacjiGadu-Gadu
2008-05-18 08:24 --------- d-----w C:Program FilesWindows Defender
2008-05-18 08:09 --------- d-----w C:Program FilesSAGEM
2008-05-18 07:50 --------- d-----w C:Program FilesCyberLink
2008-05-18 07:50 --------- d-----w C:Documents and SettingsAll UsersDane aplikacjiCyberLink
2008-05-18 07:49 --------- d-----w C:Program FilesCommon FilesNero
2008-05-18 07:48 --------- d-----w C:Program FilesAhead
2008-05-18 07:47 --------- d-----w C:Program FilesCommon FilesAhead
2008-05-18 07:41 --------- d-----w C:Program FilesAlwil Software
2008-05-18 07:36 15,600 ----a-w C:WINDOWSgdrv.sys
2008-05-18 07:34 315,392 ----a-w C:WINDOWSHideWin.exe
2008-05-18 07:34 --------- d-----w C:Program FilesRealtek
2008-05-18 07:34 --------- d-----w C:Program FilesDIFX
2008-05-18 07:34 --------- d-----w C:Program FilesCommon FilesInstallShield
2008-05-18 07:33 --------- d-----w C:Documents and SettingsPimpuśDane aplikacjiInstallShield
2008-05-18 07:20 --------- d-----w C:Program FilesUsługi online
2008-05-07 05:16 1,291,264 ----a-w C:WINDOWSsystem32quartz.dll
2008-04-21 07:03 662,016 ----a-w C:WINDOWSsystem32wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2008-07-16_22.22.34.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-17 12:29:16 16,384 ----atw C:WINDOWSTempPerflib_Perfdata_748.dat
+ 2005-09-22 21:49:12 95,744 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841ATL80.dll
+ 2005-09-22 23:16:02 1,093,632 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2mfc80.dll
+ 2005-09-22 23:16:06 1,079,808 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2mfc80u.dll
+ 2005-09-22 23:16:08 69,632 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2mfcm80.dll
+ 2005-09-22 23:16:10 57,344 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2mfcm80u.dll
+ 2005-09-22 22:58:06 40,960 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80CHS.dll
+ 2005-09-22 22:58:06 45,056 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80CHT.dll
+ 2005-09-22 22:58:06 65,536 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80DEU.dll
+ 2005-09-22 22:58:06 57,344 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80ENU.dll
+ 2005-09-22 22:58:06 61,440 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80ESP.dll
+ 2005-09-22 22:58:06 61,440 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80FRA.dll
+ 2005-09-22 22:58:06 61,440 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80ITA.dll
+ 2005-09-22 22:58:06 49,152 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80JPN.dll
+ 2005-09-22 22:58:06 49,152 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0mfc80KOR.dll
+ 2005-09-22 23:35:10 65,536 ----a-w C:WINDOWSWinSxSx86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0ee63867vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2008-05-16 01:19 79224]
"NeroFilterCheck"="C:WINDOWSsystem32NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:Program FilesCyberLinkPowerDVDPDVDServ.exe" [2003-10-31 19:42 32768]
"Adobe Reader Speed Launcher"="C:Program FilesAdobeReader 8.0ReaderReader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_06binjusched.exe" [2008-03-25 04:28 144784]
"VX1000"="C:WINDOWSvVX1000.exe" [2007-04-10 23:46 709992]
"LifeCam"="C:Program FilesMicrosoft LifeCamLifeExp.exe" [2007-05-17 23:45 279912]
"WinampAgent"="D:ProgramyWinampwinampa.exe" [2008-04-01 20:49 36352]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-28 14:52 16862720 C:WINDOWSRTHDCPL.exe]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSsystem32CTFMON.EXE" [2004-08-04 14:00 15360]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"D:\Gry\Counter Strike 1.6\hl.exe"=
"D:\Gry\TmNationsForever\TmForever.exe"=
"D:\Programy\eMule\emule.exe"=
"D:\Programy\Azureus\Azureus.exe"=
"D:\Gry\Worms 4 Totalna Rozwałka\WORMS 4 MAYHEM.EXE"=
"C:\Program Files\Bonjour\mDNSResponder.exe"=
"D:\Gry\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe"=
"C:\WINDOWS\system32\dpvsetup.exe"=
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"=
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"=
"C:\Program Files\Skype\Phone\Skype.exe"=
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
R1 aswSP;avast! Self Protection;C:WINDOWSsystem32driversaswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:WINDOWSsystem32DRIVERSaswFsBlk.sys [2008-05-16 01:16]
R2 MSCamSvc;MSCamSvc;C:Program FilesMicrosoft LifeCamMSCamS32.exe [2007-05-17 23:45]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:WINDOWSsystem32DRIVERSWlanBZXP.sys [2007-01-10 10:14]
R3 VX1000;VX-1000;C:WINDOWSsystem32DRIVERSVX1000.sys [2007-04-10 23:46]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:WINDOWSsystem32ZDCndis5.SYS []
.
Contents of the ''Scheduled Tasks'' folder
"2008-07-03 16:25:46 C:WINDOWSTasksMicrosoft_Hardware_Launch_setup_exe.job"
- E:setup.exe
"2008-07-17 12:32:25 C:WINDOWSTasksMP Scheduled Scan.job"
- C:Program FilesWindows DefenderMpCmdRun.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 14:44:43
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-17 14:45:19
ComboFix-quarantined-files.txt2008-07-17 12:45:08
ComboFix2.txt2008-07-16 20:22:53
Pre-Run: 21,013,753,856 bajtów wolnych
Post-Run: 21,004,636,160 bajtów wolnych
204 --- E O F --- 2008-07-11 17:00:37
Silent runner: Kod: "Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun {++}
"avast!" = "C:PROGRA~1ALWILS~1Avast4ashDisp.exe" ["ALWIL Software"]
"NeroFilterCheck" = "C:WINDOWSsystem32NeroCheck.exe" ["Ahead Software Gmbh"]
"RemoteControl" = ""C:Program FilesCyberLinkPowerDVDPDVDServ.exe"" ["Cyberlink Corp."]
"Windows Defender" = ""C:Program FilesWindows DefenderMSASCui.exe" -hide" [MS]
"Adobe Reader Speed Launcher" = ""C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"" ["Adobe Systems Incorporated"]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"SunJavaUpdateSched" = ""C:Program FilesJavajre1.6.0_06binjusched.exe"" ["Sun Microsystems, Inc."]
"VX1000" = "C:WINDOWSvVX1000.exe" [MS]
"LifeCam" = ""C:Program FilesMicrosoft LifeCamLifeExp.exe"" [MS]
"WinampAgent" = "D:ProgramyWinampwinampa.exe" [null data]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
InProcServer32(Default) = "C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]
{4AD3A71E-8ED4-40F5-9A81-69245BDCBB75}(Default) = (no title provided)
-> {HKLM...CLSID} = "BHO.Filter"
InProcServer32(Default) = "C:WINDOWSsystem32iefltr.dll" [null data]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
InProcServer32(Default) = "C:Program FilesJavajre1.6.0_06binssv.dll" ["Sun Microsystems, Inc."]
{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}(Default) = "Ask Toolbar BHO"
-> {HKLM...CLSID} = "Ask Toolbar BHO"
InProcServer32(Default) = "C:Program FilesAskSBarbar1.binASKSBAR.DLL" ["Ask.com"]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionShell ExtensionsApproved
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
InProcServer32(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
InProcServer32(Default) = "C:WINDOWSsystem32hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:ProgramyWinRARrarext.dll" [null data]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
InProcServer32(Default) = "C:PROGRA~1MICROS~2OfficeOLKFSTUB.DLL" [MS]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks
<<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"
-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"
InProcServer32(Default) = "C:PROGRA~1WINDOW~4MpShHook.dll" [MS]
HKLMSOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
InProcServer32(Default) = "C:WINDOWSsystem32WPDShServiceObj.dll" [MS]
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify
<<!>> AtiExtEventDLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLMSOFTWAREClassesFoldershellexColumnHandlers
{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
InProcServer32(Default) = "C:Program FilesCommon FilesAdobeAcrobatActiveXPDFShell.dll" ["Adobe Systems, Inc."]
HKLMSOFTWAREClasses*shellexContextMenuHandlers
avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:ProgramyWinRARrarext.dll" [null data]
HKLMSOFTWAREClassesDirectoryshellexContextMenuHandlers
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:ProgramyWinRARrarext.dll" [null data]
HKLMSOFTWAREClassesFoldershellexContextMenuHandlers
avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
InProcServer32(Default) = "C:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]
WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
InProcServer32(Default) = "D:ProgramyWinRARrarext.dll" [null data]
Group Policies {policy setting}:
--------------------------------
Note: detected settings may not have any effect.
HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral
"Wallpaper" = "C:WINDOWSsystem32configsystemprofileUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCUControl PanelDesktop
"Wallpaper" = "C:Documents and SettingsPimpuśUstawienia lokalneDane aplikacjiMicrosoftWallpaper1.bmp"
Enabled Screen Saver:
---------------------
HKCUControl PanelDesktop
"SCRNSAVE.EXE" = "C:WINDOWSsystem32logon.scr" [MS]
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAutoplayHandlersHandlers
MPCPlayCDAudioOnArrival
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLMSOFTWAREClassesMediaPlayerClassic.AutorunshellPlayCDAudiocommand(Default) = ""C:Program FilesK-Lite Codec PackMedia Player Classicmplayerc.exe" %1 /cd" ["Gabest"]
MPCPlayDVDMovieOnArrival
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLMSOFTWAREClassesMediaPlayerClassic.AutorunshellPlayDVDMoviecommand(Default) = ""C:Program FilesK-Lite Codec PackMedia Player Classicmplayerc.exe" %1 /dvd" ["Gabest"]
MPCPlayMusicFilesOnArrival
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLMSOFTWAREClassesMediaPlayerClassic.AutorunshellPlayMusicFilescommand(Default) = ""C:Program FilesK-Lite Codec PackMedia Player Classicmplayerc.exe" %1" ["Gabest"]
MPCPlayVideoFilesOnArrival
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLMSOFTWAREClassesMediaPlayerClassic.AutorunshellPlayVideoFilescommand(Default) = ""C:Program FilesK-Lite Codec PackMedia Player Classicmplayerc.exe" %1" ["Gabest"]
MSWPDShellNamespaceHandler
"Provider" = "@%SystemRoot%system32wpdshext.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
LocalServer32(Default) = "C:WINDOWSsystem32WPDShextAutoplay.exe" [MS]
NeroAutoPlay2CDAudio
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"
HKLMSOFTWAREClassesNero.AutoPlay2shellHandleCDBurningOnArrival_CDAudiocommand(Default) = "C:Program FilesAheadneronero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2CopyCD
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"
HKLMSOFTWAREClassesNero.AutoPlay2shellPlayCDAudioOnArrival_CopyCDcommand(Default) = "C:Program FilesAheadneronero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2DataDisc
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"
HKLMSOFTWAREClassesNero.AutoPlay2shellHandleCDBurningOnArrival_DataDisccommand(Default) = "C:Program FilesAheadneronero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]
NeroAutoPlay2LaunchNeroStartSmart
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"
HKLMSOFTWAREClassesNero.AutoPlay2shellHandleCDBurningOnArrival_LaunchNeroStartSmartcommand(Default) = "C:Program FilesAheadNero StartSmartNeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]
PDVDPlayDVDMovieOnArrival
"Provider" = "PowerDVD"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerDVD"
HKLMSOFTWAREClassesDVDshellPlayWithPowerDVDCommand(Default) = ""C:Program FilesCyberLinkPowerDVDPowerDVD.exe" "%l"" ["CyberLink Corp."]
Picasa2ImportPicturesOnArrival
"Provider" = "Picasa2"
"InvokeProgID" = "picasa2.autoplay"
"InvokeVerb" = "import"
HKLMSOFTWAREClassespicasa2.autoplayshellimportcommand(Default) = "D:ProgramyPicasa2Picasa2.exe "%1"" ["Google Inc."]
WinampMTPHandler
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "D:ProgramyWinampwinamp.exe"
HKLMSOFTWAREClassesShell.HWEventHandlerShellExecuteCLSID(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
LocalServer32(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]
WinampPlayMediaOnArrival
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLMSOFTWAREClassesWinamp.FileshellPlaycommand(Default) = ""D:ProgramyWinampwinamp.exe" "%1"" ["Nullsoft"]
HKLMSOFTWAREClassesWinamp.FileshellPlayDropTargetCLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
-> {HKLM...CLSID} = (no title provided)
LocalServer32(Default) = ""D:ProgramyWinampwinamp.exe"" ["Nullsoft"]
Startup items in "Pimpuś" & "All Users" startup folders:
--------------------------------------------------------
C:Documents and SettingsAll UsersMenu StartProgramyAutostart
"Adobe Gamma Loader" -> shortcut to: "C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Microsoft Office" -> shortcut to: "C:Program FilesMicrosoft OfficeOfficeOSA9.EXE -b -l" [MS]
"Program sieciowy dla SAGEM Wi-Fi 11g USB adapter" -> shortcut to: "C:Program FilesSAGEM WiFi managerWLANUTL.exe" [" "]
Enabled Scheduled Tasks:
------------------------
"Microsoft_Hardware_Launch_setup_exe" -> launches: "E:setup.exe" [file not found]
"MP Scheduled Scan" -> launches: "C:Program FilesWindows DefenderMpCmdRun.exe Scan -RestrictPrivileges" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLMSYSTEMCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_Entries {++}
000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]
000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]
000000000004LibraryPath = "C:Program FilesBonjourmdnsNSP.dll" ["Apple Inc."]
Transport Service Providers
HKLMSYSTEMCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_Entries {++}
0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%system32rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"
-> {HKLM...CLSID} = "Ask Toolbar"
InProcServer32(Default) = "C:Program FilesAskSBarbar1.binASKSBAR.DLL" ["Ask.com"]
HKLMSOFTWAREMicrosoftInternet ExplorerToolbar
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}" = (no title provided)
-> {HKLM...CLSID} = "Ask Toolbar"
InProcServer32(Default) = "C:Program FilesAskSBarbar1.binASKSBAR.DLL" ["Ask.com"]
Extensions (Tools menu items, main toolbar menu buttons)
HKLMSOFTWAREMicrosoftInternet ExplorerExtensions
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_06"
InProcServer32(Default) = "C:Program FilesJavajre1.6.0_06binssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_06"
InProcServer32(Default) = "C:Program FilesJavajre1.6.0_06binnpjpi160_06.dll" ["Sun Microsystems, Inc."]
{FB5F1910-F110-11D2-BB9E-00C04F795683}
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:Program FilesMessengermsmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:WINDOWSsystem32Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""C:Program FilesAlwil SoftwareAvast4ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"]
Bonjour Service, Bonjour Service, ""C:Program FilesBonjourmDNSResponder.exe"" ["Apple Inc."]
MSCamSvc, MSCamSvc, ""C:Program FilesMicrosoft LifeCamMSCamS32.exe"" [MS]
Urządzenie mobilne Apple, Apple Mobile Device, ""C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe"" ["Apple, Inc."]
Windows Defender, WinDefend, ""C:Program FilesWindows DefenderMsMpEng.exe"" [MS]
---------- (launch time: 2008-07-16 19:31:27)
<<!>>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 22 seconds, including 4 seconds for message boxes)
Wszystko się zgadza?
Liczba postów: 850
Liczba wątków: 12
Dołączył: 15.07.2006
Reputacja:
0
Do wykonania w trybie awaryjnym i wyłączonym przywracaniem systemu:
Otwórz notatnik i wklej w nim to:
Kod: file::
C:WINDOWSsystem32inte_f.dll
registry::
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"=-
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Plik>>>Zapisz jako... CFScript
Przeciągnij plik na ikonkę Combofixa i rozpocznie się proces usuwania podczas którego może wystąpić reset komputera.
Pobierz program [Aby zobaczyć linki, zarejestruj się tutaj]
* Dwuklik na SDFix.exe następnie program wypakuje się na dysk systemowy (standardowo C:SDFix)
* Zrestartuj komputer i wejdź do trybu awaryjnego (klawisz F8 przed bootem Windowsa)
* Wejdź do folderu z SDFix kliknij dwa razy na plik RunThis.bat
* Wciśnij Ynastąpi proces usuwania.
* Kiedy usuwanie się ukończy wciśnij dowolny klawisz (Any Key). Nastąpi restart komputera.
* Po restarcie SDFix uruchomi się ponownie, żeby dokończyć proces usuwania kiedy pojawi się w oknie programu Finished, wciśnij dowolny klawisz do zakończenia scryptu i załadowania ikon na pulpicie.
* Pokaż Report.txt znajdujący się w folderze SDFix.
Po zabiegach dajesz nowe logi z hijacka, Combofix oraz raport z SDFix
"Nie jestem konsumentem mieszczącym się w standardzie
Nie jestem gatunkiem skazanym na wymarcie
Nie jestem obiektem medialnego hałasu
Jestem nielegalnym zabójcą czasu"
Liczba postów: 5
Liczba wątków: 1
Dołączył: 16.07.2008
Reputacja:
0
Słuchaj, myślałem, że to wszystko już i zreinstalowałem system . Więc muszę coś jeszcze robić, czy nie?
Liczba postów: 3
Liczba wątków: 0
Dołączył: 16.07.2006
Reputacja:
0
Walka do końca, nie format!
od 5 lat jadę na jednym sysie (XP), przedtem 5 lat na Win 98, ale nigdy nie robiłem przeinstalki z powodu takiego g....... wirusa(?), mimo że na 98 miałem już taką sytuację przy której obraz był tylko na lewej połówce monitora
Liczba postów: 5
Liczba wątków: 1
Dołączył: 16.07.2008
Reputacja:
0
Hahaha, fajny wirus . Mimo to wolę reinstalkę, bo jest dużo łatwiejsza i szybsza. Ale Wasza pomoc i tak się przydała, bo musiałem nagrać pliki przed formatem, a ten robak mi na to nie pozwalał. Nie jestem jeszcze tak bardzo zaawansowany w sprawach informatyki. Może kiedyś:rolleyes:... Dzięki wszystkim za pomoc! Pozdro!
|