Komputer szaleje - wgrał się sam jakiś antywir

**Posty:** 1495 · przez **Buszinio** 07 Sie 2009, 15:11

Witam! Od wczoraj zaczęły się straszne problemy z komputerem... Zainstalował się jakiś antywiorus dodatkowo, a Avira nie chce się włączyć. Wyskakują jakieś ostrzezenia, jest ich pełno, a na pulpicie jest napis jak na screenie. Wirus czasami włącza sam jakieś aplikacje. Pomocy!
Oto screeny:

Logi:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:07:36, on 2009-08-07 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\msa.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\winampa.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\NetFilter.exe C:\WINDOWS\Temp\_ex-68.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\DAEMON Tools Lite\daemon.exe E:\programy\utorrent\uTorrent.exe C:\Program Files\AV Care\AvCare.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\svchost.exe E:\programy\Opera\opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\programy\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {A77D3539-581D-450C-9E44-A84C415A6172} - C:\WINDOWS\system32\msxmlm.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [GEST] m‘|\ü O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net" O4 - HKLM\..\Run: [PersonalAV] C:\Program Files\PersonalAV\pav.exe O4 - HKLM\..\Run: [MSDRV] NetFilter.exe O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-68.exe O4 - HKLM\..\Run: [19386094] C:\Documents and Settings\All Users\Dane aplikacji\19386094\19386094.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [uTorrent] "E:\programy\utorrent\uTorrent.exe" O4 - HKCU\..\Run: [Monopod] C:\DOCUME~1\Mariusz\USTAWI~1\Temp\b.exe O4 - HKCU\..\Run: [NordBull] C:\DOCUME~1\Mariusz\USTAWI~1\Temp\f.exe O4 - HKCU\..\Run: [AV Care] C:\Program Files\AV Care\AvCare.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

Silent Runners

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 59, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"] "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] "DAEMON Tools Lite" = ""C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"] "uTorrent" = ""E:\programy\utorrent\uTorrent.exe"" ["BitTorrent, Inc."] "Monopod" = "C:\DOCUME~1\Mariusz\USTAWI~1\Temp\b.exe" [file not found] "NordBull" = "C:\DOCUME~1\Mariusz\USTAWI~1\Temp\f.exe" [file not found] "AV Care" = "C:\Program Files\AV Care\AvCare.exe" ["AV Corporation"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "GEST" = "m*‘|\ü* (unwritable string)" [file not found] "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "AlcWzrd" = "ALCWZRD.EXE" ["RealTek Semicoductor Corp."] "Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."] "Sony Ericsson PC Suite" = ""C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions" ["Sony Ericsson Mobile Communications AB"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data] "avgnt" = ""C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min" ["Avira GmbH"] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" "net" = ""C:\WINDOWS\system32\net.net"" [file not found] "PersonalAV" = "C:\Program Files\PersonalAV\pav.exe" [null data] "MSDRV" = "NetFilter.exe" [null data] "PromoReg" = "C:\WINDOWS\Temp\_ex-68.exe" [null data] "19386094" = "C:\Documents and Settings\All Users\Dane aplikacji\19386094\19386094.exe" [null data] HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\ {18B0E5C2-99CB-11CF-AXX5-00401C648513}\(Default) = (no title provided) \StubPath = "C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\keygen.exe" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "E:\programy\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {201f27d4-3704-41d6-89c1-aa35e39143ed}\(Default) = "AskBar BHO" -> {HKLM...CLSID} = "AskBar BHO" \InProcServer32\(Default) = "C:\Program Files\AskBarDis\bar\bin\askBar.dll" ["Ask.com"] {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\(Default) = "Winamp Toolbar Loader" -> {HKLM...CLSID} = "Winamp Toolbar Loader" \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."] {500BCA15-57A7-4eaf-8143-8C619470B13D}\(Default) = "XML module" -> {HKLM...CLSID} = "XML Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\msxml71.dll" [null data] {74322BF9-DF26-493f-B0DA-6D2FC5E6429E}\(Default) = (no title provided) -> {HKLM...CLSID} = "UrlHelper Class" \InProcServer32\(Default) = "C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll" [null data] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java(tm) Plug-In SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\ssv.dll" ["Sun Microsystems, Inc."] {A77D3539-581D-450C-9E44-A84C415A6172}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\msxmlm.dll" [null data] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."] {E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl" -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete" -> {HKLM...CLSID} = "IE Microsoft AutoComplete" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons" -> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager" -> {HKLM...CLSID} = "Sony Ericsson File Manager" \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> Antiwpa\DLLName = "antiwpa.dll" [null data] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}" -> {HKLM...CLSID} = "NeroCoverEdContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"] Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Program Files\Avira\AntiVir Desktop\shlext.dll" ["Avira GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "HonorAutoRunSetting" = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Mariusz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ MPCPlayCDAudioOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayCDAudio" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" [file not found] MPCPlayDVDMovieOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayDVDMovie" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" [file not found] MPCPlayMusicFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayMusicFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" [file not found] MPCPlayVideoFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayVideoFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" [file not found] MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] NeroAutoPlay7AudioToNeroDigital\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"] NeroAutoPlay7CDAudio\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CDAudio_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:AudioCD" ["Nero AG"] NeroAutoPlay7CopyCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:DiscCopy %L" ["Nero AG"] NeroAutoPlay7DataDisc\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "DataDisc_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\DataDisc_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe -w /New:ISODisc" ["Nero AG"] NeroAutoPlay7LaunchNeroStartSmart\ "Provider" = "Nero StartSmart" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "LaunchNeroStartSmart_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\LaunchNeroStartSmart_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe /AutoPlay" ["Nero AG"] NeroAutoPlay7PlayAudioCD\ "Provider" = "Nero ShowTime" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayAudioCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayAudioCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7PlayDVD\ "Provider" = "Nero ShowTime" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "PlayDVD_PlayVideoFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\PlayDVD_PlayVideoFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe /Play %L" ["Nero AG"] NeroAutoPlay7RipCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "RipCD_PlayCDAudioOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Core\nero.exe /Dialog:SaveTracks %L" ["Nero AG"] NeroAutoPlay7TranscodeVideo\ "Provider" = "Nero Recode" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "TranscodeVideo_PlayDVDMovieOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\TranscodeVideo_PlayDVDMovieOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe /New:CopyDVDVideo" ["Nero AG"] NeroAutoPlay7VideoCapture\ "Provider" = "Nero Vision" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] NeroAutoPlay7ViewPhotos\ "Provider" = "Nero PhotoSnap Viewer" "InvokeProgID" = "Nero.AutoPlay7" "InvokeVerb" = "ViewPhotos_ShowPicturesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay7\shell\ViewPhotos_ShowPicturesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe /" ["Nero AG"] WinampMTPHandler\ "Provider" = "Winamp" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Program Files\Winamp\winamp.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] WinampPlayMediaOnArrival\ "Provider" = "Winamp" "InvokeProgID" = "Winamp.File" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"] Startup items in "Mariusz" & "All Users" startup folders: --------------------------------------------------------- C:\Documents and Settings\Mariusz\Menu Start\Programy\Autostart "hamachi" -> shortcut to: "C:\Program Files\Hamachi\hamachi.exe" ["LogMeIn Inc."] Enabled Scheduled Tasks: ------------------------ "{7B02EF0B-A410-4938-8480-9BA26420A627}" -> launches: "C:\WINDOWS\msa.exe" [null data] "{BB65B0FB-5712-401b-B616-E69AC55E2757}" -> launches: "C:\DOCUME~1\Mariusz\USTAWI~1\Temp\b.exe" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 26 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{32099AAC-C132-4136-9E9A-4E364A424E17}" -> {HKLM...CLSID} = "DAEMON Tools Toolbar" \InProcServer32\(Default) = "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [null data] "{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}" -> {HKLM...CLSID} = "BearShare MediaBar" \InProcServer32\(Default) = "C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll" ["BearShare"] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" -> {HKLM...CLSID} = "Winamp Toolbar" \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}" -> {HKLM...CLSID} = "Ask Toolbar" \InProcServer32\(Default) = "C:\Program Files\AskBarDis\bar\bin\askBar.dll" ["Ask.com"] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{32099AAC-C132-4136-9E9A-4E364A424E17}" = (no title provided) -> {HKLM...CLSID} = "DAEMON Tools Toolbar" \InProcServer32\(Default) = "C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll" [null data] "{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}" = "Winamp Toolbar" -> {HKLM...CLSID} = "Winamp Toolbar" \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."] "{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}" = (no title provided) -> {HKLM...CLSID} = "BearShare MediaBar" \InProcServer32\(Default) = "C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll" ["BearShare"] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}" = (no title provided) -> {HKLM...CLSID} = "Ask Toolbar" \InProcServer32\(Default) = "C:\Program Files\AskBarDis\bar\bin\askBar.dll" ["Ask.com"] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}\(Default) = "Ask Toolbar Quick View" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}" = (no title provided) -> {HKLM...CLSID} = "Winamp Search Class" \InProcServer32\(Default) = "C:\Program Files\Winamp Toolbar\winamptb.dll" ["AOL LLC."] <<H>> "{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD}" = (no title provided) -> {HKLM...CLSID} = "DeviceVM Url Search Hook" \InProcServer32\(Default) = "C:\WINDOWS\system32\dvmurl.dll" ["DeviceVM Inc."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Agent SAP, NwSapAgent, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipxsap.dll" [MS]} Avira AntiVir Scheduler, AntiVirSchedulerService, ""C:\Program Files\Avira\AntiVir Desktop\sched.exe"" ["Avira GmbH"] Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."] Karta wydajności WMI, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS] NMIndexingService, NMIndexingService, ""C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"" ["Nero AG"] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- (launch time: 2009-08-07 15:09:19) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 31 seconds, including 12 seconds for message boxes)

**Posty:** 8001 · przez **Okocza** 07 Sie 2009, 15:36

Buszinio, specjalne-narzedzia-czyszczace-vt96631.html

stosujesz program Smitfraudfix i dajesz później log z combofixa.

**Posty:** 1495 · przez **Buszinio** 07 Sie 2009, 16:27

Kod: Zaznacz wszystko: ComboFix 09-08-06.01 - Mariusz 2009-08-07 16:16.1.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2046.1722 [GMT 2:00] Uruchomiony z: c:\documents and settings\Mariusz\Pulpit\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\ALLUSE~1\DANEAP~1\19386094 c:\docume~1\ALLUSE~1\DANEAP~1\19386094\19386094 c:\docume~1\ALLUSE~1\DANEAP~1\19386094\19386094.exe c:\documents and settings\Mariusz\Menu Start\Programy\System Security c:\documents and settings\Mariusz\Menu Start\Programy\System Security\System Security c:\documents and settings\Mariusz\Pulpit\System Security 2009.lnk c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\windows\msa.exe c:\windows\run.log c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\drivers\ytasfwothwevxj.sys c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\msxmlm.dll c:\windows\system32\NetFilter.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe c:\windows\system32\ytasfwdqjnkcde.dll c:\windows\system32\ytasfwirnexgip.dat c:\windows\system32\ytasfwpxrgbctr.dll c:\windows\system32\ytasfwuboorlqr.dat . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_ytasfwxnkpalkm -------\Legacy_ytasfwxnkpalkm -------\Legacy_POWERMANAGER -------\Service_PowerManager ((((((((((((((((((((((((( Pliki utworzone od 2009-07-07 do 2009-08-07 ))))))))))))))))))))))))))))))) . 2009-08-07 14:22 . 2009-08-07 23:13 106496 ----a-w- c:\windows\system32\NetFilter.exe 2009-08-06 15:22 . 2009-06-22 14:58 24576 ----a-w- c:\windows\system32\drivers\ndisrd.sys 2009-08-06 15:22 . 2009-05-14 09:58 61440 ----a-w- c:\windows\system32\ndisapi.dll 2009-08-06 15:22 . 2009-08-06 15:22 -------- d-----w- c:\program files\Common Files\Uninstall 2009-08-06 15:22 . 2009-08-06 15:22 -------- d-----w- c:\program files\PersonalAV 2009-08-06 14:11 . 2009-08-06 14:11 -------- d-----w- c:\documents and settings\Mariusz\Dane aplikacji\Logs 2009-08-06 14:05 . 2009-08-06 14:06 -------- d-----w- c:\program files\AV Care 2009-07-25 10:35 . 2009-07-25 10:35 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\35119 2009-07-13 12:03 . 2009-07-13 12:03 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\3829F . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-07 14:21 . 2009-05-11 18:46 -------- d-----w- c:\documents and settings\Mariusz\Dane aplikacji\Hamachi 2009-08-07 14:14 . 2009-06-17 06:14 -------- d-----w- c:\documents and settings\Mariusz\Dane aplikacji\uTorrent 2009-08-07 07:07 . 2009-05-09 13:20 -------- d-----w- c:\documents and settings\Mariusz\Dane aplikacji\Skype 2009-08-07 06:56 . 2009-05-09 13:23 -------- d-----w- c:\documents and settings\Mariusz\Dane aplikacji\skypePM 2009-08-06 13:55 . 2009-08-06 13:54 1215595 ----a-w- c:\windows\system32\xa.tmp 2009-08-05 14:16 . 2009-05-11 14:56 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-08-05 06:49 . 2009-04-23 15:27 -------- d-----w- c:\documents and settings\Mariusz\Dane aplikacji\Winamp 2009-07-27 20:49 . 2009-05-21 16:16 -------- d-----w- c:\program files\BearShare Applications 2009-07-22 14:57 . 2008-12-22 17:04 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-12 14:23 . 2008-12-23 09:50 -------- d---a-w- c:\docume~1\ALLUSE~1\DANEAP~1\TEMP 2009-07-10 06:52 . 2006-03-02 12:00 83486 ----a-w- c:\windows\system32\perfc015.dat 2009-07-10 06:52 . 2006-03-02 12:00 488194 ----a-w- c:\windows\system32\perfh015.dat 2009-07-01 22:28 . 2009-07-01 22:28 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\C2CE 2009-06-29 11:29 . 2009-06-29 11:29 -------- d-----w- c:\program files\wheel 2009-06-26 16:51 . 2006-03-02 12:00 669184 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 16:51 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-06-26 07:10 . 2009-06-26 07:10 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\02E 2009-06-23 12:08 . 2008-12-22 17:21 -------- d-----w- c:\program files\AGEIA Technologies 2009-06-23 12:02 . 2008-12-22 17:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-22 16:44 . 2009-06-19 16:04 -------- d-----w- c:\documents and settings\Mariusz\Dane aplikacji\Bioshock 2009-06-22 13:41 . 2009-06-22 13:41 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\137D 2009-06-22 13:04 . 2009-06-22 13:04 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\9177 2009-06-22 12:31 . 2009-06-22 12:31 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\F1B5 2009-06-19 16:04 . 2009-06-19 16:04 -------- d--h--r- c:\documents and settings\Mariusz\Dane aplikacji\SecuROM 2009-06-17 08:34 . 2008-12-23 11:35 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2009-06-17 06:15 . 2009-06-17 06:15 -------- d-----w- c:\program files\AskBarDis 2009-06-16 14:40 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 11:45 . 2009-06-16 11:45 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\0203 2009-06-16 04:38 . 2009-06-16 04:38 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\D30D 2009-06-15 04:20 . 2009-06-15 04:20 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\23109 2009-06-15 03:10 . 2009-06-15 03:10 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\271B5 2009-06-14 14:22 . 2009-06-14 14:22 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\157D 2009-06-14 06:09 . 2009-06-14 06:09 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\321E4 2009-06-13 13:34 . 2009-06-13 13:34 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\11F 2009-06-13 06:42 . 2009-06-13 06:42 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\172BF 2009-06-12 18:34 . 2009-06-12 18:34 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\302AF 2009-06-12 16:29 . 2009-06-12 16:29 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\23128 2009-06-12 13:05 . 2009-06-12 13:05 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\11C5 2009-06-12 11:16 . 2009-06-12 11:16 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\D222 2009-06-11 18:03 . 2009-06-11 18:03 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\1A1B5 2009-06-11 05:58 . 2009-06-11 05:58 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\9271 2009-06-10 17:13 . 2009-06-10 17:13 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\270 2009-06-10 16:34 . 2008-12-23 11:12 404824 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2009-06-10 12:33 . 2009-06-10 12:33 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\328C 2009-06-10 04:33 . 2009-06-10 04:33 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\362EE 2009-06-09 11:42 . 2009-06-09 11:42 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\28280 2009-06-03 19:11 . 2006-03-02 12:00 1294848 ----a-w- c:\windows\system32\quartz.dll 2009-05-23 18:05 . 2009-05-23 18:05 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2009-05-23 18:05 . 2009-05-23 18:05 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2009-05-15 13:56 . 2008-12-22 17:37 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-05-12 17:35 . 2009-05-11 14:56 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-05-11 18:45 . 2009-05-11 18:45 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2009-05-11 17:36 . 2007-04-23 15:42 966656 ----a-w- c:\windows\UNRecode.exe 2009-05-11 17:36 . 2007-05-15 08:45 966656 ----a-w- c:\windows\UNNeroVision.exe 2009-05-11 17:36 . 2007-02-28 15:41 966656 ----a-w- c:\windows\UNNeroShowTime.exe 2009-05-11 17:36 . 2007-05-16 08:42 966656 ----a-w- c:\windows\UNNeroMediaHome.exe 2009-05-11 17:36 . 2007-03-20 20:22 966656 ----a-w- c:\windows\UNNeroBackItUp.exe 2009-05-11 17:36 . 2006-09-28 17:56 146432 ----a-w- c:\windows\system32\WudfHost.exe 2009-05-11 17:36 . 2002-08-21 04:13 189952 ----a-w- c:\windows\system32\WISPTIS.EXE 2009-05-11 17:36 . 2008-10-15 08:04 282624 ----a-w- c:\windows\system32\PhysXCplUI.exe 2009-05-11 17:36 . 2008-10-15 08:04 282624 ----a-w- c:\windows\system32\PhysXCompatCplUI.exe 2009-05-11 17:36 . 2008-12-23 12:16 2250024 ----a-w- c:\windows\system32\pbsvc.exe 2009-05-11 17:35 . 2008-12-22 17:20 446464 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-05-11 17:35 . 2008-12-22 17:21 446464 ----a-w- c:\windows\system32\nvudisp.exe 2009-05-11 17:35 . 2008-12-22 15:05 1339392 ----a-w- c:\windows\system32\nvdspsch.exe 2009-05-11 17:35 . 2008-12-22 15:05 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-05-11 17:35 . 2008-12-22 15:05 442368 ----a-w- c:\windows\system32\nvappbar.exe 2009-05-11 17:35 . 2008-12-22 15:05 436768 ----a-w- c:\windows\system32\keystone.exe 2009-05-11 17:35 . 2006-10-30 02:33 556296 ----a-w- c:\windows\system32\icardagt.exe 2009-05-11 17:35 . 2006-10-18 19:00 249856 ----a-w- c:\windows\system32\drmupgds.exe 2009-05-11 17:34 . 2008-12-22 17:05 1196032 ----a-w- c:\windows\RtlUpd.exe 2009-05-11 17:33 . 2008-12-22 17:05 2165760 ----a-w- c:\windows\MicCal.exe 2009-05-11 17:33 . 2008-12-22 17:05 315392 ----a-w- c:\windows\HideWin.exe 2009-02-25 04:34 . 2009-05-09 12:24 90112 ----a-r- c:\program files\axesstel.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2008-09-02 14:05 398776 ----a-w- c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "uTorrent"="e:\programy\utorrent\uTorrent.exe" [2009-06-17 287536] "AV Care"="c:\program files\AV Care\AvCare.exe" [2009-08-03 1765376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GEST"="m‘|\ü" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-22 136600] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "PersonalAV"="c:\program files\PersonalAV\pav.exe" [2009-08-06 1900544] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824] "AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376] "MSDRV"="NetFilter.exe" - c:\windows\system32\NetFilter.exe [2009-08-07 106496] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Mariusz\Menu Start\Programy\Autostart\ hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-5-11 625952] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "e:\\gry\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "e:\\gry\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "e:\\gry\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"= "e:\\gry\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"= "e:\\gry\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"= "c:\\Program Files\\Axesstel\\AxessManager\\AxessManager.exe"= "e:\\gry\\fifa09\\FIFA09.exe"= "h:\\gry\\Grid\\GRID.exe"= "e:\\programy\\utorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "53:UDP"= 53:UDP:Promo R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-11 108289] R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2006-03-02 14336] S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-06-17 234888] S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\Axtmvflt.sys [2009-05-09 3456] S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\Axtmvmdm.sys [2009-05-09 40064] S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\Axtmvprt.sys [2009-05-09 38784] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2009-01-26 58288] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2009-01-26 8336] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2009-01-26 94064] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2009-01-26 85408] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2009-01-26 83344] --- Inne Usługi/Sterowniki w Pamięci --- *Deregistered* - NDISRD . - - - - USUNIĘTO PUSTE WPISY - - - - BHO-{A77D3539-581D-450C-9E44-A84C415A6172} - c:\windows\system32\msxmlm.dll HKLM-Run-net - c:\windows\system32\net.net HKLM-Run-19386094 - c:\documents and settings\All Users\Dane aplikacji\19386094\19386094.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.bearshare.com/pl/ IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-07 16:21 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... c:\windows\system32\NetFilter.exe 106496 bytes executable skanowanie pomyślnie ukończone ukryte pliki: 1 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-776561741-1383384898-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:49,40,5e,08,ee,75,26,69,3c,69,71,da,a0,f3,1e,a1,25,52,68,a2,ae,eb,9e, 76,83,e3,ca,d3,38,04,88,38,ed,6d,70,d9,54,be,8c,51,cd,84,c5,54,62,0a,4a,68,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'explorer.exe'(3796) c:\program files\Gadu-Gadu\ggwhook.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll e:\programy\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Teleca Shared\CapabilityManager.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\Common Files\Teleca Shared\Generic.exe c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe . ************************************************************************** . Czas ukończenia: 2009-08-07 16:23 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-08-07 14:23 Przed: 4 038 336 512 bajtów wolnych Po: 5 279 223 808 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer 273 --- E O F --- 2009-08-06 15:31

Wydaje sie ok chociaż zostały jescze 2 antyqwirusy: AV Care i Personal Antywirus - niewiem skad one się wzieły na moim kompie i nie da się ich usunąć :wow:

**Posty:** 8001 · przez **Okocza** 07 Sie 2009, 16:46

start - uruchom - cmd

wpisujesz:

sc stop ytasfwxnkpalkm
sc delete ytasfwxnkpalkm

potem stosujesz sobie RogueFix - powinien usunąć. Wróć z logiem z RSIT lub ComboFix (lepiej ten 2)

dodatkowo zastosuj sobie programik jeefogui... masz jeefo.. infekuje exeki...

**Posty:** 1495 · przez **Buszinio** 07 Sie 2009, 17:25

Okocza napisał(a):dodatkowo zastosuj sobie programik jeefogui... masz jeefo.. infekuje exeki...

przeskanowałem kompa tym programem i nic nie znalazł zainfekowanego... Kiedyś to miałem i usunąłem i jak do tej pory nie zauważyłem by to powróciło.

jeszcze raz log z combofixa:

Kod: Zaznacz wszystko: ComboFix 09-08-06.01 - Mariusz 2009-08-07 17:19.2.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.2046.1541 [GMT 2:00] Uruchomiony z: c:\documents and settings\Mariusz\Pulpit\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\msxmlm.dll c:\windows\system32\NetFilter.exe . ((((((((((((((((((((((((( Pliki utworzone od 2009-07-07 do 2009-08-07 ))))))))))))))))))))))))))))))) . 2009-08-06 15:22 . 2009-06-22 14:58 24576 ----a-w- c:\windows\system32\drivers\ndisrd.sys 2009-08-06 15:22 . 2009-05-14 09:58 61440 ----a-w- c:\windows\system32\ndisapi.dll 2009-08-06 15:22 . 2009-08-06 15:22 -------- d-----w- c:\program files\Common Files\Uninstall 2009-08-06 14:11 . 2009-08-06 14:11 -------- d-----w- c:\documents and settings\Mariusz\Dane aplikacji\Logs 2009-07-25 10:35 . 2009-07-25 10:35 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\35119 2009-07-13 12:03 . 2009-07-13 12:03 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\3829F . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-07 15:18 . 2009-05-11 18:46 -------- d-----w- c:\documents and settings\Mariusz\Dane aplikacji\Hamachi 2009-08-07 15:10 . 2009-06-17 06:14 -------- d-----w- c:\documents and settings\Mariusz\Dane aplikacji\uTorrent 2009-08-07 15:06 . 2006-03-02 12:00 83266 ----a-w- c:\windows\system32\perfc015.dat 2009-08-07 15:06 . 2006-03-02 12:00 487850 ----a-w- c:\windows\system32\perfh015.dat 2009-08-07 14:35 . 2009-04-23 15:27 -------- d-----w- c:\documents and settings\Mariusz\Dane aplikacji\Winamp 2009-08-07 07:07 . 2009-05-09 13:20 -------- d-----w- c:\documents and settings\Mariusz\Dane aplikacji\Skype 2009-08-07 06:56 . 2009-05-09 13:23 -------- d-----w- c:\documents and settings\Mariusz\Dane aplikacji\skypePM 2009-08-06 13:55 . 2009-08-06 13:54 1215595 ----a-w- c:\windows\system32\xa.tmp 2009-08-05 14:16 . 2009-05-11 14:56 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-07-27 20:49 . 2009-05-21 16:16 -------- d-----w- c:\program files\BearShare Applications 2009-07-22 14:57 . 2008-12-22 17:04 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-12 14:23 . 2008-12-23 09:50 -------- d---a-w- c:\docume~1\ALLUSE~1\DANEAP~1\TEMP 2009-07-01 22:28 . 2009-07-01 22:28 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\C2CE 2009-06-29 11:29 . 2009-06-29 11:29 -------- d-----w- c:\program files\wheel 2009-06-26 16:51 . 2006-03-02 12:00 669184 ----a-w- c:\windows\system32\wininet.dll 2009-06-26 16:51 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-06-26 07:10 . 2009-06-26 07:10 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\02E 2009-06-23 12:08 . 2008-12-22 17:21 -------- d-----w- c:\program files\AGEIA Technologies 2009-06-23 12:02 . 2008-12-22 17:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-22 16:44 . 2009-06-19 16:04 -------- d-----w- c:\documents and settings\Mariusz\Dane aplikacji\Bioshock 2009-06-22 13:41 . 2009-06-22 13:41 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\137D 2009-06-22 13:04 . 2009-06-22 13:04 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\9177 2009-06-22 12:31 . 2009-06-22 12:31 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\F1B5 2009-06-19 16:04 . 2009-06-19 16:04 -------- d--h--r- c:\documents and settings\Mariusz\Dane aplikacji\SecuROM 2009-06-17 08:34 . 2008-12-23 11:35 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE 2009-06-17 06:15 . 2009-06-17 06:15 -------- d-----w- c:\program files\AskBarDis 2009-06-16 14:40 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2006-03-02 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 11:45 . 2009-06-16 11:45 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\0203 2009-06-16 04:38 . 2009-06-16 04:38 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\D30D 2009-06-15 04:20 . 2009-06-15 04:20 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\23109 2009-06-15 03:10 . 2009-06-15 03:10 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\271B5 2009-06-14 14:22 . 2009-06-14 14:22 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\157D 2009-06-14 06:09 . 2009-06-14 06:09 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\321E4 2009-06-13 13:34 . 2009-06-13 13:34 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\11F 2009-06-13 06:42 . 2009-06-13 06:42 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\172BF 2009-06-12 18:34 . 2009-06-12 18:34 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\302AF 2009-06-12 16:29 . 2009-06-12 16:29 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\23128 2009-06-12 13:05 . 2009-06-12 13:05 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\11C5 2009-06-12 11:16 . 2009-06-12 11:16 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\D222 2009-06-11 18:03 . 2009-06-11 18:03 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\1A1B5 2009-06-11 05:58 . 2009-06-11 05:58 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\9271 2009-06-10 17:13 . 2009-06-10 17:13 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\270 2009-06-10 16:34 . 2008-12-23 11:12 404824 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2009-06-10 12:33 . 2009-06-10 12:33 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\328C 2009-06-10 04:33 . 2009-06-10 04:33 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\362EE 2009-06-09 11:42 . 2009-06-09 11:42 -------- d-----w- c:\docume~1\ALLUSE~1\DANEAP~1\28280 2009-06-03 19:11 . 2006-03-02 12:00 1294848 ----a-w- c:\windows\system32\quartz.dll 2009-05-23 18:05 . 2009-05-23 18:05 444952 ----a-w- c:\windows\system32\wrap_oal.dll 2009-05-23 18:05 . 2009-05-23 18:05 109080 ----a-w- c:\windows\system32\OpenAL32.dll 2009-05-15 13:56 . 2008-12-22 17:37 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-05-12 17:35 . 2009-05-11 14:56 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-05-11 18:45 . 2009-05-11 18:45 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys 2009-05-11 17:36 . 2007-04-23 15:42 966656 ----a-w- c:\windows\UNRecode.exe 2009-05-11 17:36 . 2007-05-15 08:45 966656 ----a-w- c:\windows\UNNeroVision.exe 2009-05-11 17:36 . 2007-02-28 15:41 966656 ----a-w- c:\windows\UNNeroShowTime.exe 2009-05-11 17:36 . 2007-05-16 08:42 966656 ----a-w- c:\windows\UNNeroMediaHome.exe 2009-05-11 17:36 . 2007-03-20 20:22 966656 ----a-w- c:\windows\UNNeroBackItUp.exe 2009-05-11 17:36 . 2006-09-28 17:56 146432 ----a-w- c:\windows\system32\WudfHost.exe 2009-05-11 17:36 . 2002-08-21 04:13 189952 ----a-w- c:\windows\system32\WISPTIS.EXE 2009-05-11 17:36 . 2008-10-15 08:04 282624 ----a-w- c:\windows\system32\PhysXCplUI.exe 2009-05-11 17:36 . 2008-10-15 08:04 282624 ----a-w- c:\windows\system32\PhysXCompatCplUI.exe 2009-05-11 17:36 . 2008-12-23 12:16 2250024 ----a-w- c:\windows\system32\pbsvc.exe 2009-05-11 17:35 . 2008-12-22 17:20 446464 ----a-w- c:\windows\system32\NVUNINST.EXE 2009-05-11 17:35 . 2008-12-22 17:21 446464 ----a-w- c:\windows\system32\nvudisp.exe 2009-05-11 17:35 . 2008-12-22 15:05 1339392 ----a-w- c:\windows\system32\nvdspsch.exe 2009-05-11 17:35 . 2008-12-22 15:05 143360 ----a-w- c:\windows\system32\nvcolor.exe 2009-05-11 17:35 . 2008-12-22 15:05 442368 ----a-w- c:\windows\system32\nvappbar.exe 2009-05-11 17:35 . 2008-12-22 15:05 436768 ----a-w- c:\windows\system32\keystone.exe 2009-05-11 17:35 . 2006-10-30 02:33 556296 ----a-w- c:\windows\system32\icardagt.exe 2009-05-11 17:35 . 2006-10-18 19:00 249856 ----a-w- c:\windows\system32\drmupgds.exe 2009-05-11 17:34 . 2008-12-22 17:05 1196032 ----a-w- c:\windows\RtlUpd.exe 2009-05-11 17:33 . 2008-12-22 17:05 2165760 ----a-w- c:\windows\MicCal.exe 2009-05-11 17:33 . 2008-12-22 17:05 315392 ----a-w- c:\windows\HideWin.exe 2009-02-25 04:34 . 2009-05-09 12:24 90112 ----a-r- c:\program files\axesstel.dll . ((((((((((((((((((((((((((((( SnapShot@2009-08-07_14.22.02 ))))))))))))))))))))))))))))))))))))))))) . + 2009-08-07 15:18 . 2009-08-07 15:18 16384 c:\windows\Temp\Perflib_Perfdata_6c8.dat + 2006-03-02 12:00 . 2009-08-07 15:06 67220 c:\windows\system32\perfc009.dat + 2006-03-02 12:00 . 2009-08-07 15:06 430496 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2009-04-02 10:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2008-09-02 14:05 398776 ----a-w- c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "uTorrent"="e:\programy\utorrent\uTorrent.exe" [2009-06-17 287536] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GEST"="m‘|\ü" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-22 136600] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-04-10 37888] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-07-03 16876032] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SoundMan.exe [2008-06-18 77824] "AlcWzrd"="ALCWZRD.EXE" - c:\windows\alcwzrd.exe [2008-06-19 2808832] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Mariusz\Menu Start\Programy\Autostart\ hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-5-11 625952] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "e:\\gry\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"= "e:\\gry\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "e:\\gry\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"= "e:\\gry\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"= "e:\\gry\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"= "c:\\Program Files\\Axesstel\\AxessManager\\AxessManager.exe"= "e:\\gry\\fifa09\\FIFA09.exe"= "h:\\gry\\Grid\\GRID.exe"= "e:\\programy\\utorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "53:UDP"= 53:UDP:Promo R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-11 108289] R2 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2006-03-02 14336] S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-06-17 234888] S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\Axtmvflt.sys [2009-05-09 3456] S3 Axtmvmdm;Axesstel USB Modem;c:\windows\system32\drivers\Axtmvmdm.sys [2009-05-09 40064] S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\Axtmvprt.sys [2009-05-09 38784] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2009-01-26 58288] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2009-01-26 8336] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2009-01-26 94064] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2009-01-26 85408] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2009-01-26 83344] --- Inne Usługi/Sterowniki w Pamięci --- *Deregistered* - NDISRD . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-PersonalAV - c:\program files\PersonalAV\pav.exe HKLM-Run-MSDRV - NetFilter.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://search.bearshare.com/pl/ IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-07 17:21 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-776561741-1383384898-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:49,40,5e,08,ee,75,26,69,3c,69,71,da,a0,f3,1e,a1,25,52,68,a2,ae,eb,9e, 76,83,e3,ca,d3,38,04,88,38,ed,6d,70,d9,54,be,8c,51,cd,84,c5,54,62,0a,4a,68,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 . Czas ukończenia: 2009-08-07 17:22 ComboFix-quarantined-files.txt 2009-08-07 15:22 ComboFix2.txt 2009-08-07 14:23 Przed: 5 316 603 904 bajtów wolnych Po: 5 271 396 352 bajtów wolnych 210 --- E O F --- 2009-08-06 15:31

Czysty?

Dodano 07.08.2009 16:30:21:
i jeszcze jedno pytanie znasz przyczyne dlaczego ochrona antywirusowa guard avira nie startuje automatycznie przy starcie systemu, zawsze muszę ją aktywować ręcznie...

**Posty:** 8001 · przez **Okocza** 07 Sie 2009, 17:45

pobierz program The Avenger i w okno główne programu wklej:

Kod: Zaznacz wszystko: Folders to delete: c:\docume~1\ALLUSE~1\DANEAP~1\TEMP c:\docume~1\ALLUSE~1\DANEAP~1\C2CE c:\docume~1\ALLUSE~1\DANEAP~1\35119 c:\docume~1\ALLUSE~1\DANEAP~1\3829F c:\docume~1\ALLUSE~1\DANEAP~1\02E c:\docume~1\ALLUSE~1\DANEAP~1\137D c:\docume~1\ALLUSE~1\DANEAP~1\9177 c:\docume~1\ALLUSE~1\DANEAP~1\F1B5 c:\docume~1\ALLUSE~1\DANEAP~1\0203 c:\docume~1\ALLUSE~1\DANEAP~1\D30D c:\docume~1\ALLUSE~1\DANEAP~1\23109 c:\docume~1\ALLUSE~1\DANEAP~1\271B5 c:\docume~1\ALLUSE~1\DANEAP~1\157D c:\docume~1\ALLUSE~1\DANEAP~1\321E4 c:\docume~1\ALLUSE~1\DANEAP~1\11F c:\docume~1\ALLUSE~1\DANEAP~1\172BF c:\docume~1\ALLUSE~1\DANEAP~1\302AF c:\docume~1\ALLUSE~1\DANEAP~1\23128 c:\docume~1\ALLUSE~1\DANEAP~1\11C5 c:\docume~1\ALLUSE~1\DANEAP~1\D222 c:\docume~1\ALLUSE~1\DANEAP~1\1A1B5 c:\docume~1\ALLUSE~1\DANEAP~1\9271 c:\docume~1\ALLUSE~1\DANEAP~1\270 c:\docume~1\ALLUSE~1\DANEAP~1\328C c:\docume~1\ALLUSE~1\DANEAP~1\362EE c:\docume~1\ALLUSE~1\DANEAP~1\28280

potem wykonaj:

zhakowane-konto-wow-a-logi-po-czyszczeniu-vt111408.html#p844321

co do Aviry - może nie jest włączona do autostartu? Jak wkleisz screen z zakładki uruchamianie to zobaczymy