M3plugin.dll błąd przy uruchamianiu systemu

[boba_39]

szukałem w necie odpowiedzi i wiem ,że chodzi o jakiegoś wirusa (adware) dołączam logo z combofix-a i bardzo proszę o pmoc co dalej z tym począć - bo nie mam najmniejszego pojęcia:

Kod: Zaznacz wszystko

ComboFix 08-09-01.01 - Giez 2008-09-02 10:46:43.1 - NTFSx86
Running from: C:\Documents and Settings\Giez\Pulpit\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Giez\Dane aplikacji\inst.exe
C:\Documents and Settings\Giez\Dane aplikacji\macromedia\Flash Player\#SharedObjects\EA6VTXEF\bin.clearspring.com
C:\Documents and Settings\Giez\Dane aplikacji\macromedia\Flash Player\#SharedObjects\EA6VTXEF\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Giez\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Giez\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Giez\Menu Start\Programy\Uninstall.lnk
C:\Documents and Settings\Giez\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\dffdaaab0_z.dll
C:\WINDOWS\system32\eadcdb_z.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


(((((((((((((((((((((((((   Files Created from 2008-08-02 to 2008-09-02  )))))))))))))))))))))))))))))))
.

2120-03-28 08:01 . 2008-07-17 08:45   <DIR>   d--------   C:\TEMP
2008-09-02 08:11 . 2008-09-02 09:39   <DIR>   d--------   C:\Program Files\Photo Frame Genius
2008-09-01 15:58 . 2008-09-01 16:00   <DIR>   d--------   C:\WINDOWS\nview
2008-09-01 15:58 . 2008-09-02 09:35   88,566   --a------   C:\WINDOWS\system32\nvapps.xml
2008-09-01 15:58 . 2006-10-22 12:22   17,056   --a------   C:\WINDOWS\system32\nvdisp.nvu
2008-09-01 15:57 . 2008-09-01 15:57   <DIR>   d--------   C:\NVIDIA
2008-09-01 12:23 . 2008-09-02 09:39   <DIR>   d--------   C:\Program Files\DAP
2008-09-01 11:36 . 2008-09-01 11:37   <DIR>   d--------   C:\Download
2008-08-30 09:56 . 2008-08-31 17:29   2,688   --a------   C:\WINDOWS\system32\settings.aaw
2008-08-30 09:56 . 2008-08-31 17:29   1,344   --a------   C:\WINDOWS\system32\history.aaw
2008-08-30 09:33 . 2008-08-30 09:33   <DIR>   d--------   C:\Documents and Settings\Giez\.gegl-0.0
2008-08-28 18:17 . 2007-04-18 01:20   566,624   --a------   C:\WINDOWS\system32\d3d10.dll
2008-08-28 18:17 . 2007-04-18 01:13   494,557   --a------   C:\WINDOWS\system32\dxgi.dll
2008-08-28 18:17 . 2007-10-22 03:39   267,272   --a------   C:\WINDOWS\system32\xactengine2_10.dll
2008-08-28 18:17 . 2007-12-22 20:30   34,854   --a------   C:\WINDOWS\system32\directx10logo.bmp
2008-08-28 18:17 . 2007-04-18 01:13   25,037   --a------   C:\WINDOWS\system32\Nucleus.dll
2008-08-28 16:56 . 2008-08-28 16:56   1,431   --a------   C:\WINDOWS\crrqdtn48.ini
2008-08-28 08:12 . 2008-08-28 08:12   23   --a------   C:\WINDOWS\system32\bbebacbaec_z.ocx
2008-08-28 08:11 . 2008-08-28 08:12   <DIR>   d--------   C:\Program Files\jv16 PowerTools 2008
2008-08-28 07:56 . 2008-08-28 07:56   5   --a------   C:\WINDOWS\system32\SndDrv32b.ini
2008-08-27 20:49 . 2006-12-31 07:57   7,208   ---------   C:\WINDOWS\system32\secupd.sig
2008-08-27 20:49 . 2006-12-31 07:57   7,208   --a--c---   C:\WINDOWS\system32\dllcache\secupd.sig
2008-08-27 20:49 . 2006-12-31 07:57   4,569   ---------   C:\WINDOWS\system32\secupd.dat
2008-08-27 20:49 . 2006-12-31 07:57   4,569   --a--c---   C:\WINDOWS\system32\dllcache\secupd.dat
2008-08-23 12:59 . 2008-08-23 12:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Office Genuine Advantage
2008-08-22 17:11 . 2008-08-27 21:16   <DIR>   d--------   C:\WINDOWS\system32\CatRoot_bak
2008-08-22 08:31 . 2008-08-22 08:31   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-08-22 08:22 . 2006-12-29 00:31   19,569   --a------   C:\WINDOWS\[u]0[/u]03771_.tmp
2008-08-18 12:02 . 2006-06-19 15:20   312,112   --a------   C:\WINDOWS\system32\wgalogon.dll.old
2008-08-18 12:02 . 2006-06-19 15:19   253,744   --a------   C:\WINDOWS\system32\wgatray.exe.old
2008-08-15 10:36 . 2008-08-30 17:50   <DIR>   d--------   C:\Documents and Settings\Giez\Dane aplikacji\Thinstall
2008-08-14 17:00 . 2008-06-14 20:01   273,024   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-14 16:57 . 2008-06-23 18:42   6,066,176   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-14 16:57 . 2007-04-17 11:32   2,455,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-14 16:57 . 2007-03-08 07:11   1,036,288   -----c---   C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-14 16:57 . 2008-06-23 18:42   459,264   -----c---   C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-14 16:57 . 2008-06-23 18:42   383,488   -----c---   C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-14 16:57 . 2008-06-23 18:42   267,776   -----c---   C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-14 16:57 . 2008-06-23 18:42   63,488   -----c---   C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-14 16:57 . 2008-06-23 18:42   52,224   -----c---   C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-14 16:57 . 2008-06-23 11:20   13,824   -----c---   C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-14 08:13 . 2008-08-14 08:13   <DIR>   d--------   C:\Program Files\images
2008-08-13 16:57 . 2008-08-13 16:57   315   --a------   C:\WINDOWS\pdf2word.INI
2008-08-13 16:56 . 2008-08-13 16:56   <DIR>   d--------   C:\Program Files\VeryPDF PDF2Word v3.0
2008-08-05 16:12 . 2006-01-18 14:09   31,744   --a------   C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-08-05 16:12 . 2006-01-18 14:09   29,184   --a------   C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-08-05 16:12 . 2006-01-18 14:09   20,608   --a------   C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-08-05 16:12 . 2006-01-18 14:09   17,664   --a------   C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-08-05 16:11 . 2008-08-12 08:50   <DIR>   d--------   C:\Program Files\SAGEM
2008-08-05 16:10 . 2005-12-22 14:45   493,440   --a------   C:\WINDOWS\system32\drivers\WlanBZ64.SYS
2008-08-05 16:10 . 2005-12-22 14:45   402,432   --a------   C:\WINDOWS\system32\drivers\WlanBZXP.sys
2008-08-04 18:32 . 2008-08-12 08:50   <DIR>   d--------   C:\Documents and Settings\Giez\Dane aplikacji\uTorrent

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 07:35   ---------   d---a-w   C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-08-28 15:19   ---------   d-----w   C:\Program Files\GIMP-2.0
2008-08-28 05:40   ---------   d-----w   C:\Documents and Settings\Giez\Dane aplikacji\gtk-2.0
2008-08-22 15:17   ---------   d-----w   C:\Program Files\Screamer Radio
2008-08-20 16:40   ---------   d-----w   C:\Program Files\IrfanView
2008-08-12 06:50   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-08-12 06:50   ---------   d-----w   C:\Program Files\SAGEM WiFi manager
2008-08-12 06:49   ---------   d-----w   C:\Program Files\Plugin Commander Light
2008-08-05 09:36   85,957,322   ----a-w   C:\Program Files\Kopia GIMP-2.0.rar
2008-08-01 07:47   ---------   d-----w   C:\Program Files\Java
2008-07-31 09:19   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2008-07-31 09:19   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-07-31 06:52   ---------   d-----w   C:\Program Files\Lavasoft
2008-07-21 16:48   ---------   d-----w   C:\Program Files\Paint.NET
2008-07-20 17:25   ---------   d-----w   C:\Program Files\SignCut
2008-07-17 03:54   ---------   d-----w   C:\Program Files\Alcohol Soft
2008-07-17 03:51   716,272   ----a-w   C:\WINDOWS\system32\drivers\sptd.sys
2008-07-16 12:04   ---------   d-----w   C:\Documents and Settings\Giez\Dane aplikacji\Alien Skin
2008-07-15 20:32   ---------   d-----w   C:\Program Files\Winamp Toolbar
2008-07-15 20:32   ---------   d-----w   C:\Program Files\Winamp
2008-07-15 20:32   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2008-07-15 20:28   ---------   d-----w   C:\Documents and Settings\Giez\Dane aplikacji\Winamp
2008-07-10 08:12   ---------   d-----w   C:\Program Files\PyGTK
2008-07-10 07:07   ---------   d-----w   C:\Program Files\ImageSkill
2008-07-09 11:52   ---------   d-----w   C:\Program Files\RJ System File Checker
2008-07-09 10:59   ---------   d-----w   C:\Program Files\Unreal Commander
2008-07-07 17:01   560   ----a-w   C:\IVPrefs.DAT
2008-07-03 07:13   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-06-24 15:12   44,544   ------w   C:\WINDOWS\AWuninstall.exe
2008-04-07 06:01   152   ----a-w   C:\Documents and Settings\Giez\brdgInst.bat
2007-01-05 22:29   47,360   ----a-w   C:\Documents and Settings\Giez\Dane aplikacji\pcouffin.sys
2006-12-12 20:57   3,221   ----a-w   C:\Program Files\README.TXT
2006-12-12 20:56   639   ----a-w   C:\Program Files\LICENSE.TXT
2004-10-01 13:00   40,960   ----a-w   C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:44 15360]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2008-01-15 17:09 6290944]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 11:46 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KasowaniePlikowTymczasowych"="del/s/q" [X]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 17:34 49152]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30 45632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= ctwdm32.dll
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"aux1"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\SAGEM WiFi manager\\WLANUTL.EXE"=
"C:\\Program Files\\JAlbum7.2\\JAlbumWin.exe"=
"C:\\Program Files\\Tlen.pl\\tlen.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\GIMP-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"=

R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-04 00:35]
R3 Cap7134;Philips Proteus (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-07-30 07:00]
R3 PhTVTune;Philips WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-07-30 07:00]
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\DRIVERS\aswSP.syS [2008-07-19 16:35]
S2 713xTVCard;SAA7134 PCI TV Card;C:\WINDOWS\system32\drivers\Cap7134.sys [2004-07-30 07:00]
S2 713xTVTuner;SAA713x PCI TV Card - TV Tuner;C:\WINDOWS\system32\drivers\PhTVTune.sys [2004-07-30 07:00]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2005-12-22 14:45]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f83a15c6-a883-11db-8ce7-bdc47b1c2817}]
\Shell\AutoRun\command - E:\_AUTORUN\AUTORUN.EXE
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PowerBar - (no file)
HKLM-Run-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Giez\Dane aplikacji\Mozilla\Firefox\Profiles\kzdlvxe9.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.wp.pl/
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-02 10:53:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Tlen.pl\hook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.EXE
.
**************************************************************************
.
Completion time: 2008-09-02 10:57:35 - machine was rebooted
ComboFix-quarantined-files.txt  2008-09-02 08:57:25

Pre-Run: 47,913,689,088 bajtów wolnych
Post-Run: 48,173,850,624 bajt˘w wolnych

206   --- E O F ---   2008-08-28 09:59:40

Dodano Dzisiaj, 12:46:
przepraszam za zamieszanie wyszyściłem system ad-aware 2008 fullscan i komunikat zniknął



Edit by Mike013
Następnym razem wstawiaj logi w tagi [code]