Pozostałości po wirusie

[MichuPower]

witam , mialem problem ze wszystkimi aplikacjami (wszystko-otwiera-sie-przez-winampa-vt108089.html) jednak wyszedlem z tego, ale doradzono mi abym wstawil logi:
combofix

Kod: Zaznacz wszystko

ComboFix 09-03-06.02 - Admin 2009-03-08 15:59:34.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.511.196 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090307-0] *On-access scanning enabled* (Updated)
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

(((((((((((((((((((((((((   Pliki utworzone od 2009-02-08 do 2009-03-08  )))))))))))))))))))))))))))))))
.

2009-03-05 11:46 . 2003-09-24 09:44   1,230,336   -ra------   c:\windows\system32\MSXML4.dll
2009-03-05 11:46 . 2003-09-24 09:43   626,960   -ra------   c:\windows\system32\hpvaut32.dll
2009-03-05 11:46 . 2003-09-24 09:43   487,424   -ra------   c:\windows\system32\hpvcp70.dll
2009-03-05 11:46 . 2003-09-24 09:43   344,064   -ra------   c:\windows\system32\hpvcr70.dll
2009-03-05 11:46 . 2003-09-24 09:44   82,432   -ra------   c:\windows\system32\MSXML4r.dll
2009-03-05 11:46 . 2003-09-24 09:44   44,544   -ra------   c:\windows\system32\MSXML4a.dll
2009-03-04 20:21 . 2009-03-04 20:21   <DIR>   d--------   c:\program files\HP
2009-03-04 20:21 . 2009-03-04 20:17   208,563   --a------   c:\windows\hpdj3500.hi1
2009-03-04 20:21 . 2009-03-04 20:17   9,441   --a------   c:\windows\hpdj3500.bu1
2009-03-04 20:16 . 1998-10-07 12:54   327,168   --a------   c:\windows\IsUn0415.exe
2009-03-04 20:15 . 2009-03-04 20:21   <DIR>   d--------   c:\program files\Hewlett-Packard
2009-03-04 20:15 . 2009-03-04 20:23   217,568   --a------   c:\windows\hpdj3500.his
2009-03-04 20:15 . 2009-03-04 20:23   10,518   --a------   c:\windows\hpdj3500.ini
2009-02-28 10:17 . 2009-02-28 10:17   <DIR>   d--h-----   c:\windows\PIF
2009-02-27 12:06 . 2009-02-27 12:06   <DIR>   d--------   c:\program files\Common Files\Adobe
2009-02-27 11:43 . 1998-10-29 16:45   306,688   --a------   c:\windows\IsUninst.exe
2009-02-25 19:01 . 2009-02-25 20:21   <DIR>   d--------   c:\program files\Nstorm
2009-02-14 21:58 . 2009-02-14 21:58   <DIR>   d--------   c:\documents and settings\Admin\Dane aplikacji\Nowe Gadu-Gadu
2009-02-12 16:46 . 2009-02-12 16:46   16,384   --a------   c:\windows\wxpw.dat
2009-02-12 16:46 . 2009-02-12 16:46   16,384   --ahs----   c:\windows\system32\wxpx.dat

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 12:36   4   ----a-w   c:\program files\is.dat
2009-03-07 16:19   16,384   ----a-w   c:\program files\uik.dat
2009-03-03 17:52   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\XnView
2009-02-24 17:38   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Skype
2009-02-11 18:10   ---------   d---a-w   c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-02-10 14:12   ---------   d--h--w   c:\program files\InstallShield Installation Information
2009-02-04 17:25   ---------   d-----w   c:\program files\SystemRequirementsLab
2009-02-03 19:16   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\DAEMON Tools
2009-02-03 18:51   ---------   d-----w   c:\program files\LSoft Technologies
2009-02-01 13:58   21,275   ----a-w   c:\windows\system32\drivers\AegisP.sys
2009-02-01 13:57   ---------   d-----w   c:\program files\RALINK
2009-01-31 14:19   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Media Player Classic
2009-01-31 14:09   ---------   d-----w   c:\program files\QT Lite
2009-01-31 14:09   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2009-01-30 20:38   ---------   d-----w   c:\program files\Combined Community Codec Pack
2009-01-30 15:46   ---------   d-----w   c:\program files\AskBarDis
2009-01-30 15:10   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\comodo
2009-01-30 15:10   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Comodo
2009-01-30 12:20   ---------   d-----w   c:\program files\BearShare
2009-01-30 11:45   249,592   ----a-w   c:\windows\system32\cssdll32.dll
2009-01-30 11:45   ---------   d-----w   c:\program files\COMODO
2009-01-27 12:57   ---------   d-----w   c:\program files\Common Files\ACD Systems
2009-01-27 12:57   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\ACD Systems
2009-01-27 12:26   ---------   d-----w   c:\program files\ACD Systems
2009-01-26 11:14   ---------   d--h--r   c:\documents and settings\Admin\Dane aplikacji\SecuROM
2009-01-25 20:25   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\ACD Systems
2009-01-25 18:41   108,144   ----a-w   c:\windows\system32\CmdLineExt.dll
2009-01-25 18:40   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\DAEMON Tools Pro
2009-01-25 18:39   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2009-01-25 18:35   717,296   ----a-w   c:\windows\system32\drivers\sptd.sys
2009-01-25 18:35   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\DAEMON Tools Lite
2009-01-25 18:34   410,984   ----a-w   c:\windows\system32\deploytk.dll
2009-01-25 18:34   ---------   d-----w   c:\program files\Java
2009-01-25 18:08   ---------   d-----w   c:\documents and settings\Admin\Dane aplikacji\Gadu-Gadu
2009-01-25 17:53   ---------   d-----w   c:\program files\Realtek AC97
2009-01-25 16:38   ---------   d-----w   c:\program files\Usługi online
2009-01-25 16:21   ---------   d-----w   c:\program files\Common Files\InstallShield
2009-01-25 16:13   ---------   d-----w   c:\program files\microsoft frontpage
2009-01-25 16:08   ---------   d-----w   c:\program files\Windows Media Connect 2
.

(((((((((((((((((((((((((((((   snapshot@2009-02-01_12.22.26,34   )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28   163,328   ----a-w   c:\windows\ERDNT\subs\ERDNT.EXE
+ 2003-06-17 16:20:28   5,358   ----a-w   c:\windows\hpfmdl01.dat
+ 2009-02-22 15:25:10   32,768   ----a-r   c:\windows\Installer\{90AF0415-6000-11D3-8CFE-0150048383C9}\ppvwicon.exe
- 2008-11-26 17:21:30   1,236,208   ----a-w   c:\windows\system32\aswBoot.exe
+ 2009-02-05 21:11:35   1,256,296   ----a-w   c:\windows\system32\aswBoot.exe
- 2008-11-26 17:15:10   97,480   ----a-w   c:\windows\system32\AvastSS.scr
+ 2009-02-05 21:04:45   97,480   ----a-w   c:\windows\system32\AvastSS.scr
+ 2008-04-13 23:15:40   26,368   -c--a-w   c:\windows\system32\dllcache\usbstor.sys
- 2008-11-26 17:15:35   26,944   ----a-w   c:\windows\system32\drivers\aavmker4.sys
+ 2009-02-05 21:05:11   26,944   ----a-w   c:\windows\system32\drivers\aavmker4.sys
- 2008-11-26 17:17:25   20,560   ----a-w   c:\windows\system32\drivers\aswFsBlk.sys
+ 2009-02-05 21:07:12   20,560   ----a-w   c:\windows\system32\drivers\aswFsBlk.sys
- 2008-11-26 17:18:25   93,296   ----a-w   c:\windows\system32\drivers\aswmon.sys
+ 2009-02-05 21:08:19   93,296   ----a-w   c:\windows\system32\drivers\aswmon.sys
- 2008-11-26 17:18:18   94,032   ----a-w   c:\windows\system32\drivers\aswmon2.sys
+ 2009-02-05 21:08:10   94,032   ----a-w   c:\windows\system32\drivers\aswmon2.sys
- 2008-11-26 17:16:29   23,152   ----a-w   c:\windows\system32\drivers\aswRdr.sys
+ 2009-02-05 21:06:10   23,152   ----a-w   c:\windows\system32\drivers\aswRdr.sys
- 2008-11-26 17:17:36   111,184   ----a-w   c:\windows\system32\drivers\aswSP.sys
+ 2009-02-05 21:07:23   114,768   ----a-w   c:\windows\system32\drivers\aswSP.sys
- 2008-11-26 17:16:38   50,864   ----a-w   c:\windows\system32\drivers\aswTdi.sys
+ 2009-02-05 21:06:20   51,376   ----a-w   c:\windows\system32\drivers\aswTdi.sys
+ 2003-09-06 12:25:52   51,744   ----a-w   c:\windows\system32\drivers\prodrv06.sys
+ 2003-09-06 13:37:22   62,656   ----a-w   c:\windows\system32\drivers\prohlp02.sys
+ 2003-09-06 12:22:08   6,944   ----a-w   c:\windows\system32\drivers\prosync1.sys
+ 2003-09-06 12:27:06   4,832   ----a-w   c:\windows\system32\drivers\sfhlp01.sys
+ 2008-04-13 23:15:40   26,368   ----a-w   c:\windows\system32\drivers\USBSTOR.SYS
+ 2003-09-01 11:14:10   192,512   ----a-w   c:\windows\system32\hpzcoi09.dll
+ 2003-09-01 11:14:52   258,048   ----a-w   c:\windows\system32\hpzcon09.dll
+ 2003-09-01 11:23:24   184,386   ----a-w   c:\windows\system32\hpzsnt09.dll
+ 2003-09-01 11:09:04   132,615   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpf2p809.dat
+ 2003-09-01 10:39:38   192,512   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpz2ku09.dll
+ 2003-09-01 11:18:00   233,472   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpzcfg09.exe
+ 2003-09-01 11:14:10   192,512   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpzcoi09.dll
+ 2003-09-01 11:14:52   258,048   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpzcon09.dll
+ 2003-09-01 11:01:14   630,784   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpzeng09.exe
+ 2003-06-19 10:43:26   1,585,152   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpzimc09.dll
+ 2003-06-19 10:45:22   221,184   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpzime09.dll
+ 2003-09-01 11:19:04   188,416   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpzjui09.dll
+ 2003-09-01 10:48:02   462,848   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpzpm309.dll
+ 2003-09-01 11:27:08   323,584   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpzpre09.exe
+ 2003-09-01 10:53:24   9,740,288   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpzr3209.dll
+ 2002-10-30 10:10:22   49,152   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpzrer09.dll
+ 2003-09-01 10:42:46   327,680   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpzrm309.dll
+ 2003-09-01 11:36:32   679,936   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpzslk09.dll
+ 2003-09-01 11:23:24   184,386   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpzsnt09.dll
+ 2003-09-01 11:40:18   364,544   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpzstc09.exe
+ 2003-09-01 11:08:48   163,840   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpzstw09.exe
+ 2003-09-01 11:43:18   61,440   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpztbi09.dll
+ 2003-09-01 11:42:50   176,128   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpztbu09.exe
+ 2003-09-01 11:35:10   430,080   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpztbx09.exe
+ 2003-09-01 11:42:50   176,128   ----a-w   c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
+ 2003-09-01 11:09:04   132,615   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpf2p809.dat
+ 2003-09-01 10:39:38   192,512   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpz2ku09.dll
+ 2003-09-01 11:18:00   233,472   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpzcfg09.exe
+ 2003-09-01 11:14:10   192,512   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpzcoi09.dll
+ 2003-09-01 11:14:52   258,048   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpzcon09.dll
+ 2003-09-01 11:01:14   630,784   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpzeng09.exe
+ 2003-06-19 10:43:26   1,585,152   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpzimc09.dll
+ 2003-06-19 10:45:22   221,184   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpzime09.dll
+ 2003-09-01 11:19:04   188,416   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpzjui09.dll
+ 2003-09-01 10:48:02   462,848   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpzpm309.dll
+ 2003-09-01 11:27:08   323,584   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpzpre09.exe
+ 2003-09-01 10:53:24   9,740,288   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpzr3209.dll
+ 2002-10-30 10:10:22   49,152   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpzrer09.dll
+ 2003-09-01 10:42:46   327,680   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpzrm309.dll
+ 2003-09-01 11:36:32   679,936   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpzslk09.dll
+ 2003-09-01 11:23:24   184,386   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpzsnt09.dll
+ 2003-09-01 11:40:18   364,544   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpzstc09.exe
+ 2003-09-01 11:08:48   163,840   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpzstw09.exe
+ 2003-09-01 11:43:18   61,440   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpztbi09.dll
+ 2003-09-01 11:42:50   176,128   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpztbu09.exe
+ 2003-09-01 11:35:10   430,080   ----a-w   c:\windows\system32\spool\drivers\w32x86\hpdeskjet_35007052\hpztbx09.exe
+ 2009-03-08 15:02:18   16,384   ----atw   c:\windows\Temp\Perflib_Perfdata_538.dat
+ 2009-03-08 15:02:26   16,384   ----atw   c:\windows\Temp\Perflib_Perfdata_594.dat
+ 2006-12-01 21:56:00   96,256   ----a-w   c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
.
-- Migawka wyzerowana --
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 15:20   279944   --a------   c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="e:\programy\avast!\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-25 136600]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2003-05-21 229437]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-02-27 113664]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-02-01 614400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 16:02 490952 e:\programy\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2008-03-20 11:04 2127296 e:\programy\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 01:50 33792 e:\programy\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programy\\Skype\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-25 20560]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://grylogiczne.onet.pl/game.jsp?gameid=15
TCP: {C16F8F7B-2DAA-4384-9941-6F08A39623F6} = 192.168.1.1,194.204.152.34
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\yrnrdxv2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 16:02:25
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
e:\programy\avast!\aswUpdSv.exe
e:\programy\avast!\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
e:\programy\avast!\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
e:\programy\avast!\ashWebSv.exe
.
**************************************************************************
.
Czas ukończenia: 2009-03-08 16:03:41 - komputer został uruchomiony ponownie [Admin]
ComboFix-quarantined-files.txt  2009-03-08 15:03:38

Przed: 3,567,198,208 bajtów wolnych
Po: 3,592,278,016 bajtów wolnych

238   --- E O F ---   2009-02-01 09:48:29


i hijack

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00:40, on 2009-03-08
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\Programy\avast!\aswUpdSv.exe
E:\Programy\avast!\ashServ.exe
E:\Programy\avast!\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
E:\Programy\avast!\ashMaiSv.exe
E:\Programy\avast!\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
E:\Programy\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Admin\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://grylogiczne.onet.pl/game.jsp?gameid=15
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O4 - HKLM\..\Run: [avast!] E:\Programy\avast!\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C16F8F7B-2DAA-4384-9941-6F08A39623F6}: NameServer = 192.168.1.1,194.204.152.34
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Programy\avast!\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Programy\avast!\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Programy\avast!\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Programy\avast!\ashWebSv.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Admin\USTAWI~1\Temp\hpdj.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5168 bytes


[wojtas]

odinstaluj AskBarDis

skasuj:

O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Admin\USTAWI~1\Temp\hpdj.exe (file missing)

te plik/i :

c:\windows\wxpw.dat
c:\windows\system32\wxpx.dat
c:\program files\is.dat
c:\program files\uik.dat

przesaknuj tu

http://virusscan.jotti.org/
http://www.virustotal.com/

i daj raporty ze skanow

[MichuPower]

>>> http://virusscan.jotti.org/

File: wxpw.dat
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: cf8e100cb5226d37aeb6bcdd2eb4566b
Packers detected: -

File: is.dat
Status: OK
MD5: 1c67df9e0a5cfefa030b853983324004
Packers detected: -

File: uik.dat
Status: OK
MD5: db91c7584a6e9fe34785d734eafbedc1
Packers detected: -

>>> http://www.virustotal.com/

c:\windows\wxpw.dat

MD5: cf8e100cb5226d37aeb6bcdd2eb4566b
First received: -
Data: 2009.03.08 18:27:00 (CET) [<1D]
Wyniki: 0/39
Permalink: analisis/27857bdecf64a344ced53f383bf0e1c4

c:\program files\is.dat

MD5: 1c67df9e0a5cfefa030b853983324004
First received: -
Data: 2009.03.08 19:00:52 (CET) [<1D]
Wyniki: 0/39
Permalink: analisis/bd8dbd64d25824ffae8671e69833fb19

c:\program files\uik.dat

MD5: db91c7584a6e9fe34785d734eafbedc1
First received: -
Data: 2009.03.08 19:02:29 (CET) [<1D]
Wyniki: 0/39
Permalink: analisis/2201479a86d82c9c09dd43600d6f48dd

a pliku c:\windows\system32\wxpx.dat w ogole u mnie nie ma...

[wojtas]

wiec jest ok

Autor postu otrzymał pochwałę