Recycler\*.com

**Posty:** 11 · przez **adik_114** 06 Lut 2009, 17:22

Witam!

Może ktoś z was potrafi mi pomóc? A chodzi oto że je próbuje wejść do Dysku lokalnego C to wyskakuje komunikat:

Podobnie jest gdy próbuję uruchomić Dyski D i E tyle że wtedy nie wyskakuje mi żaden komunikat. :-|

Co zrobić?? :?:

Z góry wielkie dzięki

**Posty:** 300 · przez **sgsman** 06 Lut 2009, 17:27

1. Nie wyświetla załączonego obrazka.
2. Wrzuć logi z combofixa i hijackthisa.

Autor postu otrzymał pochwałę

**Posty:** 11 · przez **adik_114** 06 Lut 2009, 18:38

Obrazek jest tu:
http://www.up.programosy.pl/view/recycler.jpg.html

LOG Z HIJACKTHISa:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:20:00, on 2009-02-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\WINDOWS\tsnpstd3.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Winamp Remote\bin\OrbTray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\spoolsv.exe C:\Documents and Settings\Cimochowski\Pulpit\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone - szybkie uruchamianie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{3410CDA8-166A-44C7-9D7C-5513C9818BBB}: NameServer = 85.255.112.39,85.255.112.40 O17 - HKLM\System\CCS\Services\Tcpip\..\{EC20A9DC-2BB5-4D4A-B0C6-3E05806A3CCE}: NameServer = 85.255.112.39,85.255.112.40 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40 O17 - HKLM\System\CS1\Services\Tcpip\..\{3410CDA8-166A-44C7-9D7C-5513C9818BBB}: NameServer = 85.255.112.39,85.255.112.40 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40 O17 - HKLM\System\CS2\Services\Tcpip\..\{3410CDA8-166A-44C7-9D7C-5513C9818BBB}: NameServer = 85.255.112.39,85.255.112.40 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.39,85.255.112.40 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8284 bytes

LOG Z COMBOFIXa:

Kod: Zaznacz wszystko: ComboFix 09-02-05.04 - Cimochowski 2009-02-06 17:30:07.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1023.716 [GMT 1:00] Uruchomiony z: c:\documents and settings\Cimochowski\Pulpit\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090206-0] *On-access scanning enabled* (Updated) * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\program files\Mozilla Firefox\components\iamfamous.dll c:\recycler\S-4-5-45-100018829-100020446-2605.com c:\recycler\S-9-9-81-100029870-100004919-100009831-4870.com c:\windows\system32\drivers\gaopdxkcfoqshk.sys c:\windows\system32\drivers\gaopdxskkylhlq.sys c:\windows\system32\drivers\gaopdxvppfmkya.sys c:\windows\system32\drivers\gaopdxwqwmitev.sys c:\windows\system32\drivers\gaopdxxsmnsfoo.sys c:\windows\system32\gaopdxcounter c:\windows\system32\gaopdxdymrfoas.dll D:\Autorun.inf d:\recycler\S-0-5-69-100025778-100020641-100026715-5854.com d:\recycler\S-2-1-38-100029459-100031956-100032424-2911.com d:\recycler\S-3-4-37-100000786-100009231-100011331-5130.com d:\recycler\S-3-9-66-100032049-100002405-100018104-1397.com d:\recycler\S-4-5-45-100018829-100027506-100020446-2605.com d:\recycler\S-7-6-37-100012812-100002330-100024679-4056.com d:\recycler\S-9-1-32-100018319-100023739-100025791-8953.com d:\recycler\S-9-9-81-100029870-100004919-100009831-4870.com E:\Autorun.inf e:\recycler\S-0-5-69-100025778-100020641-100026715-5854.com e:\recycler\S-2-1-38-100029459-100031956-100032424-2911.com e:\recycler\S-3-4-37-100000786-100009231-100011331-5130.com e:\recycler\S-3-9-66-100032049-100002405-100018104-1397.com e:\recycler\S-4-5-45-100018829-100027506-100020446-2605.com e:\recycler\S-7-6-37-100012812-100002330-100024679-4056.com e:\recycler\S-9-1-32-100018319-100023739-100025791-8953.com e:\recycler\S-9-9-81-100029870-100004919-100009831-4870.com . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_gaopdxserv.sys ((((((((((((((((((((((((( Pliki utworzone od 2009-01-06 do 2009-02-06 ))))))))))))))))))))))))))))))) . 2009-02-06 15:06 . 2009-02-06 15:06 <DIR> d-------- c:\program files\Winamp Toolbar 2009-02-06 15:06 . 2009-02-06 15:06 <DIR> d-------- c:\program files\Winamp Remote 2009-02-06 15:06 . 2009-02-06 15:06 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar 2009-02-06 15:06 . 2009-02-06 15:07 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\OrbNetworks 2009-02-06 14:57 . 2009-02-06 15:07 <DIR> d-------- c:\program files\Winamp 2009-02-06 14:57 . 2009-02-06 15:07 <DIR> d-------- c:\documents and settings\Cimochowski\Dane aplikacji\Winamp 2009-02-06 14:57 . 2007-03-08 00:51 129,784 --------- c:\windows\system32\pxafs.dll 2009-02-06 14:57 . 2007-03-08 00:51 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys 2009-02-06 14:57 . 2007-03-08 00:51 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys 2009-02-06 12:01 . 2009-02-06 12:01 98,304 --a------ c:\windows\system32\CmdLineExt.dll 2009-02-05 16:34 . 2009-02-05 16:36 <DIR> d-------- c:\windows\RECYCLER 2009-02-05 11:09 . 2009-02-05 11:09 <DIR> d---s---- c:\documents and settings\Cimochowski\UserData 2009-02-05 09:10 . 2004-08-04 00:44 16,384 --a------ c:\windows\system32\ipsink.ax 2009-02-05 09:10 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys 2009-02-05 09:10 . 2004-08-03 23:10 11,136 --a------ c:\windows\system32\drivers\SLIP.sys 2009-02-05 09:10 . 2004-08-03 23:10 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys 2009-02-05 09:10 . 2004-08-03 22:58 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys 2009-02-05 09:09 . 2004-08-04 00:44 91,136 --a------ c:\windows\system32\kswdmcap.ax 2009-02-05 09:09 . 2004-08-03 23:10 85,376 --a------ c:\windows\system32\drivers\NABTSFEC.sys 2009-02-05 09:09 . 2004-08-04 00:44 61,952 --a------ c:\windows\system32\kstvtune.ax 2009-02-05 09:09 . 2004-08-04 00:44 54,784 --a------ c:\windows\system32\vfwwdm32.dll 2009-02-05 09:09 . 2004-08-04 00:44 43,008 --a------ c:\windows\system32\ksxbar.ax 2009-02-05 09:09 . 2004-08-04 00:44 28,672 --a------ c:\windows\system32\vidcap.ax 2009-02-05 09:09 . 2004-08-03 23:10 19,328 --a------ c:\windows\system32\drivers\WSTCODEC.SYS 2009-02-05 09:09 . 2004-08-03 23:10 17,024 --a------ c:\windows\system32\drivers\CCDECODE.sys 2009-02-05 09:08 . 2009-02-05 09:08 <DIR> d-------- c:\program files\Common Files\snpstd3 2009-02-05 09:08 . 2006-09-15 10:41 10,205,696 --a------ c:\windows\system32\drivers\snpstd3.sys 2009-02-05 09:08 . 2006-09-18 14:12 843,776 --a------ c:\windows\vsnpstd3.exe 2009-02-05 09:08 . 2006-07-07 15:04 262,144 --a------ c:\windows\tsnpstd3.exe 2009-02-05 09:08 . 2006-04-12 12:11 147,456 --a------ c:\windows\system32\rsnpstd3.dll 2009-02-05 09:08 . 2006-07-03 10:31 94,208 --a------ c:\windows\amcap.exe 2009-02-05 09:08 . 2006-10-05 09:50 61,440 --a------ c:\windows\system32\vsnpstd3.dll 2009-02-05 09:08 . 2005-11-23 13:55 53,248 --a------ c:\windows\system32\csnpstd3.dll 2009-02-05 09:08 . 2004-02-27 17:36 15,498 --a------ c:\windows\snpstd3.ini 2009-02-05 09:08 . 2004-02-27 17:36 13,023 --a------ c:\windows\snpstd3.src 2009-02-04 18:25 . 2009-02-04 18:25 <DIR> d-------- c:\program files\Audacity 2009-02-04 17:58 . 2009-02-04 17:58 0 --a------ c:\windows\system32\budda 2009-02-04 17:42 . 2009-02-04 18:14 <DIR> d-------- c:\program files\HyCam2 2009-02-04 13:12 . 2009-02-04 13:12 <DIR> d-------- c:\documents and settings\Cimochowski\Dane aplikacji\Apple Computer 2009-02-04 11:50 . 2009-02-04 11:50 <DIR> d-------- c:\documents and settings\Cimochowski\Dane aplikacji\CyberLink 2009-02-04 11:47 . 2009-02-04 11:47 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\CyberLink 2009-02-04 09:30 . 2009-02-04 09:30 <DIR> d-------- c:\program files\Ares 2009-02-04 08:30 . 2009-02-04 08:30 <DIR> d-------- c:\documents and settings\Cimochowski\Dane aplikacji\Nero 2009-02-03 20:59 . 2009-02-03 20:59 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantage 2009-02-03 16:40 . 2009-02-03 16:40 <DIR> d-------- c:\program files\Samsung 2009-02-03 16:35 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll 2009-02-03 16:34 . 2009-02-03 16:34 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers 2009-02-03 16:34 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys 2009-02-03 16:34 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico 2009-02-03 16:32 . 2009-02-05 10:21 <DIR> d-------- c:\documents and settings\Cimochowski\Dane aplikacji\Ulead Systems 2009-02-03 16:32 . 2009-02-03 16:32 <DIR> d-------- c:\documents and settings\Cimochowski\Dane aplikacji\Skinux 2009-02-03 15:59 . 2009-02-03 16:00 <DIR> d-------- c:\program files\Nowe Gadu-Gadu 2009-02-03 15:53 . 2009-02-03 15:53 <DIR> d-------- c:\documents and settings\Cimochowski\Dane aplikacji\Gadu-Gadu 2009-02-03 15:46 . 2009-02-04 17:25 <DIR> d-------- c:\documents and settings\Cimochowski\Dane aplikacji\ArcSoft 2009-02-03 15:46 . 2009-02-03 15:46 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ArcSoft 2009-02-03 15:45 . 2009-02-03 15:45 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-02-03 15:45 . 2009-02-03 15:46 <DIR> d-------- c:\program files\Common Files\ArcSoft 2009-02-03 15:45 . 2009-02-03 15:45 <DIR> d-------- c:\program files\ArcSoft 2009-02-03 15:43 . 2009-02-03 15:44 <DIR> d-------- c:\program files\Common Files\Kodak 2009-02-03 15:40 . 2009-02-03 15:40 <DIR> d--h----- c:\windows\$hf_mig$ 2009-02-03 15:40 . 2009-02-03 15:45 <DIR> d-------- c:\program files\Kodak 2009-02-03 15:40 . 2008-05-02 14:32 464,896 --------- c:\windows\system32\imapi2fs.dll 2009-02-03 15:40 . 2008-05-02 14:32 464,896 -----c--- c:\windows\system32\dllcache\imapi2fs.dll 2009-02-03 15:40 . 2008-05-02 14:32 318,464 --------- c:\windows\system32\imapi2.dll 2009-02-03 15:40 . 2008-05-02 14:32 318,464 -----c--- c:\windows\system32\dllcache\imapi2.dll 2009-02-03 15:40 . 2008-05-02 10:05 62,592 -----c--- c:\windows\system32\dllcache\cdrom.sys 2009-02-03 15:23 . 2009-02-03 15:23 <DIR> d-------- c:\documents and settings\Gadu-Gadu\Kamil 2009-02-03 15:23 . 2009-02-03 15:23 <DIR> d-------- c:\documents and settings\Gadu-Gadu\Ja 2009-02-03 15:23 . 2009-02-03 15:23 <DIR> d-------- c:\documents and settings\Gadu-Gadu\adi 2009-02-03 15:23 . 2009-02-03 15:23 <DIR> d-------- c:\documents and settings\Gadu-Gadu\_cache 2009-02-03 15:23 . 2009-02-03 15:23 <DIR> d-------- c:\documents and settings\Gadu-Gadu 2009-02-03 15:23 . 2009-02-03 15:23 <DIR> d-------- c:\documents and settings\All Users\Gadu-Gadu 2009-02-03 15:22 . 2009-02-03 15:22 <DIR> d-------- c:\documents and settings\Cimochowski\Gadu-Gadu 2009-02-03 15:19 . 2009-02-03 16:11 <DIR> d-------- c:\documents and settings\Cimochowski\Dane aplikacji\Nowe Gadu-Gadu 2009-02-03 15:18 . 2009-02-03 15:21 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kodak 2009-02-03 15:16 . 2009-02-03 15:16 <DIR> d-------- C:\SmartSound Software 2009-02-03 15:15 . 2009-02-03 15:15 <DIR> d-------- c:\program files\Windows Media Components 2009-02-03 15:15 . 2009-02-03 15:15 <DIR> d-------- c:\program files\SmartSound Software 2009-02-03 15:15 . 2009-02-03 15:46 <DIR> d-------- c:\program files\QuickTime 2009-02-03 15:15 . 2009-02-03 15:15 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\SmartSound Software Inc 2009-02-03 15:15 . 2009-02-03 15:15 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\InstallShield 2009-02-03 15:14 . 2009-02-03 15:14 <DIR> d-------- c:\program files\Ulead Systems 2009-02-03 15:14 . 2009-02-03 15:14 <DIR> d-------- c:\program files\Common Files\Ulead Systems 2009-02-03 15:14 . 2009-02-03 15:20 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Ulead Systems 2009-02-03 15:14 . 2009-02-03 15:46 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Apple Computer 2009-02-03 15:13 . 2009-02-03 15:14 <DIR> d-------- c:\program files\TomTom HOME 2009-02-03 15:13 . 2009-02-03 15:13 <DIR> d-------- c:\documents and settings\Cimochowski\Dane aplikacji\InstallShield 2009-02-03 14:47 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-02-03 14:46 . 2009-02-03 14:46 <DIR> d-------- c:\program files\MSBuild 2009-02-03 14:46 . 2009-02-03 14:46 <DIR> d-------- c:\program files\Microsoft Works 2009-02-03 14:45 . 2009-02-03 14:45 <DIR> d-------- c:\program files\Microsoft.NET 2009-02-03 14:44 . 2009-02-03 14:44 0 --a------ c:\windows\nsreg.dat 2009-02-03 14:43 . 2009-02-03 14:46 <DIR> d-------- c:\windows\SHELLNEW 2009-02-03 14:43 . 2009-02-03 14:43 <DIR> dr-h----- C:\MSOCache 2009-02-03 14:43 . 2009-02-03 14:48 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-02-03 14:14 . 2009-02-03 14:14 4,767 --a------ c:\windows\Irremote.ini 2009-02-03 14:11 . 2009-02-03 14:11 <DIR> d-------- c:\program files\Windows Sidebar 2009-02-03 14:11 . 2009-02-03 14:11 <DIR> d-------- c:\program files\Common Files\Adobe 2009-02-03 14:06 . 2009-02-03 14:06 <DIR> d-------- c:\program files\Alwil Software . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-06 10:53 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-03 14:14 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-03 13:35 --------- d-----w c:\program files\Common Files\Nero 2009-02-03 13:13 --------- d-----w c:\program files\Nero 2009-02-03 13:03 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero 2009-02-03 12:53 --------- d-----w c:\program files\Common Files\LightScribe 2009-02-03 12:35 --------- d-----w c:\program files\HP 2009-02-03 12:35 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\HP 2009-02-03 12:34 --------- d-----w c:\program files\Common Files\Sonic Shared 2009-02-03 12:34 --------- d-----w c:\program files\Common Files\HP 2009-02-03 12:34 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Sonic 2009-02-03 12:32 --------- d-----w c:\program files\Hewlett-Packard 2009-02-03 12:31 --------- d-----w c:\program files\Common Files\Hewlett-Packard 2009-02-03 12:26 --------- d-----w c:\program files\VGA USB Camera 2009-02-03 12:26 --------- d-----w c:\program files\directx 2009-02-03 12:26 --------- d-----w c:\documents and settings\Cimochowski\Dane aplikacji\HP 2009-02-03 12:25 --------- d-----w c:\program files\ASUSTeK 2009-02-03 12:21 --------- d-----w c:\program files\CyberLink 2009-02-03 11:46 --------- d-----w c:\program files\Realtek 2009-02-03 11:43 --------- d-----w c:\program files\Intel 2009-02-03 11:37 --------- d-----w c:\program files\microsoft frontpage 2009-02-03 11:36 --------- d-----w c:\program files\Usługi online . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2008-12-22 8966760] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392] "ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544] "Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-09 7311360] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-09 86016] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 36864] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2006-07-07 262144] "snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "Skrót do strony właściwości High Definition Audio"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2005-12-09 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-02-03 113664] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624] HP Image Zone - szybkie uruchamianie.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 73728] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Oprogramowanie Kodak EasyShare.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Oprogramowanie Kodak EasyShare.lnk backup=c:\windows\pss\Oprogramowanie Kodak EasyShare.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] --a------ 2006-12-12 18:08 3577512 begin_of_the_skype_highlighting 08 3577512 end_of_the_skype_highlighting c:\program files\TomTom HOME\TomTomHOME.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Ares\\Ares.exe"= "c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-03 111184] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-03 20560] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6ee79aa-f2a0-11dd-8534-0016e64830d6}] \shELl\AutOplay\coMmaNd - H:\amqbr.pif \shELl\AutoRun\command - H:\amqbr.pif \shELl\explore\CoMMaNd - H:\amqbr.pif \shELl\oPEn\ComMand - H:\amqbr.pif [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Zawartość folderu 'Zaplanowane zadania' 2009-02-03 c:\windows\Tasks\EasyShare Registration Task.job - c:\docume~1\ALLUSE~1\DANEAP~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.9.20.1.sxt _RegistrationOffer@16 [] . . ------- Skan uzupełniający ------- . IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Cimochowski\Dane aplikacji\Mozilla\Firefox\Profiles\qj06rqek.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Winamp Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/webhp?client=firefox-a&rls=org.mozilla:pl:official&hl=pl&tab=iw FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query= FF - component: c:\documents and settings\Cimochowski\Dane aplikacji\Mozilla\Firefox\Profiles\qj06rqek.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-06 17:31:20 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-02-06 17:32:21 ComboFix-quarantined-files.txt 2009-02-06 16:32:19 Przed: 129,085,440 bajtów wolnych Po: 2,081,722,368 bajtów wolnych 282

Dodano 06.02.2009 17:49:35:
ok dzięki ale już jest oK :ok:

**Posty:** 18165 · przez **wojtas** 06 Lut 2009, 20:18

zmien na tagi code

Recycler\*.com

Recycler\*.com

Recycler\*.com

Recycler\*.com

Recycler\*.com

Kto jest na forum