Windows XP i zainfekowany

[piotr.krol 0]

Nagle wyskoczyła mi czerowna tapeta z czerwonym znaczkiem biochazard i wyskoczyly komunikaty ze zystem jest zainfekowany... sprawdziłem komputer mks'em i najnowszym nodem32 i nic nie wykrywają... funkcje systemu sa ograniczone np nie działa ctrl+alt+del, nie działa panel steorwania itp itd.... co mam zrobic???

[John Sharkrat 0]

tryb awaryjny antywirus, Combofix i czyszczenie z najnowszych plików.

[piotr.krol 0]

co to jest combofix???

[John Sharkrat 0]

program do wyszukiwania różnych niepożądanych programów i usług

[inmortalis 0]

miałem coś takiego samego , zrobiłem formata i po kłopocie

chciałbym się spytaća czy jest jakiś inny sposób??

[John Sharkrat 0]

miałem coś takiego samego , zrobiłem formata i po kłopocie

chciałbym się spytaća czy jest jakiś inny sposób??

patrz post drugi

[DhanOS 65]

Sugeruję do tego Gmer i pokaż log z HiJackThis.

Coś mi się wydaje, że to dodatkowy strumień a mało który antywirus sprawdza wszystkie strumienie w plikach.

 

 

Pozdrawiam.

[piotr.krol 0]

To juz 2 raz w tym tygodniu:(

[pawel1710 0]

To juz 2 raz w tym tygodniu:(

Ogranicz odwiedzanie stron typu XXX.

[piotr.krol 0]

nie odwiedzam takich stron...

 

log z combofix:

 

ComboFix 08-08-30.01 - Administrator 2008-08-30 23:52:20.1 - NTFSx86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1797 [GMT 2:00]

Running from: E:\ComboFix.exe

 

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Piotrek\Pulpit\Privacy Protector.url

C:\WINDOWS\eplt.exe

 

.

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-30 )))))))))))))))))))))))))))))))

.

 

2008-08-30 23:46 . 2008-08-30 23:53 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne

2008-08-30 23:46 . 2008-08-27 13:41 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione

2008-08-30 23:46 . 2008-08-27 11:46 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony

2008-08-30 23:46 . 2008-08-27 13:41 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit

2008-08-30 23:46 . 2008-08-27 13:41 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty

2008-08-30 23:46 . 2008-08-27 13:41 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start

2008-08-30 23:46 . 2008-08-27 13:41 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji

2008-08-30 23:46 . 2008-08-30 23:46 <DIR> d-------- C:\Documents and Settings\Administrator

2008-08-30 20:03 . 2008-08-30 20:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-08-30 20:03 . 2008-08-30 23:37 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2008-08-30 19:36 . 2008-08-30 19:51 <DIR> d-------- C:\Program Files\SkanerOnline

2008-08-30 19:25 . 2008-08-30 23:37 <DIR> d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\TmpRecentIcons

2008-08-30 19:24 . 2008-08-30 17:00 368,640 --a------ C:\WINDOWS\rodqgpvlvoq.dll

2008-08-30 19:24 . 2008-08-30 17:00 233,472 --a------ C:\WINDOWS\pdoskegl.dll

2008-08-30 19:24 . 2008-08-30 17:00 188,416 --a------ C:\WINDOWS\rqbmvpso.dll

2008-08-30 19:24 . 2008-08-30 17:00 86,016 --a------ C:\WINDOWS\rvoelbxt.exe

2008-08-30 16:51 . 2008-08-30 16:51 <DIR> d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\Nero

2008-08-30 16:49 . 2008-08-30 16:49 <DIR> d-------- C:\Program Files\Nero

2008-08-30 16:49 . 2008-08-30 16:50 <DIR> d-------- C:\Program Files\Common Files\Nero

2008-08-30 16:49 . 2008-08-30 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero

2008-08-30 11:54 . 2008-08-30 16:16 <DIR> d-------- C:\Program Files\Ontrack

2008-08-30 11:54 . 2001-03-02 10:41 634 --a------ C:\WINDOWS\system32\MAPISVC.INF

2008-08-28 21:35 . 2008-08-28 21:35 <DIR> d-------- C:\WINDOWS\Sun

2008-08-28 21:35 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-08-28 21:34 . 2008-08-29 10:00 <DIR> d-------- C:\Program Files\Java

2008-08-28 21:32 . 2008-08-28 21:32 <DIR> d-------- C:\Program Files\Common Files\Java

2008-08-27 19:47 . 2008-08-27 19:50 1,374 --a------ C:\WINDOWS\imsins.BAK

2008-08-27 17:15 . 2008-08-27 17:15 <DIR> d-------- C:\WINDOWS\system32\pl

2008-08-27 17:13 . 2008-08-27 17:13 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-08-27 16:58 . 2008-07-18 22:09 29,896 --a------ C:\WINDOWS\system32\wuapi.dll.mui

2008-08-27 16:56 . 2008-08-27 16:57 34 --a------ C:\WINDOWS\system32\oeminfo.ini

2008-08-27 16:21 . 2008-07-18 22:10 45,768 --a------ C:\WINDOWS\system32\wups2.dll

2008-08-27 16:21 . 2008-07-18 22:10 38,088 --a------ C:\WINDOWS\system32\wucltui.dll.mui

2008-08-27 16:21 . 2008-07-18 22:09 29,896 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui

2008-08-27 16:21 . 2008-07-18 22:09 21,704 --a------ C:\WINDOWS\system32\wuaueng.dll.mui

2008-08-27 12:55 . 2008-08-27 12:55 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-08-27 12:53 . 2008-08-27 13:13 <DIR> d-------- C:\Program Files\Common Files\Adobe

2008-08-27 12:19 . 2008-08-27 19:50 <DIR> d-------- C:\WINDOWS\system32\pl-pl

2008-08-27 12:17 . 2008-08-27 19:50 <DIR> d--h----- C:\WINDOWS\$hf_mig$

2008-08-27 12:16 . 2008-08-27 12:16 <DIR> d-------- C:\Program Files\Windows Media Connect 2

2008-08-27 12:15 . 2008-08-27 12:15 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2008-08-27 12:15 . 2008-08-27 12:15 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

2008-08-27 12:15 . 2007-08-10 20:53 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe

2008-08-27 12:06 . 2008-08-27 12:06 584 --a------ C:\WINDOWS\system32\settingsbkup.sfm

2008-08-27 12:06 . 2008-08-27 12:06 584 --a------ C:\WINDOWS\system32\settings.sfm

2008-08-27 12:05 . 2008-08-27 12:05 <DIR> d-------- C:\WINDOWS\nview

2008-08-27 12:05 . 2000-05-22 10:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx

2008-08-27 12:05 . 2008-05-16 11:48 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE

2008-08-27 12:05 . 2008-05-16 14:01 446,464 --a------ C:\WINDOWS\system32\nvudisp.exe

2008-08-27 12:05 . 2008-08-30 23:37 186,097 --a------ C:\WINDOWS\system32\nvapps.xml

2008-08-27 12:05 . 1999-10-10 19:00 41,984 --------- C:\WINDOWS\Ctregrun.exe

2008-08-27 12:05 . 2008-05-16 14:01 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu

2008-08-27 12:01 . 2008-08-27 12:01 <DIR> d-------- C:\WINDOWS\system32\Data

2008-08-27 12:01 . 2000-12-13 12:21 7,572,224 --------- C:\WINDOWS\system32\CT8MGM.SF2

2008-08-27 12:01 . 2000-12-05 03:11 4,174,814 --------- C:\WINDOWS\system32\CT4MGM.SF2

2008-08-27 12:01 . 1999-09-22 01:18 2,167,684 -ra------ C:\WINDOWS\system32\ct2mgm.sf2

2008-08-27 12:01 . 2005-06-15 05:07 11,264 --a------ C:\WINDOWS\INRES.DLL

2008-08-27 12:01 . 2005-07-07 11:26 5,627 -ra------ C:\WINDOWS\system32\Ludap17.ini

2008-08-27 12:01 . 2005-03-08 08:14 39 -ra------ C:\WINDOWS\system32\ctzapxx.ini

2008-08-27 12:00 . 2008-08-27 12:05 <DIR> d-------- C:\Program Files\Creative

2008-07-01 09:04 . 2008-07-01 09:04 71,688 --a------ C:\WINDOWS\system32\drivers\epfw.sys

2008-07-01 09:04 . 2008-07-01 09:04 54,280 --a------ C:\WINDOWS\system32\drivers\epfwtdi.sys

2008-07-01 09:04 . 2008-07-01 09:04 30,728 --a------ C:\WINDOWS\system32\drivers\epfwndis.sys

2008-07-01 08:57 . 2008-07-01 08:57 53,256 --a------ C:\WINDOWS\system32\drivers\easdrv.sys

2008-07-01 08:56 . 2008-07-01 08:56 39,944 --a------ C:\WINDOWS\system32\drivers\eamon.sys

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-30 15:03 --------- d-----w C:\Documents and Settings\Piotrek\Dane aplikacji\uTorrent

2008-08-30 14:16 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-30 09:54 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-08-29 07:31 --------- d-----w C:\Documents and Settings\Piotrek\Dane aplikacji\skypePM

2008-08-29 07:31 --------- d-----w C:\Documents and Settings\Piotrek\Dane aplikacji\Skype

2008-08-27 11:56 --------- d-----w C:\Documents and Settings\Piotrek\Dane aplikacji\ESET

2008-08-27 11:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET

2008-08-27 11:24 --------- d-----w C:\Program Files\Skype

2008-08-27 11:24 --------- d-----w C:\Program Files\Common Files\Skype

2008-08-27 11:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype

2008-08-27 11:00 --------- d-----w C:\Program Files\Bonjour

2008-08-27 09:58 --------- d-----w C:\Documents and Settings\Piotrek\Dane aplikacji\Gadu-Gadu

2008-08-27 09:56 155,995 ----a-w C:\WINDOWS\java\Packages\KXF7T7BL.ZIP

2008-08-27 09:50 --------- d-----w C:\Program Files\microsoft frontpage

2008-08-27 09:48 --------- d-----w C:\Program Files\Usługi online

2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll

2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll

2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe

2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll

2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll

2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll

2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll

2008-07-18 20:08 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll

2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 14:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

2008-06-23 16:42 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-06-06 12:54 972,072 ----a-w C:\WINDOWS\UNRecode.exe

2008-06-06 12:54 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll

2008-05-09 10:56 90,112 ----a-w C:\WINDOWS\system32\wshext.dll

2008-05-09 10:56 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll

2008-05-09 10:56 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll

2008-05-09 10:56 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll

2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe

2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe

2008-05-07 05:12 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{880EE8C3-567E-400C-BB14-33957137979B}]

2008-08-30 17:00 368640 --a------ C:\WINDOWS\rodqgpvlvoq.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 22:51 15360]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NeroHomeFirstStart"="C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [2008-06-24 16:05 19752]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 16:10 57344]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]

"RivaTuner"="D:\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 20:25 2707456]

"egui"="D:\ESET Smart Security\egui.exe" [2008-07-01 09:01 1447168]

"RivaTunerStartupDaemon"="D:\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 20:25 2707456]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 09:53 570664]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 09:31 2221352]

"P17Helper"="P17.dll" [2005-05-03 13:38 64512 C:\WINDOWS\system32\P17.dll]

"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 22:51 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 0 (0x0)

"NoFileAssociate"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"pdoskegl"= {FC772B77-F055-4E46-919C-94E89E7F45A2} - C:\WINDOWS\pdoskegl.dll [2008-08-30 17:00 233472]

"rqbmvpso"= {99DD3647-FCDC-43CB-B247-6E9B2851B362} - C:\WINDOWS\rqbmvpso.dll [2008-08-30 17:00 188416]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"D:\\uTorrent\\uTorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"D:\\eMule\\emule.exe"=

 

 

*Newly Created Service* - CATCHME

.

- - - - ORPHANS REMOVED - - - -

 

Toolbar-{E8B91C06-BB8F-49D6-A79B-9DA8652E7BC9} - C:\WINDOWS\qalkfxor.dll

 

 

.

------- Supplementary Scan -------

.

 

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab

C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

 

O16 -: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

C:\WINDOWS\Downloaded Program Files\SkanerOnline.inf

C:\WINDOWS\system32\SkanerOnlineUninstall.exe

C:\WINDOWS\system32\SkanerOnline.dll

.

 

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-30 23:53:47

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

Completion time: 2008-08-30 23:54:20

ComboFix-quarantined-files.txt 2008-08-30 21:54:18

 

Pre-Run: 7,927,042,048 bajtów wolnych

Post-Run: 7,955,955,712 bajtów wolnych

 

196

[John Sharkrat 0]

do wywalenia w trybie awaryjnym:

C:\WINDOWS\rodqgpvlvoq.dll

C:\WINDOWS\pdoskegl.dll

C:\WINDOWS\rqbmvpso.dll

C:\WINDOWS\rvoelbxt.exe

Skanery online to strata czasu

[piotr.krol 0]

Wywaliłem te pliki ale nadal mam koło zegarka napis VIRUS ALERT! i niedziała CTRL+ALT+DEL itp itd... co zrobić jeszcze???, jak narazie okienka z ostrzeżeniami nie wyskakują i nie pojawia się czerowna tapeta...

[John Sharkrat 0]

Jakiego antywirusa używasz ?

[piotr.krol 0]

ESET Smart Security 3.0.669.0 i SpyBot

[John Sharkrat 0]

Zainstaluj Avast lub kaspersky i niech przeskanują kompa przed startem systemu

[piotr.krol 0]

Właśnie ściągam najnowszego kasperskiego... przeskanuje i dam znać

[piotr.krol 0]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:30: VIRUS ALERT!, on 2008-08-31

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

C:\WINDOWS\system32\RUNDLL32.EXE

D:\RivaTuner v2.09\RivaTuner.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

D:\Gadu-Gadu\gg.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RivaTuner] "D:\RivaTuner v2.09\RivaTuner.exe" /T

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\RivaTuner v2.09\RivaTuner.exe" /S

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1219850563546

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O21 - SSODL: pdoskegl - {FC772B77-F055-4E46-919C-94E89E7F45A2} - C:\WINDOWS\pdoskegl.dll (file missing)

O21 - SSODL: rqbmvpso - {99DD3647-FCDC-43CB-B247-6E9B2851B362} - C:\WINDOWS\rqbmvpso.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

 

--

End of file - 7336 bytes

[piotr.krol 0]

Avast wykrył 5 wirusów i je usunoł ale dalej jest napis virus alert! itp itd...

[John Sharkrat 0]

odinstaluj ESET.....