x-kom hosting

Logi...

Etro
utworzono
utworzono

Mój problem opisałem tu: http://www.forumpc.pl/index.php?showtopic=61363

a to logi z HijackThis. Prosze o sprawdzenie.

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:09:01, on 2008-08-17Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:H:\WINDOWS\System32\smss.exeH:\WINDOWS\system32\winlogon.exeH:\WINDOWS\system32\services.exeH:\WINDOWS\system32\lsass.exeH:\WINDOWS\system32\Ati2evxx.exeH:\WINDOWS\system32\svchost.exeH:\WINDOWS\System32\svchost.exeH:\WINDOWS\system32\Ati2evxx.exeI:\avast\aswUpdSv.exeI:\avast\ashServ.exeH:\WINDOWS\Explorer.EXEH:\WINDOWS\system32\spoolsv.exeH:\Program Files\Common Files\LightScribe\LSSrvc.exeH:\WINDOWS\system32\PnkBstrA.exeH:\WINDOWS\system32\PSIService.exeH:\Program Files\Spyware Terminator\sp_rsser.exeH:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeH:\WINDOWS\system32\svchost.exeH:\WINDOWS\RTHDCPL.EXEH:\Program Files\Winamp\winampa.exeH:\Program Files\Common Files\InstallShield\UpdateService\issch.exeI:\avast\ashDisp.exeH:\WINDOWS\vsnpstd.exeH:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeH:\WINDOWS\system32\ctfmon.exeH:\Program Files\Gadu-Gadu\gg.exeH:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeH:\Program Files\DNA\btdna.exeH:\Program Files\RALINK\Common\RaUI.exeH:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeH:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeH:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeH:\WINDOWS\system32\wscntfy.exeH:\Program Files\Maxthon2\Maxthon.exeI:\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60327R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=hompag&d=79919275R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.infoR1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dllR3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - H:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLLO2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - H:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dllO2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - H:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLLO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - I:\mega manager\MegaIEMn.dllO2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - H:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLO3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - H:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLLO3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - H:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLO3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO3 - Toolbar: Pasek &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dllO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [WinampAgent] H:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [iSUSPM Startup] H:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "H:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [avast!] I:\avast\ashDisp.exeO4 - HKLM\..\Run: [Corel Photo Downloader] rem H:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exeO4 - HKLM\..\Run: [snpstd] H:\WINDOWS\vsnpstd.exeO4 - HKLM\..\Run: [startCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [TrojanScanner] H:\Trojan Remover\Trjscan.exe /bootO4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "H:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [LightScribe Control Panel] rem H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [GoD] rem "I:\GoD\GoD.exe" /trayO4 - HKCU\..\Run: [Avi Player] rem "H:\Program Files\Avi Player\AviPlayer.exe" hmwO4 - HKCU\..\Run: [bitTorrent DNA] "H:\Program Files\DNA\btdna.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Ralink Wireless Utility.lnk = H:\Program Files\RALINK\Common\RaUI.exeO8 - Extra context menu item: Crawler Search - tbr:iemenuO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exeO16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://download.gamedesire.com/g_bin/pl/cards_2_0_0_77.cabO16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://download.gamedesire.com/g_bin/pl/boards_2_0_0_35.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dllO20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\avast\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exeO23 - Service: avast! Antivirus - ALWIL Software - I:\avast\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - I:\avast\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - I:\avast\ashWebSv.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exeO23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exeO23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - H:\Program Files\Spyware Terminator\sp_rsser.exe--End of file - 9251 bytes

//logi wstawiamy w tagi code a nie quote

//vocativus

Mateusz J.
komentarz
komentarz

Krok 1

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=hompag&d=79919275R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.infoR3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - H:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLLO2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - H:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLLO3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - H:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLLO4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Ustawienia lokalne\Temp" (User 'USŁUGA SIECIOWA')O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)

Uruchom HijackThis.

Kliknij Do a system scan only.

Zaznaczasz kwadraciki obok wpisów, które podałem wyżej.

Kliknij Fix checked.

Krok 2

Pobierz program ComboFix, ale nie uruchamiaj.

Otwórz notatnik i wklej do niego:

Folder::H:\Program Files\AskSBarH:\Program Files\MyGlobalSearch

W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix

Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku:

82650GIF.gif

Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.

Krok 3

Tworzysz nowy log z HijackThis i pokazujesz go razem z logiem utworzonym w Kroku 2

Proponowałbym zmienić antywirusa.

Jednak to Twoja decyzja co uważasz za lepsze.

Etro
komentarz
komentarz

Dzieki za szybką odpowiedź :)

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:52:09, on 2008-08-17Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:H:\WINDOWS\System32\smss.exeH:\WINDOWS\system32\winlogon.exeH:\WINDOWS\system32\services.exeH:\WINDOWS\system32\lsass.exeH:\WINDOWS\system32\Ati2evxx.exeH:\WINDOWS\system32\svchost.exeH:\WINDOWS\System32\svchost.exeI:\avast\aswUpdSv.exeH:\WINDOWS\system32\Ati2evxx.exeI:\avast\ashServ.exeH:\WINDOWS\system32\spoolsv.exeH:\Program Files\Common Files\LightScribe\LSSrvc.exeH:\WINDOWS\system32\PnkBstrA.exeH:\WINDOWS\system32\PSIService.exeH:\Program Files\Spyware Terminator\sp_rsser.exeH:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeH:\WINDOWS\system32\svchost.exeI:\avast\ashMaiSv.exeI:\avast\ashWebSv.exeH:\WINDOWS\RTHDCPL.EXEH:\Program Files\Winamp\winampa.exeH:\Program Files\Common Files\InstallShield\UpdateService\issch.exeH:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeH:\WINDOWS\system32\ctfmon.exeH:\Program Files\Gadu-Gadu\gg.exeH:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exeH:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exeH:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeH:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exeH:\Program Files\DNA\btdna.exeH:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeH:\WINDOWS\system32\wuauclt.exeH:\WINDOWS\explorer.exeH:\WINDOWS\system32\notepad.exeH:\Program Files\Maxthon2\Maxthon.exeI:\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dllO2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - I:\mega manager\MegaIEMn.dllO3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - H:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - H:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLLO3 - Toolbar: Pasek &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dllO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [WinampAgent] H:\Program Files\Winamp\winampa.exeO4 - HKLM\..\Run: [iSUSPM Startup] H:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [iSUSScheduler] "H:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [Corel Photo Downloader] rem H:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exeO4 - HKLM\..\Run: [snpstd] H:\WINDOWS\vsnpstd.exeO4 - HKLM\..\Run: [startCCC] "H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [TrojanScanner] H:\Trojan Remover\Trjscan.exe /bootO4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "H:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [LightScribe Control Panel] rem H:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hiddenO4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"O4 - HKCU\..\Run: [GoD] rem "I:\GoD\GoD.exe" /trayO4 - HKCU\..\Run: [Avi Player] rem "H:\Program Files\Avi Player\AviPlayer.exe" hmwO4 - HKCU\..\Run: [bitTorrent DNA] "H:\Program Files\DNA\btdna.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_06] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Adobe Reader Speed Launch.lnk = H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Ralink Wireless Utility.lnk = H:\Program Files\RALINK\Common\RaUI.exeO8 - Extra context menu item: Crawler Search - tbr:iemenuO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exeO16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://download.gamedesire.com/g_bin/pl/cards_2_0_0_77.cabO16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://download.gamedesire.com/g_bin/pl/boards_2_0_0_35.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - H:\PROGRA~1\Crawler\Toolbar\ctbr.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - I:\avast\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exeO23 - Service: avast! Antivirus - ALWIL Software - I:\avast\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - I:\avast\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - I:\avast\ashWebSv.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - H:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - H:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: PnkBstrA - Unknown owner - H:\WINDOWS\system32\PnkBstrA.exeO23 - Service: ProtexisLicensing - Unknown owner - H:\WINDOWS\system32\PSIService.exeO23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - H:\Program Files\Spyware Terminator\sp_rsser.exe--End of file - 7812 bytes

Combo fix:

ComboFix 08-08-17.01 - Administrator 2008-08-17 22:45:11.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.2564 [GMT 2:00]Running from: I:\ComboFix.exeCommand switches used :: I:\CFScript.txt * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).H:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txtH:\Documents and Settings\Administrator\Cookies\administrator@a.amd[1].txtH:\Documents and Settings\Administrator\Cookies\administrator@ehg-ci.hitbox[2].txtH:\Documents and Settings\Administrator\Cookies\administrator@ehg-upcchellomedia.hitbox[2].txtH:\Documents and Settings\Administrator\Cookies\administrator@groteska[2].txtH:\Documents and Settings\Administrator\Cookies\administrator@nuggad[1].txtH:\Documents and Settings\Administrator\Cookies\administrator@onet[2].txtH:\Documents and Settings\Administrator\Cookies\administrator@pclab[1].txtH:\Documents and Settings\Administrator\Cookies\administrator@revsci[1].txtH:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txtH:\Documents and Settings\Administrator\Cookies\administrator@www.forumpc[1].txtH:\Documents and Settings\Administrator\Cookies\administrator@www.stat.chh[1].txtH:\Documents and Settings\Administrator\Menu Start\Programy\Download programs.urlH:\Documents and Settings\Administrator\Menu Start\Programy\Games.urlH:\Documents and Settings\Administrator\Menu Start\Programy\Translator.urlH:\Documents and Settings\Administrator\Menu Start\Programy\Videos.urlH:\Documents and Settings\Administrator\Ulubione\Download programs.urlH:\Documents and Settings\Administrator\Ulubione\Games.urlH:\Documents and Settings\Administrator\Ulubione\Translator.urlH:\Documents and Settings\Administrator\Ulubione\Videos.urlH:\Documents and Settings\Administrator\UserDataH:\Documents and Settings\Administrator\UserData\[u]0[/u]1E74HY3\sn[1].xmlH:\Documents and Settings\Administrator\UserData\index.datH:\Program Files\AskSBarH:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JARH:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFESTH:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXEH:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JARH:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFESTH:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLLH:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLH:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLLH:\Program Files\AskSBar\bar\1.bin\V2RSSMNU.DLLH:\Program Files\AskSBar\bar\Cache\[u]0[/u]156D84FH:\Program Files\AskSBar\bar\Cache\[u]0[/u]156DC27H:\Program Files\AskSBar\bar\Cache\[u]0[/u]156DDFC.binH:\Program Files\AskSBar\bar\Cache\[u]0[/u]156DFB2.binH:\Program Files\AskSBar\bar\Cache\[u]0[/u]156E177.binH:\Program Files\AskSBar\bar\Cache\[u]0[/u]156E31D.binH:\Program Files\AskSBar\bar\Cache\[u]0[/u]156E4D2.binH:\Program Files\AskSBar\bar\Cache\[u]0[/u]156E6B7.binH:\Program Files\AskSBar\bar\Cache\files.iniH:\Program Files\AskSBar\bar\History\search2H:\Program Files\AskSBar\bar\Settings\prevcfg2.htmH:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLLH:\Program Files\myglobalsearchH:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.JARH:\Program Files\MyGlobalSearch\bar\1.bin\M9FFXTBR.MANIFESTH:\Program Files\MyGlobalSearch\bar\1.bin\M9NTSTBR.JARH:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFESTH:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLLH:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLLH:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]13B7524H:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]13B78ECH:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]13B7A35.binH:\Program Files\MyGlobalSearch\bar\Cache\[u]0[/u]13B7C38.binH:\Program Files\MyGlobalSearch\bar\Cache\[u]0[/u]13B89A6.binH:\Program Files\myglobalsearch\bar\Cache\files.iniH:\Program Files\myglobalsearch\bar\History\searchH:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm.(((((((((((((((((((((((((   Files Created from 2008-07-17 to 2008-08-17  ))))))))))))))))))))))))))))))).2008-11-16 12:15 . 2008-08-12 18:24	<DIR>	d--------	H:\Program Files\ATI Technologies2008-11-16 12:15 . 2008-05-15 03:37	3,107,788	-ra------	H:\WINDOWS\system32\ativvaxx.dat2008-11-16 12:15 . 2008-05-15 03:37	3,107,788	-ra------	H:\WINDOWS\system32\ativva5x.dat2008-11-16 12:15 . 2008-05-15 03:37	887,724	-ra------	H:\WINDOWS\system32\ativva6x.dat2008-11-16 12:15 . 2008-05-15 03:57	307,200	-ra------	H:\WINDOWS\system32\atiiiexx.dll2008-11-16 12:15 . 2007-08-31 15:20	7,167	-ra------	H:\WINDOWS\system32\atifglpf.xml2008-11-16 12:03 . 2008-08-12 18:14	10	--a------	H:\WINDOWS\WININIT.INI2008-11-16 00:11 . 2008-08-13 19:11	<DIR>	d--------	H:\WINDOWS\system32\DllCache2008-11-16 00:11 . 2008-11-16 00:11	<DIR>	d--------	H:\Program Files\MSXML 4.02008-11-15 21:54 . 2008-11-15 21:54	<DIR>	d--------	H:\Program Files\Avi Player2008-11-15 21:54 . 2008-11-15 21:54	36	---h-----	H:\WINDOWS\system32\swk.ini2008-11-15 17:10 . 2007-04-02 08:37	546,304	---------	H:\WINDOWS\system32\DllCache\hhctrl.ocx2008-11-15 17:10 . 2008-06-14 20:01	273,024	---------	H:\WINDOWS\system32\drivers\bthport.sys2008-11-15 17:10 . 2008-06-14 20:01	273,024	---------	H:\WINDOWS\system32\DllCache\bthport.sys2008-11-15 17:08 . 2006-12-07 08:40	2,362,184	---------	H:\WINDOWS\system32\DllCache\wmvcore.dll2008-11-15 17:08 . 2008-05-08 14:28	202,752	---------	H:\WINDOWS\system32\DllCache\rmcast.sys2008-11-15 16:53 . 2008-07-29 18:23	998	--a------	H:\WINDOWS\unins001.dat2008-11-15 16:02 . 2008-07-20 17:35	<DIR>	d--------	H:\Program Files\Maxthon22008-11-15 16:02 . 2008-08-17 22:46	<DIR>	d--------	H:\Documents and Settings\Administrator\Dane aplikacji\MxBoost2008-11-15 13:53 . 2008-11-15 14:14	<DIR>	d--------	H:\WINDOWS\system32\Adobe2008-11-15 12:46 . 2008-11-15 12:46	<DIR>	d--------	H:\Program Files\RALINK2008-11-15 12:46 . 2006-05-04 20:02	380,928	--a------	H:\WINDOWS\system32\drivers\rt61.sys2008-11-15 12:46 . 2005-12-15 11:38	315,392	--a------	H:\WINDOWS\system32\AegisI5.exe2008-11-15 12:46 . 2006-05-15 17:25	295,028	--a------	H:\WINDOWS\system32\Install6x.dll2008-11-15 12:46 . 2005-10-20 16:00	243,328	--a------	H:\WINDOWS\system32\drivers\RT2500.sys2008-11-15 12:46 . 2008-11-15 12:46	21,275	--a------	H:\WINDOWS\system32\drivers\AegisP.sys2008-11-15 12:46 . 2006-04-06 14:15	8,192	--a------	H:\WINDOWS\system32\drivers\RT2661.bin2008-11-15 12:46 . 2006-04-06 14:15	8,192	--a------	H:\WINDOWS\system32\drivers\RT2561s.bin2008-11-15 12:46 . 2006-04-06 14:15	8,192	--a------	H:\WINDOWS\system32\drivers\RT2561.bin2008-11-15 12:46 . 2006-03-10 16:33	78	--a------	H:\WINDOWS\filespec6x2008-11-15 10:03 . 2008-11-15 10:03	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\InstallShield2008-11-14 14:19 . 2008-11-14 14:19	<DIR>	d--------	H:\Documents and Settings\Administrator\Dane aplikacji\ATI2008-11-14 13:50 . 2008-11-14 13:50	<DIR>	d--------	H:\Documents and Settings\Administrator\Dane aplikacji\AdobeUM2008-11-14 13:45 . 2008-07-29 18:25	1,038	--a------	H:\WINDOWS\unins000.dat2008-11-14 13:38 . 2008-11-14 13:38	552	--a------	H:\WINDOWS\system32\d3d8caps.dat2008-11-14 13:02 . 2008-11-14 13:02	<DIR>	d--------	H:\Documents and Settings\All Users\My Music2008-11-14 13:02 . 2008-11-14 13:02	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\Corel2008-11-14 13:02 . 2008-08-08 15:57	<DIR>	d--------	H:\Documents and Settings\Administrator\Dane aplikacji\Corel2008-11-14 13:02 . 2008-08-08 15:57	2,672	--ahs----	H:\WINDOWS\system32\KGyGaAvL.sys2008-11-14 13:02 . 2008-11-14 13:02	8	-r-hs----	H:\WINDOWS\system32\6BBB19B5AD.sys2008-11-14 13:01 . 2008-11-14 13:01	<DIR>	d--------	H:\Program Files\Corel2008-11-14 13:01 . 2008-11-14 13:02	<DIR>	d--------	H:\Program Files\Common Files\Corel2008-08-17 22:47 . 2008-08-17 22:47	<DIR>	d--------	H:\WINDOWS\system32\xircom2008-08-17 22:47 . 2008-08-17 22:47	<DIR>	d--------	H:\Program Files\microsoft frontpage2008-08-14 23:03 . 2008-08-14 23:10	<DIR>	d--------	H:\Program Files\Spyware Terminator2008-08-14 23:03 . 2008-08-14 23:03	<DIR>	d--------	H:\Program Files\Crawler2008-08-14 23:03 . 2008-08-15 19:43	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator2008-08-14 23:03 . 2008-08-15 19:43	<DIR>	d--------	H:\Documents and Settings\Administrator\Dane aplikacji\Spyware Terminator2008-08-14 23:03 . 2008-08-14 23:03	141,312	--a------	H:\WINDOWS\system32\drivers\sp_rsdrv2.sys2008-08-14 22:56 . 2008-08-14 22:56	<DIR>	d--------	H:\Trojan Remover2008-08-14 22:56 . 2008-08-17 22:30	<DIR>	d-a------	H:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-08-14 22:56 . 2008-08-14 22:56	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software2008-08-14 22:56 . 2008-08-14 22:56	<DIR>	d--------	H:\Documents and Settings\Administrator\Dane aplikacji\Simply Super Software2008-08-14 22:56 . 2006-05-25 15:52	162,304	--a------	H:\WINDOWS\system32\ztvunrar36.dll2008-08-14 22:56 . 2003-02-02 20:06	153,088	--a------	H:\WINDOWS\system32\UNRAR3.dll2008-08-14 22:56 . 2005-08-26 01:50	77,312	--a------	H:\WINDOWS\system32\ztvunace26.dll2008-08-14 22:56 . 2002-03-06 01:00	75,264	--a------	H:\WINDOWS\system32\unacev2.dll2008-08-14 22:56 . 2006-06-19 13:01	69,632	--a------	H:\WINDOWS\system32\ztvcabinet.dll2008-08-14 22:56 . 2008-08-14 22:56	0	--a------	H:\WINDOWS\control.ini2008-08-14 22:56 . 2008-08-14 22:56	0	--a------	H:\WINDOWS\ativpsrm.bin2008-08-14 13:48 . 2001-08-18 06:36	8,704	--a------	H:\WINDOWS\system32\kbdjpn.dll2008-08-14 13:48 . 2001-08-18 06:36	8,192	--a------	H:\WINDOWS\system32\kbdkor.dll2008-08-14 13:48 . 2001-08-17 22:55	6,144	--a------	H:\WINDOWS\system32\kbd106.dll2008-08-14 13:48 . 2001-08-17 22:55	6,144	--a------	H:\WINDOWS\system32\kbd101c.dll2008-08-14 13:48 . 2001-08-17 22:55	6,144	--a------	H:\WINDOWS\system32\kbd101b.dll2008-08-14 13:48 . 2001-08-17 22:55	5,632	--a------	H:\WINDOWS\system32\kbd103.dll2008-08-13 13:27 . 2008-04-11 20:41	683,520	---------	H:\WINDOWS\system32\DllCache\inetcomm.dll2008-08-13 13:27 . 2008-05-01 16:33	331,776	---------	H:\WINDOWS\system32\DllCache\msadce.dll2008-08-12 18:31 . 2008-08-12 18:31	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\ATI2008-08-12 18:20 . 2008-08-12 18:24	<DIR>	d--------	H:\Program Files\Common Files\ATI Technologies2008-08-12 18:18 . 2008-05-14 21:05	593,920	---------	H:\WINDOWS\system32\ati2sgag.exe2008-08-12 18:18 . 2008-05-15 04:12	413,696	-ra------	H:\WINDOWS\system32\ATIDEMGX.dll2008-08-12 18:18 . 2008-04-28 23:09	172,033	-ra------	H:\WINDOWS\system32\atiicdxx.dat2008-08-12 18:18 . 2008-05-06 19:41	12,787	-ra------	H:\WINDOWS\atiogl.xml2008-08-12 13:01 . 2008-08-12 13:01	<DIR>	d--------	H:\ATI2008-08-12 11:54 . 2008-08-12 11:54	<DIR>	d--------	H:\WINDOWS\Nowy folder2008-08-11 08:27 . 2008-08-11 08:27	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\Ubisoft2008-08-11 08:27 . 2008-08-11 08:27	<DIR>	d--------	H:\Documents and Settings\Administrator\Dane aplikacji\Ubisoft2008-08-11 08:03 . 2008-08-11 08:03	0	--a------	H:\WINDOWS\system32\cid_store.dat2008-08-08 14:45 . 2008-08-08 14:47	<DIR>	d--------	H:\Documents and Settings\Administrator\Dane aplikacji\Summer Athletics 20082008-08-04 11:26 . 2008-08-04 11:26	2,560	--a------	H:\WINDOWS\_MSRSTRT.EXE2008-08-03 14:46 . 2008-08-03 14:46	50	--a------	H:\WINDOWS\MegaManager.INI2008-08-03 14:45 . 2008-08-03 14:45	<DIR>	d--------	H:\Documents and Settings\Administrator\Dane aplikacji\Megaupload2008-08-03 14:44 . 2008-08-03 14:44	<DIR>	d--------	H:\Documents and Settings\Administrator\Dane aplikacji\InstallShield2008-08-03 14:38 . 2008-08-03 14:38	<DIR>	d--------	H:\Program Files\MegauploadToolbar2008-08-03 14:38 . 2008-08-09 13:52	<DIR>	d--------	H:\Documents and Settings\Administrator\Dane aplikacji\MegauploadToolbar2008-07-29 23:08 . 2008-07-29 23:08	<DIR>	d--------	H:\Program Files\Microsoft Silverlight2008-07-29 23:05 . 2008-07-29 23:08	<DIR>	d--------	H:\Program Files\Microsoft SQL Server2008-07-29 23:00 . 2008-07-29 23:06	<DIR>	d--------	H:\Program Files\Microsoft.NET2008-07-29 23:00 . 2008-07-29 23:01	<DIR>	d--------	H:\Program Files\Common Files\Merge Modules2008-07-29 22:59 . 2008-07-29 22:59	<DIR>	d--------	H:\Program Files\Microsoft SDKs2008-07-29 22:58 . 2008-07-29 22:58	<DIR>	d--------	H:\WINDOWS\system32\XPSViewer2008-07-29 22:58 . 2008-07-29 22:58	<DIR>	d--------	H:\Program Files\Reference Assemblies2008-07-29 22:58 . 2008-07-29 22:58	<DIR>	d--------	H:\Program Files\MSBuild2008-07-29 22:58 . 2006-06-29 13:07	14,048	---------	H:\WINDOWS\system32\spmsg2.dll2008-07-29 22:56 . 2008-07-29 22:56	<DIR>	d--------	H:\Program Files\MSXML 6.02008-07-29 20:22 . 2008-07-30 14:03	<DIR>	d--------	H:\WINDOWS\SxsCaPendDel2008-07-29 14:06 . 2006-09-28 16:05	2,414,360	--a------	H:\WINDOWS\system32\d3dx9_31.dll2008-07-29 14:06 . 2006-09-28 16:05	237,848	--a------	H:\WINDOWS\system32\xactengine2_4.dll2008-07-29 14:06 . 2006-07-28 09:30	236,824	--a------	H:\WINDOWS\system32\xactengine2_3.dll2008-07-29 14:06 . 2006-07-28 09:30	62,744	--a------	H:\WINDOWS\system32\xinput1_2.dll2008-07-29 14:06 . 2007-03-05 12:42	15,128	--a------	H:\WINDOWS\system32\x3daudio1_1.dll2008-07-29 14:04 . 2008-07-29 14:04	<DIR>	d--------	H:\WINDOWS\Logs2008-07-28 16:20 . 2008-07-29 23:03	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-07-28 16:14 . 2008-07-28 16:14	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\LightScribe2008-07-27 10:25 . 2008-07-27 10:25	<DIR>	d--------	H:\Documents and Settings\All Users\Dane aplikacji\Azureus2008-07-27 10:25 . 2008-08-13 13:11	<DIR>	d--------	H:\Documents and Settings\Administrator\Dane aplikacji\Azureus2008-07-26 14:06 . 2008-08-09 21:48	<DIR>	d--------	H:\Documents and Settings\Administrator\Dane aplikacji\skypePM2008-07-26 14:06 . 2008-07-26 14:06	56	--ah-----	H:\WINDOWS\system32\ezsidmv.dat2008-07-26 14:05 . 2008-07-26 14:05	<DIR>	d--------	H:\Program Files\Common Files\Skype2008-07-26 13:10 . 2004-06-10 13:48	286,720	--a------	H:\WINDOWS\vsnpstd.exe2008-07-26 13:10 . 2004-05-06 11:22	53,248	--a------	H:\WINDOWS\system32\dsnpstd.dll2008-07-26 13:10 . 2002-07-03 11:44	53,248	--a------	H:\WINDOWS\amcap.exe2008-07-26 13:10 . 2003-01-17 17:34	15,541	--a------	H:\WINDOWS\snpstd.ini2008-07-26 13:10 . 2003-01-17 17:35	13,023	--a------	H:\WINDOWS\snpstd.src2008-07-26 13:09 . 2008-07-26 13:10	<DIR>	d--------	H:\Program Files\Common Files\snpstd2008-07-26 13:09 . 2005-04-26 14:06	390,784	--a------	H:\WINDOWS\system32\drivers\snpstd.sys2008-07-26 13:09 . 2005-04-20 17:34	61,440	--a------	H:\WINDOWS\system32\rsnpstd.dll2008-07-26 13:09 . 2004-02-16 13:59	61,440	--a------	H:\WINDOWS\system32\csnpstd.dll2008-07-26 13:09 . 2005-04-20 17:16	36,864	--a------	H:\WINDOWS\system32\vsnpstd.dll2008-07-26 13:09 . 2005-04-20 16:57	36,864	--a------	H:\WINDOWS\system32\dsnpstd.ax2008-07-26 13:09 . 2005-02-01 19:29	20,480	--a------	H:\WINDOWS\usnpstd.exe2008-07-25 19:29 . 2008-07-25 19:29	<DIR>	d--------	H:\Users2008-07-25 19:29 . 2008-08-14 14:17	26,533,888	--a------	H:\software2008-07-25 19:29 . 2008-08-14 14:17	4,775,936	--a------	H:\system.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-11-15 08:00	---------	d-----w	H:\Program Files\Common Files\InstallShield2008-11-14 10:23	---------	d-----w	H:\Program Files\Winamp2008-11-14 10:22	---------	d-----w	H:\Program Files\MarBit2008-11-14 10:21	---------	d-----w	H:\Program Files\Gadu-Gadu2008-11-14 10:10	---------	d-----w	H:\Program Files\Common Files\LightScribe2008-11-14 10:09	---------	d-----w	H:\Program Files\Common Files\Ahead2008-11-14 10:09	---------	d-----w	H:\Documents and Settings\All Users\Dane aplikacji\Ahead2008-11-14 10:07	---------	d-----w	H:\Program Files\Nero2008-11-14 10:07	---------	d-----w	H:\Documents and Settings\All Users\Dane aplikacji\Nero2008-11-14 10:03	---------	d-----w	H:\Program Files\Common Files\Adobe2008-11-14 09:57	---------	d-----w	H:\Program Files\Attansic2008-11-14 09:53	315,392	----a-w	H:\WINDOWS\HideWin.exe2008-11-14 09:53	---------	d-----w	H:\Program Files\Realtek2008-11-14 09:46	---------	d-----w	H:\Program Files\Intel2008-11-14 09:40	---------	d-----w	H:\Program Files\Usługi online2008-08-12 16:19	---------	d--h--w	H:\Program Files\InstallShield Installation Information2008-08-09 20:35	---------	d-----w	H:\Documents and Settings\Administrator\Dane aplikacji\Skype2008-08-04 09:27	---------	d-----w	H:\Program Files\FlashGet2008-07-28 14:14	---------	d-----w	H:\Documents and Settings\Administrator\Dane aplikacji\Ahead2008-07-26 12:05	---------	d-----w	H:\Program Files\Skype2008-07-26 12:05	---------	d-----w	H:\Documents and Settings\All Users\Dane aplikacji\Skype2008-06-20 10:44	360,960	----a-w	H:\WINDOWS\system32\drivers\tcpip.sys2008-06-20 10:44	138,368	----a-w	H:\WINDOWS\system32\drivers\afd.sys2008-06-20 09:32	225,920	----a-w	H:\WINDOWS\system32\drivers\tcpip6.sys.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"LightScribe Control Panel"="rem" [X]"GoD"="rem" [X]"Avi Player"="rem" [X]"CTFMON.EXE"="H:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:44 15360]"Gadu-Gadu"="H:\Program Files\Gadu-Gadu\gg.exe" [2005-09-15 15:43 1712128]"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 11:21 153136]"BitTorrent DNA"="H:\Program Files\DNA\btdna.exe" [2008-07-21 20:28 289088][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Corel Photo Downloader"="rem" [X]"NeroFilterCheck"="H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]"WinampAgent"="H:\Program Files\Winamp\winampa.exe" [2003-12-13 02:50 33792]"ISUSPM Startup"="H:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 13:41 196608]"ISUSScheduler"="H:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 07:07 69632]"snpstd"="H:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720]"StartCCC"="H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]"TrojanScanner"="H:\Trojan Remover\Trjscan.exe" [2008-07-30 15:00 909904]"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16:49 16126464 H:\WINDOWS\RTHDCPL.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="H:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:44 15360]H:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06 29696]Ralink Wireless Utility.lnk - H:\Program Files\RALINK\Common\RaUI.exe [2008-11-15 12:47:04 614400][HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="I:\\BearShare\\BearShare.exe"="H:\\Program Files\\DNA\\btdna.exe"="J:\\TrackMania Nations ESWC\\TmNationsESWC.exe"="J:\\Wolfenstein - Enemy Territory\\ET.exe"="H:\\Program Files\\Gadu-Gadu\\gg.exe"="I:\\Vuze\\Azureus.exe"="H:\\Program Files\\Skype\\Phone\\Skype.exe"="H:\\Program Files\\Maxthon2\\Modules\\MxDownloader\\MxDownloadServer.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low Port"4662:TCP"= 4662:TCP:TCP"4672:TCP"= 4672:TCP:UDPR0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);H:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 14:46]R1 aswSP;avast! Self Protection;H:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]R2 aswFsBlk;aswFsBlk;H:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;H:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 16:12]R3 AtiHdmiService;ATI Function Driver for HDMI Service;H:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-11-14 21:48]R3 usbstor;Sterownik magazynu masowego USB;H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 01:08][HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"H:\Program Files\Common Files\LightScribe\LSRunOnce.exe".- - - - ORPHANS REMOVED - - - -URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - H:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-08-17 22:48:11Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.H:\WINDOWS\system32\ati2evxx.exeI:\avast\aswUpdSv.exeH:\WINDOWS\system32\ati2evxx.exeI:\avast\ashServ.exeH:\Program Files\Common Files\LightScribe\LSSrvc.exeH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeH:\WINDOWS\system32\PnkBstrA.exeH:\WINDOWS\system32\PSIService.exeH:\Program Files\Spyware Terminator\sp_rsser.exeH:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeH:\WINDOWS\system32\wdfmgr.exeI:\avast\ashMaiSv.exeI:\avast\ashWebSv.exeH:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeH:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeH:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeH:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe.**************************************************************************.Completion time: 2008-08-17 22:49:15 - machine was rebooted [Administrator]ComboFix-quarantined-files.txt  2008-08-17 20:49:12Pre-Run: 92,188,921,856 bajtów wolnychPost-Run: 93,612,908,544 bajt˘w wolnych316	--- E O F ---	2008-08-13 17:11:17
Gość
komentarz
komentarz

Wg mnie - czysto.

Usuń ręcznie folder C:\Qoobox,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer Ccleanerem

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

lub

Dr.WEB CureIt!.

Etro
komentarz
komentarz

Zrobiłem te wszystkie rzeczy a to link do raportu raport

Mateusz J.
komentarz
komentarz

Raport jest na Twoim komputerze tak go nie zobaczymy.

Wklej raport na forum, tak jak to robiłeś z logami.

Etro
komentarz
komentarz
------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT 19 sierpień 2008 18:14:08 System operacyjny: Microsoft Windows XP Professional, Dodatek Service Pack 2 (Build 2600) Kaspersky Online Scanner wersja: 5.0.98.1 Ostatnia aktualizacja Kaspersky Anti-Virus19/08/2008 Liczba wpisów w bazie danych Kaspersky Anti-Virus1111013-------------------------------------------------------------------------------Ustawienia skanowania:	Skanowanie przy użyciu następujących baz danych: rozszerzone	Skanuj archiwa: tak	Skanuj pocztowe bazy danych: takObszar skanowania - Mój komputer:	A:\	C:\	E:\	F:\	G:\	H:\	I:\	J:\	L:\Statystyki skanowania:	Liczba skanowanych obiektów: 56852	Liczba wykrytych wirusów: 1	Liczba zainfekowanych obiektów: 1	Liczba podejrzanych obiektów: 0	Czas trwania skanowania: 00:14:37Nazwa zainfekowanego obiektu / Nazwa wirusa / Ostatnie działanieH:\Documents and Settings\Administrator\Cookies\index.dat	Object is locked	pominiętyH:\Documents and Settings\Administrator\Dane aplikacji\MxBoost\data353.dat	Object is locked	pominiętyH:\Documents and Settings\Administrator\NTUSER.DAT	Object is locked	pominiętyH:\Documents and Settings\Administrator\ntuser.dat.LOG	Object is locked	pominiętyH:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Ahead\Nero Home\bl.db	Object is locked	pominiętyH:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Ahead\Nero Home\is2.db	Object is locked	pominiętyH:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Identities\{5D757171-C8C3-4E84-9C77-9310D663A634}\Microsoft\Outlook Express\Folders.dbx	Object is locked	pominiętyH:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Identities\{5D757171-C8C3-4E84-9C77-9310D663A634}\Microsoft\Outlook Express\Offline.dbx	Object is locked	pominiętyH:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat	Object is locked	pominiętyH:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	pominiętyH:\Documents and Settings\Administrator\Ustawienia lokalne\Historia\History.IE5\index.dat	Object is locked	pominiętyH:\Documents and Settings\Administrator\Ustawienia lokalne\Historia\History.IE5\MSHist012008081920080820\index.dat	Object is locked	pominiętyH:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat	Object is locked	pominiętyH:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	pominiętyH:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	pominiętyH:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	pominiętyH:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	pominiętyH:\Documents and Settings\LocalService\ntuser.dat.LOG	Object is locked	pominiętyH:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat	Object is locked	pominiętyH:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	pominiętyH:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat	Object is locked	pominiętyH:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat	Object is locked	pominiętyH:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	pominiętyH:\Documents and Settings\NetworkService\ntuser.dat.LOG	Object is locked	pominiętyH:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat	Object is locked	pominiętyH:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	pominiętyH:\Documents and Settings\NetworkService\Ustawienia lokalne\Temp\Perflib_Perfdata_5a0.dat	Object is locked	pominiętyH:\Program Files\Maxthon2\SharedAccount\Data\history2.dat	Object is locked	pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf	Object is locked	pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf	Object is locked	pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf	Object is locked	pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf	Object is locked	pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf	Object is locked	pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf	Object is locked	pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf	Object is locked	pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf	Object is locked	pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG	Object is locked	pominiętyH:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_54.trc	Object is locked	pominiętyH:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	pominiętyH:\System Volume Information\_restore{9040028F-9DFC-40AE-B3F8-944C18B7856A}\RP105\change.log	Object is locked	pominiętyH:\WINDOWS\Debug\PASSWD.LOG	Object is locked	pominiętyH:\WINDOWS\SchedLgU.Txt	Object is locked	pominiętyH:\WINDOWS\SoftwareDistribution\EventCache\{90F22B9F-9318-4AD5-B3D2-073BAD2F4D64}.bin	Object is locked	pominiętyH:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	pominiętyH:\WINDOWS\Sti_Trace.log	Object is locked	pominiętyH:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	pominiętyH:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	pominiętyH:\WINDOWS\system32\config\ACEEvent.evt	Object is locked	pominiętyH:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	pominiętyH:\WINDOWS\system32\config\default	Object is locked	pominiętyH:\WINDOWS\system32\config\default.LOG	Object is locked	pominiętyH:\WINDOWS\system32\config\SAM	Object is locked	pominiętyH:\WINDOWS\system32\config\SAM.LOG	Object is locked	pominiętyH:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	pominiętyH:\WINDOWS\system32\config\SECURITY	Object is locked	pominiętyH:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	pominiętyH:\WINDOWS\system32\config\software	Object is locked	pominiętyH:\WINDOWS\system32\config\software.LOG	Object is locked	pominiętyH:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	pominiętyH:\WINDOWS\system32\config\system	Object is locked	pominiętyH:\WINDOWS\system32\config\system.LOG	Object is locked	pominiętyH:\WINDOWS\system32\h323log.txt	Object is locked	pominiętyH:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	pominiętyH:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	pominiętyH:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	pominiętyH:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	pominiętyH:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	pominiętyH:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	pominiętyH:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	pominiętyH:\WINDOWS\wiadebug.log	Object is locked	pominiętyH:\WINDOWS\wiaservc.log	Object is locked	pominiętyH:\WINDOWS\WindowsUpdate.log	Object is locked	pominiętyI:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	pominiętyI:\Trend Micro\HijackThis\backups\backup-20080817-224115-534.dll	Zainfekowanych: not-a-virus:WebToolbar.Win32.MyWebSearch.dh	pominiętyJ:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	pominiętyJ:\System Volume Information\_restore{9040028F-9DFC-40AE-B3F8-944C18B7856A}\RP105\change.log	Object is locked	pominiętyProces skanowania został zakończony.
Gość
komentarz
komentarz

Pobierz ---> The Avenger

Wklej do niego ten tekst:

Files to delete:I:\Trend Micro\HijackThis\backups\backup-20080817-224115-534.dll

Kopiujesz - Klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.

Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt

Etro
komentarz
komentarz

Zrobione

Logfile of The Avenger Version 2.0, © by Swandog46http://swandog46.geekstogo.comPlatform:  Windows XP*******************Script file opened successfully.Script file read successfully.Backups directory opened successfully at H:\Avenger*******************Beginning to process script file:Rootkit scan active.No rootkits found!File "I:\Trend Micro\HijackThis\backups\backup-20080817-224115-534.dll" deleted successfully.Completed script processing.*******************Finished!  Terminate.
Gość
komentarz
komentarz

Usunęło się.

To wszystko z mojej strony.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.