Witamy na forum PC Format Zapraszamy do REJESTRACJI


Użytkownicy przeglądający ten wątek: 1 gości

Wirus?

#1
Wirus?
Witam. Mam problem z moim komputerem. Najprawdopodobniej złapałem jakiegoś wirusa.

Problem jest w tym, iż nie mogę korzystać z klawiatury. Kiedy naciskam ctrl, alt, delete to komputer sie wylacza. Kiedy naciskam 'a' to wylacza mi program, itd.
Moglby mi ktos pomoc?

P.S. Tego posta musialem napisac na klawiaturze ekranowej.

Dziekuje.
 System operacyjny: windows_xp_2003 Przeglądarka: firefox
#2
RE: Wirus?
Daj logi z HijackThis i ComboFix - opis w przyklejonych tematach
 System operacyjny: windows_xp_2003 Przeglądarka: firefox
#3
RE: Wirus?
Kod:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:34:31, on 2008-05-15
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\MSSWCHX.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\neostrada tp\neostradatp.exe
C:\Program Files\neostrada tp\ComComp.exe
C:\PROGRA~1\NEOSTR~1\Toaster.exe
C:\PROGRA~1\NEOSTR~1\Inactivity.exe
C:\PROGRA~1\NEOSTR~1\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\neostrada tp\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazetawyborcza.pl/0,0.html?p=4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netpede.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neffy/NeffyLauncher.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAF07CB7-DEA6-4123-AD83-723C06317227}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB23E2B8-C9DA-4323-9FB6-7A610CEC381C}: NameServer = 217.30.129.149,217.30.137.200
O20 - Winlogon Notify: winuns32 - winuns32.dll (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Kod:
ComboFix 08-05-12.1 - Właściciel 2008-05-15 14:40:19.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.711 [GMT 2:00]
Running from: C:\Documents and Settings\Właściciel\Pulpit\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0B075A5
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0B0799C.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0B07BFE.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]0B07DC3.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\WINDOWS\system32\_000000_.tmp.dll
C:\WINDOWS\system32\info.txt
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\update.exe

.
(((((((((((((((((((((((((   Files Created from 2008-04-15 to 2008-05-15  )))))))))))))))))))))))))))))))
.

2008-05-15 14:34 . 2008-05-15 14:34    <DIR>    d--------    C:\Program Files\Trend Micro
2008-05-15 14:09 . 2008-05-15 14:09    <DIR>    d--------    C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-05-12 20:41 . 2008-05-12 20:41    20    --a------    C:\WINDOWS\naglos.INI
2008-05-11 13:00 . 2008-05-11 13:00    <DIR>    d--------    C:\Documents and Settings\Właściciel\Dane aplikacji\Activision
2008-05-11 13:00 . 2008-05-11 13:00    <DIR>    d--------    C:\Documents and Settings\All Users\Dane aplikacji\Activision
2008-05-07 13:59 . 2008-05-07 13:59    <DIR>    d--------    C:\Program Files\Ventrilo
2008-05-03 15:06 . 2008-05-03 15:06    <DIR>    d--------    C:\Documents and Settings\Właściciel\Dane aplikacji\Ubisoft
2008-05-03 15:06 . 2008-05-03 15:06    <DIR>    d--------    C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-05-03 15:06 . 2007-10-12 15:14    3,734,536    --a------    C:\WINDOWS\system32\d3dx9_36.dll
2008-05-03 15:06 . 2007-07-19 18:14    3,727,720    --a------    C:\WINDOWS\system32\d3dx9_35.dll
2008-05-03 15:06 . 2007-10-12 15:14    1,374,232    --a------    C:\WINDOWS\system32\D3DCompiler_36.dll
2008-05-03 15:06 . 2007-07-19 18:14    1,358,192    --a------    C:\WINDOWS\system32\D3DCompiler_35.dll
2008-05-03 15:06 . 2007-10-02 09:56    444,776    --a------    C:\WINDOWS\system32\d3dx10_36.dll
2008-05-03 15:06 . 2007-07-19 18:14    444,776    --a------    C:\WINDOWS\system32\d3dx10_35.dll
2008-05-03 15:06 . 2007-10-22 03:39    267,272    --a------    C:\WINDOWS\system32\xactengine2_10.dll
2008-05-03 15:06 . 2007-07-20 00:57    267,112    --a------    C:\WINDOWS\system32\xactengine2_9.dll
2008-04-23 05:10 . 2008-04-23 05:10    <DIR>    d--------    C:\Archiwum
2008-04-23 04:39 . 2008-04-23 04:39    <DIR>    d--------    C:\Documents and Settings\Właściciel\Dane aplikacji\Programer
2008-04-23 04:38 . 2008-04-23 04:38    <DIR>    d--------    C:\Program Files\Programer
2008-04-23 04:38 . 2008-04-23 04:38    <DIR>    d--------    C:\Program Files\Common Files\Borland Shared

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 12:27    ---------    d-----w    C:\Program Files\neostrada tp
2008-05-15 11:47    ---------    d-----w    C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-05-15 04:41    ---------    d-----w    C:\Documents and Settings\Właściciel\Dane aplikacji\Tibia
2008-05-15 04:38    282,302    ----a-w    C:\WINDOWS\system32\drivers\fwdrv.err
2008-05-14 20:54    ---------    d---a-w    C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-05-14 16:23    ---------    d-----w    C:\Documents and Settings\Właściciel\Dane aplikacji\OpenOffice.ux.pl2
2008-05-11 10:56    ---------    d--h--w    C:\Program Files\InstallShield Installation Information
2008-05-07 11:59    ---------    d-----w    C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 12:01    5,852    --sha-w    C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-23 18:35    ---------    d-----w    C:\Documents and Settings\Właściciel\Dane aplikacji\MegauploadToolbar
2008-03-30 06:34    3,218    ----a-w    C:\WINDOWS\system32\PerfStringBackup.TMP
2008-03-27 17:20    ---------    d-----w    C:\Documents and Settings\Właściciel\Dane aplikacji\Dev-Cpp
2008-03-26 17:31    ---------    d-----w    C:\Documents and Settings\Właściciel\Dane aplikacji\THQ
2008-03-26 17:30    ---------    d-----w    C:\Program Files\Deluxe Ski Jump 3
2008-03-21 10:56    22,328    ----a-w    C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-21 10:56    107,832    ----a-w    C:\WINDOWS\system32\PnkBstrB.exe
2008-02-15 18:13    7,680    ----a-w    C:\WINDOWS\system32\ff_vfw.dll
2008-02-15 18:13    60,273    ----a-w    C:\WINDOWS\system32\pthreadGC2.dll
2008-01-09 14:11    22,328    ----a-w    C:\Documents and Settings\Właściciel\Dane aplikacji\PnkBstrK.sys
2004-10-01 14:00    40,960    ----a-w    C:\Program Files\Uninstall_CDS.exe
2007-08-19 08:21    168    --sh--r    C:\WINDOWS\system32\67A05A885E.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2006-03-02 14:00 159744]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winuns32]
winuns32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Właściciel^Menu Start^Programy^Autostart^Adobe Gamma.lnk]
path=C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Właściciel^Menu Start^Programy^Autostart^OpenOffice.ux.pl 2.0.4.lnk]
path=C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\OpenOffice.ux.pl 2.0.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.ux.pl 2.0.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Właściciel^Menu Start^Programy^Autostart^Tibia.lnk]
path=C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\Tibia.lnk
backup=C:\WINDOWS\pss\Tibia.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Właściciel^Menu Start^Programy^Autostart^Xfire.lnk]
path=C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
E:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
--a------ 2006-08-01 18:04 3313664 E:\Program Files\BearShare1\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2006-03-02 14:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dzieńdobry!]
E:\Program Files\VSD Software\Dzieńdobry!\dziendobry.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]
--a------ 2003-03-24 17:38 1443328 E:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
E:\eMule\emule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2006-11-14 11:12 1849032 E:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 2004-10-27 16:21 61952 C:\WINDOWS\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IECheck]
--a------ 2005-11-17 20:40 108544 C:\WINDOWS\IECheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-05-16 11:58 213936 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-05-16 11:58 213936 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-05-16 11:58 86960 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 06:22 7700480 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 06:22 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 06:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
E:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
--a------ 2005-09-07 15:35 716800 C:\Program Files\Analog Devices\SoundMAX\smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2005-05-20 03:11 925696 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-01-16 00:54 37376 E:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--------- 2004-10-14 15:55 32768 C:\PROGRA~1\NEOSTR~1\GestMaj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 13:49 20480 C:\PROGRA~1\NEOSTR~1\Watch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SPF4"=2 (0x2)
"ForcewareWebInterface"=2 (0x2)
"ProtexisLicensing"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"FTRTSVC"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"E:\\BearShare\\BearShare.exe"=
"E:\\Program Files\\Xfire\\xfire.exe"=
"E:\\Program Files\\WapSter\\AQQ\\AQQ.exe"=
"E:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"=
"E:\\Marcin\\Ogólnie Tibia\\TibiCam\\TibiCAM.exe"=
"E:\\totalcmd\\TOTALCMD.EXE"=
"E:\\Program Files\\Tibia\\Tibia.exe"=
"E:\\Program Files\\Tibia80\\Tibia.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"E:\\Program Files\\Gadu-Gadu\\gg.exe"=
"E:\\Marcin\\TibiCAM_8.0\\TibiCAM\\TibiCAM.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"E:\\Program Files\\mIRC\\mirc.exe"=
"E:\\Program Files\\Valve\\hl.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"E:\\Program Files\\BearShare1\\BearShare.exe"=
"C:\\Program Files\\Blackd Tools\\Blackd Proxy\\BlackdProxy.exe"=
"C:\\Documents and Settings\\Właściciel\\Pulpit\\TibiCam\\TibiCAM.exe"=
"F:\\Program Files\\EA GAMES\\Need for Speed Underground 2\\speed2.exe"=
"C:\\Program Files\\Blackd Tools\\Blackd Proxy\\Updater.exe"=
"C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-02-24 17:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 11:03]
R3 msloop;Sterownik karty Microsoft Loopback;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 22:53]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 11:07]
S3 NPF;Netgroup Packet Filter;C:\WINDOWS\system32\drivers\npf.sys [2006-12-20 08:40]
S3 NTProcDrv;Process creation detector for NT.;E:\Silkroad\NtProcDrv.sys []
S4 SPF4;Sunbelt Personal Firewall 4;"E:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" []

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 14:44:44
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  PowerBar = ????<????4@?h?????6~????h???Z?6~(???*?6~t?@?l?@?x?e?????????????????????????,?????????????????????6~????W?9~0?6~????*?6~??6~?????4@???????????6~????l?@???????6~????t?@???b?????????l?@?l?@?????Q?7~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-15 14:46:26
ComboFix-quarantined-files.txt  2008-05-15 12:46:21

Pre-Run: 7,863,361,536 bajtów wolnych
Post-Run: 9,996,865,536 bajtów wolnych

229    --- E O F ---    2007-12-30 14:49:13



Prosze.


Acha. Nie moge jeszcze wylaczyc procesu ashDisp.exe.
 System operacyjny: windows_xp_2003 Przeglądarka: firefox
Programy: Polecane / Nowe / Inne




Podobne wątki (Wirus?)
Wątek: Autor Odpowiedzi: Wyświetleń: Ostatni post
  Wirus czy nie wirus?infekcja wykrywana w Setool 1.08 przez ESET ~Anonim 7 10534 06.06.2010, 14:20
Ostatni post: ~Anonim

Skocz do:


Wybrane wątki (Wirus?)
Wątek: Autor Odpowiedzi: Wyświetleń: Ostatni post
  Wirus znikąd Muerte 17 14521 15.11.2017 01:08
Ostatni post: Illidan
  Losowe przekierowywanie na strony różnego typu. RedStar 10 8858 12.11.2017 22:27
Ostatni post: RedStar
  Dziwne przekierowania Lexi 6 4500 11.11.2017 19:56
Ostatni post: Lexi
  Wirus router? wally92 9 4976 10.11.2017 17:51
Ostatni post: broda99
  Przekierowania na dziwne strony firefox corobic 7 6259 10.11.2017 15:27
Ostatni post: morderca
  Bsod kinky 3 4440 08.11.2017 19:34
Ostatni post: broda99
  Strona yahoo zamiast google pagodzik 5 4911 08.11.2017 11:31
Ostatni post: morderca
  Automatyczne włączanie się przeglądarki i tworzenie mnóstwo nowych kart Lukaskov 2 4426 08.11.2017 02:24
Ostatni post: Lukaskov
  Powolny komputer: bardzo długie uruchamianie systemu, powolne działanie aplikacji pagodzik 12 1952 07.11.2017 19:27
Ostatni post: pagodzik
  Trojan/adware Unstopacces.com/wpad.dat aqu32 4 4550 07.11.2017 10:27
Ostatni post: aqu32
  Ubezepieczenie serwisu? krantos 3 5682 07.11.2017 02:15
Ostatni post: krantos
  Losowe przekierowywanie na strony różnego typu. [wydzielone] pit1 0 4161 05.11.2017 17:40
Ostatni post: pit1
  Automatyczne przekierowywanie na różne stronki www pit1 4 4266 04.11.2017 20:17
Ostatni post: pit1
  Problem z plikiem Hex 3 4167 03.11.2017 16:33
Ostatni post: broda99
  Plik HRM Ewcik1977 1 5294 31.10.2017 23:17
Ostatni post: ~Anonim