Skocz do zawartości

Zarchiwizowany

Ten temat jest archiwizowany i nie można dodawać nowych odpowiedzi.

MeFFiu

Win 32 : Malware -gen

Przez MeFFiu, w Programy

Polecane posty

MeFFiu

MeFFiu

Napisano
Napisano

Witam !

Jestem nowy , więc jak coś źle zrobiłem to mnie poprawiajcie.

Wchodząc na stronę ChelseaLondyn ,Avast wykrył mi kilkanaście wirusów Malware-gen.

Niby są w kwarantannie , ale kiedy włączam kompa to nic nie mogę robić. I albo sam zaskoczy , albo muszę oczyszczać dysk lub kombinować aż się uda. Wirus niby jest osadzony w C:\Windows\system32\drivers.

Proszę o instrukcje co mam zrobić.

Wklejam Loga.

Logfile of random's system information tool 1.08 (written by random/random)

Run by 121 at 2010-07-25 10:19:26

Microsoft Windows XP Professional Dodatek Service Pack 3

System drive C: has 68 GB (91%) free of 75 GB

Total RAM: 1023 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:19:45, on 2010-07-25

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast5\afwServ.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ipla\ipla.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\121\Moje dokumenty\Pobieranie\RSIT.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\trend micro\121.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.ask.com?o=15003&l=dis

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\121\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Sopcast Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"

O4 - HKCU\..\Run: [iPLA!] C:\Program Files\ipla\ipla.exe /autorun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Startup: srvklw32.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{356BD619-FD8B-414F-83CF-061A3933F577}: NameServer = 62.233.233.233 87.204.204.204

O17 - HKLM\System\CS1\Services\Tcpip\..\{356BD619-FD8B-414F-83CF-061A3933F577}: NameServer = 62.233.233.233 87.204.204.204

O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe

O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--

End of file - 7075 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

Sopcast Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-06 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-06 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]

IEPluginBHO Class - C:\Documents and Settings\121\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-08-31 42088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]

{D4027C7F-154A-4066-A1AD-4243D8127440} - Sopcast Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"ALLUpdate"=C:\Program Files\ALLPlayer\ALLUpdate.exe [2009-11-11 870400]

"IPLA!"=C:\Program Files\ipla\ipla.exe [2010-02-02 14252952]

"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

C:\Program Files\DAEMON Tools Lite\daemon.exe -autorun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nowe Gadu-Gadu]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]

[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]

C:\Program Files\VIA\RAID\raid_tool.exe [2005-11-23 1060864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]

C:\PROGRA~1\SAGEM\SAGEMF~1\dslmon.exe [2007-02-13 1205840]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Documents and Settings\121\Menu Start\Programy\Autostart

srvklw32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-02 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Nowe Gadu-Gadu\gg.exe"="C:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu"

"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager"

"C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe"="C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Double Agent\SCDA-Offline\System\SplinterCell4.exe:*:Enabled:SplinterCell4"

"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary"

"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary"

"C:\Program Files\Gadu-Gadu 10\gg.exe"="C:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10"

"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe"="C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"

"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"

"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-07-25 10:19:27 ----D---- C:\Program Files\trend micro

2010-07-25 10:19:26 ----D---- C:\rsit

2010-07-25 09:59:35 ----D---- C:\WINDOWS\LastGood

2010-07-25 09:59:35 ----A---- C:\WINDOWS\Fast800.ini

2010-07-25 09:59:35 ----A---- C:\WINDOWS\adidsl.ini

2010-07-25 09:59:29 ----A---- C:\WINDOWS\adirasx64.exe

2010-07-25 09:59:29 ----A---- C:\WINDOWS\adiras.exe

2010-07-25 09:59:28 ----A---- C:\WINDOWS\system32\IPDETECT.EXE

2010-07-25 09:59:28 ----A---- C:\WINDOWS\system32\adadix32.dll

2010-07-25 09:59:27 ----A---- C:\WINDOWS\system32\drivers\e4usbawx64.sys

2010-07-25 09:59:27 ----A---- C:\WINDOWS\system32\drivers\e4usbaw.sys

2010-07-25 09:59:27 ----A---- C:\WINDOWS\system32\drivers\adiusbawx64.sys

2010-07-25 09:59:27 ----A---- C:\WINDOWS\system32\drivers\adiusbaw.sys

2010-07-25 09:59:25 ----A---- C:\WINDOWS\system32\unaddrv.x64.exe

2010-07-25 09:59:25 ----A---- C:\WINDOWS\system32\unaddrv.exe

2010-07-25 09:59:25 ----A---- C:\WINDOWS\system32\drivers\e4ldrx64.sys

2010-07-25 09:59:25 ----A---- C:\WINDOWS\system32\drivers\e4ldr.sys

2010-07-25 09:59:25 ----A---- C:\WINDOWS\system32\drivers\adildrx64.sys

2010-07-25 09:59:25 ----A---- C:\WINDOWS\system32\drivers\adildr.sys

2010-07-25 09:59:25 ----A---- C:\WINDOWS\system32\coclassfast.dll

2010-07-25 09:59:25 ----A---- C:\WINDOWS\system32\ADADIX2K.DLL

2010-07-25 09:59:25 ----A---- C:\WINDOWS\system32\ADADIX16.DLL

2010-07-25 09:59:25 ----A---- C:\WINDOWS\enddisk32.exe

2010-07-25 09:59:25 ----A---- C:\WINDOWS\autoclk.exe

2010-07-25 09:59:24 ----A---- C:\WINDOWS\system32\drivers\cmvep.txt

2010-07-25 09:59:24 ----A---- C:\WINDOWS\system32\drivers\cmvei.txt

2010-07-25 09:59:24 ----A---- C:\WINDOWS\system32\drivers\cmv9p.txt

2010-07-25 09:59:24 ----A---- C:\WINDOWS\system32\drivers\cmv9i.txt

2010-07-25 09:59:24 ----A---- C:\WINDOWS\system32\drivers\cmv4p.txt

2010-07-25 09:59:24 ----A---- C:\WINDOWS\system32\drivers\cmv4i.txt

2010-07-25 09:59:24 ----A---- C:\WINDOWS\system32\drivers\cmv4.txt

2010-07-25 09:59:24 ----A---- C:\WINDOWS\system32\drivers\CMV3p.txt

2010-07-25 09:59:24 ----A---- C:\WINDOWS\system32\drivers\cmv.txt

2010-07-25 09:59:16 ----D---- C:\Program Files\SAGEM

2010-07-25 09:59:13 ----D---- C:\Documents and Settings\121\Dane aplikacji\InstallShield

2010-07-25 09:55:54 ----D---- C:\WINDOWS\system32\CatRoot2

2010-07-25 08:35:30 ----D---- C:\WINDOWS\system32\Logfiles

2010-07-25 08:35:30 ----D---- C:\Inetpub

2010-07-17 14:10:56 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys

2010-07-17 14:10:56 ----A---- C:\WINDOWS\system32\drivers\aswFW.sys

2010-07-17 14:10:42 ----A---- C:\WINDOWS\system32\drivers\aswNdis2.sys

2010-07-17 14:10:31 ----A---- C:\WINDOWS\system32\drivers\aswNdis.sys

2010-07-17 14:10:16 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Alwil Software

======List of files/folders modified in the last 1 months======

2010-07-25 10:19:33 ----D---- C:\WINDOWS\Prefetch

2010-07-25 10:19:27 ----RD---- C:\Program Files

2010-07-25 10:01:39 ----D---- C:\WINDOWS\Temp

2010-07-25 10:01:35 ----D---- C:\WINDOWS\system32\CatRoot

2010-07-25 10:00:46 ----D---- C:\Program Files\Mozilla Firefox

2010-07-25 09:59:35 ----HD---- C:\WINDOWS\inf

2010-07-25 09:59:35 ----D---- C:\WINDOWS\system32\drivers

2010-07-25 09:59:35 ----D---- C:\WINDOWS

2010-07-25 09:59:35 ----A---- C:\WINDOWS\adiras.ini

2010-07-25 09:59:28 ----D---- C:\WINDOWS\system32

2010-07-25 09:59:23 ----HD---- C:\Program Files\InstallShield Installation Information

2010-07-25 09:04:17 ----SD---- C:\WINDOWS\Tasks

2010-07-25 09:03:09 ----D---- C:\Documents and Settings\121\Dane aplikacji\ipla

2010-07-25 08:58:44 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-07-25 08:35:30 ----D---- C:\WINDOWS\system32\inetsrv

2010-07-24 22:06:20 ----N---- C:\WINDOWS\SchedLgU.Txt

2010-07-24 21:57:20 ----A---- C:\WINDOWS\NeroDigital.ini

2010-07-17 14:15:08 ----D---- C:\Program Files\Alwil Software

2010-07-17 14:10:37 ----SHD---- C:\WINDOWS\Installer

2010-07-17 14:10:36 ----D---- C:\WINDOWS\WinSxS

2010-06-28 22:57:12 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdis;avast! Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\aswNdis.sys [2010-06-28 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service; C:\WINDOWS\system32\drivers\aswNdis2.sys [2010-06-28 188168]

R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-02-04 64288]

R0 Si3112;Si3112; C:\WINDOWS\system32\drivers\Si3112.sys [2008-05-02 62208]

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-02 691696]

R0 uagp35;Filtr AGPv3.5 firmy Microsoft; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-14 44672]

R0 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-11-23 92672]

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-02 77568]

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-06-28 28880]

R1 aswFW;avast! TDI Firewall driver; C:\WINDOWS\system32\drivers\aswFW.sys [2010-06-28 99280]

R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2010-06-28 312912]

R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-06-28 165456]

R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-06-28 46672]

R1 intelppm;Sterownik procesora Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]

R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-06-28 17744]

R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-06-28 100176]

R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-02-01 141246]

R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2005-02-01 16176]

R2 NwlnkIpx;Protokół transportowy zgodny z NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]

R2 NwlnkNb;System NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-17 63232]

R2 NwlnkSpx;Protokół NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-17 55936]

R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-06-28 23376]

R3 e4usbaw;USB ADSL2 WAN Adapter; C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 104344]

R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-11 41984]

R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-11 3958496]

R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]

R3 usbstor;Sterownik magazynu masowego USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

S2 E4LOADER;General Purpose USB Driver (e4ldr.sys); C:\WINDOWS\System32\Drivers\e4ldr.sys [2007-01-04 69656]

S3 ao4a0m1k;ao4a0m1k; C:\WINDOWS\system32\drivers\ao4a0m1k.sys []

S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]

R2 avast! Firewall;avast! Firewall; C:\Program Files\Alwil Software\Avast5\afwServ.exe [2010-06-28 119200]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-06 152984]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-05-02 1285864]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-07-24 53248]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-11 155715]

R2 NWCWorkstation;Usługa klienta dla systemu NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]

R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-12-01 918016]

-----------------EOF-----------------

Link do komentarza
Udostępnij na innych stronach
adam1415 Skalny Troll

adam1415

Napisano
Napisano

Po pierwsze wywal Avasta i zainstaluj cos co jest antywirusem, np pakiet Comodo Internet Security albo Comodo Firewall + Avira i wtedy przeskanuj.

Przeskanuj kompa Malwarebytes Antimalware i wynik wrzuc na forum, daj logi z OTL. Oba programiki do sciagniecia z netu.

Link do komentarza
Udostępnij na innych stronach
Sevard Balrog

Sevard

Napisano
Napisano

Przed tym, co wyżej uruchom komputer w trybie awaryjnym, wejdź do katalogu C:\Documents and Settings\121\Menu Start\Programy\Autostart i wywal z niego plik "srvklw32.exe", być może przed tym będziesz musiał "zabić" proces o tej nazwie za pomocą Menedżera zadań. Poza tym wyczyść katalogi z plikami tymczasowymi IE.

Link do komentarza
Udostępnij na innych stronach
Przejdź do listy tematów

  • Kto przegląda   0 użytkowników

    • Brak zalogowanych użytkowników przeglądających tę stronę.
×
×
  • Utwórz nowe...