Mainzer92 Napisano Marzec 11, 2010 Zgłoś Share Napisano Marzec 11, 2010 ściągnąłem plik otworzyłem go Avast wykrył wirusa chciałem go naprawić,usunąć itd ale pisało że nie ma takiej nazwy pliku nie wiedzałem co robić więc usunąłem go do kosza.wklejam skan z Malwarebytes' Anti-Malware i log z RSIT log z RSIT Logfile of random's system information tool 1.06 (written by random/random) Run by Besitzer at 2010-03-11 10:53:01 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 46 GB (60%) free of 76 GB Total RAM: 502 MB (24% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:53:23, on 2010-03-11 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Flock\flock.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Besitzer\Desktop\RSIT.exe C:\Programme\trend micro\Besitzer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: PHPNukeDE Toolbar - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHP1.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: PHPNukeDE Toolbar - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHP1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing) O3 - Toolbar: PHPNukeDE Toolbar - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHP1.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bearShare] "C:\Programme\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe O23 - Service: getPlus? Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Usługa Google Update (gupdate1ca3d0bf7646c6e) (gupdate1ca3d0bf7646c6e) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 7687 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] Winamp Toolbar Loader - C:\Programme\Winamp Toolbar\winamptb.dll [2009-02-19 1262888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2010-02-11 329312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37B85A21-692B-4205-9CAD-2626E4993404}] My Global Search Bar BHO - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL [2009-04-24 225280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-07 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9508125-4747-4733-b048-e4b82dc9716d}] PHPNukeDE Toolbar - C:\Programme\PHPNukeDE\tbPHP1.dll [2010-02-13 2349080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {37B85A29-692B-4205-9CAD-2626E4993404} - My Global Search Bar - C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL [2009-04-24 225280] {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - BearShare MediaBar - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll [] {c9508125-4747-4733-b048-e4b82dc9716d} - PHPNukeDE Toolbar - C:\Programme\PHPNukeDE\tbPHP1.dll [2010-02-13 2349080] {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Programme\Winamp Toolbar\winamptb.dll [2009-02-19 1262888] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-08-14 98304] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-08-14 114688] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-08-14 94208] "NWEReboot"= [] "RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768] "NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000] "BearShare"=C:\Programme\BearShare\BearShare.exe /pause [] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-11 149280] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2010-02-11 198160] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2006-08-14 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Metin2\metin2.bin"="C:\Programme\Metin2\metin2.bin:*:Disabled:metin2" "C:\Programme\BearShare\BearShare.exe"="C:\Programme\BearShare\BearShare.exe:*:Enabled:BearShare" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Programme\Nowe Gadu-Gadu\gg.exe"="C:\Programme\Nowe Gadu-Gadu\gg.exe:*:Disabled:Nowe Gadu-Gadu" "C:\Programme\BearShare Applications\BearShare\BearShare.exe"="C:\Programme\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare" "C:\Programme\Wru\Wru.exe"="C:\Programme\Wru\Wru.exe:*:Enabled:Wru P2P Client" "C:\Programme\age-of\Empires.exe"="C:\Programme\age-of\Empires.exe:*:Enabled:Age of Empires" "C:\Dokumente und Einstellungen\Besitzer\Desktop\age-of\Empires.exe"="C:\Dokumente und Einstellungen\Besitzer\Desktop\age-of\Empires.exe:*:Enabled:Age of Empires" "C:\Programme\Metin2_Germany\metin2.bin"="C:\Programme\Metin2_Germany\metin2.bin:*:Enabled:metin2" "C:\Programme\Java\jre6\bin\javaw.exe"="C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary" "C:\Programme\Ventrilo\Ventrilo.exe"="C:\Programme\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe" "C:\Programme\Gadu-Gadu 10\gg.exe"="C:\Programme\Gadu-Gadu 10\gg.exe:*:Disabled:Gadu-Gadu 10" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" ======List of files/folders created in the last 1 months====== 2010-03-11 10:53:04 ----D---- C:\Programme\trend micro 2010-03-11 10:53:01 ----D---- C:\rsit 2010-03-10 23:54:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$ 2010-03-10 22:50:51 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes 2010-03-10 22:50:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-03-10 22:50:40 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-03-10 03:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-02-24 07:42:28 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$ 2010-02-15 23:47:50 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OpenFM 2010-02-15 23:47:47 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\OpenFM 2010-02-15 08:22:56 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gadu-Gadu 10 2010-02-15 08:22:47 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Gadu-Gadu 10 2010-02-15 08:22:12 ----D---- C:\Programme\Gadu-Gadu 10 2010-02-12 08:41:51 ----RD---- C:\Programme\Skype ======List of files/folders modified in the last 1 months====== 2010-03-11 10:53:04 ----RD---- C:\Programme 2010-03-11 10:53:04 ----D---- C:\WINDOWS\Prefetch 2010-03-11 10:30:55 ----D---- C:\Programme\Flock 2010-03-11 09:49:34 ----D---- C:\WINDOWS\Temp 2010-03-11 09:49:10 ----SD---- C:\WINDOWS\Tasks 2010-03-11 09:37:27 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-03-11 09:37:26 ----D---- C:\WINDOWS\system32\CatRoot2 2010-03-11 06:28:52 ----D---- C:\WINDOWS 2010-03-11 06:28:20 ----D---- C:\WINDOWS\system32 2010-03-10 23:55:36 ----HD---- C:\WINDOWS\inf 2010-03-10 23:55:30 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-03-10 23:55:27 ----D---- C:\WINDOWS\system32\de-de 2010-03-10 23:55:27 ----D---- C:\Programme\Internet Explorer 2010-03-10 23:55:15 ----D---- C:\WINDOWS\ie7updates 2010-03-10 23:55:03 ----A---- C:\WINDOWS\imsins.BAK 2010-03-10 23:54:39 ----HD---- C:\WINDOWS\$hf_mig$ 2010-03-10 22:50:44 ----D---- C:\WINDOWS\system32\drivers 2010-03-10 22:03:23 ----D---- C:\Programme\Asprate 2010-03-10 21:54:48 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Skype 2010-03-10 15:35:15 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater 2010-03-10 06:34:40 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Vso 2010-03-10 05:15:14 ----D---- C:\Programme\Mozilla Firefox 2010-03-10 05:07:40 ----D---- C:\WINDOWS\Media 2010-03-10 05:07:40 ----D---- C:\WINDOWS\Help 2010-03-10 05:06:19 ----D---- C:\WINDOWS\ie8updates 2010-03-10 03:03:46 ----D---- C:\Programme\Movie Maker 2010-03-08 08:26:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real 2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe 2010-02-27 18:52:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton 2010-02-27 18:52:44 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared 2010-02-26 08:06:30 ----SHD---- C:\WINDOWS\Installer 2010-02-22 15:52:27 ----D---- C:\PROGRAM FILES 2010-02-19 19:18:14 ----SHD---- C:\Config.Msi 2010-02-12 08:41:50 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120] R3 E100B;Intel? PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-08-06 163328] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-08-14 1109568] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-10-23 12288] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-10-27 47360] R3 st3bus28;st3bus28; C:\WINDOWS\system32\DRIVERS\st3bus28.sys [2002-12-28 8416] R3 st3mp28;st3mp28; C:\WINDOWS\system32\DRIVERS\st3mp28.sys [2002-12-28 95328] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PAC207;SoC PC-Camera; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 162176] S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2006-08-23 41728] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; C:\Programme\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752] R2 avast! Antivirus;avast! Antivirus; C:\Programme\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680] R2 Capture Device Service;Capture Device Service; C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Programme\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Programme\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920] S2 gupdate1ca3d0bf7646c6e;Usługa Google Update (gupdate1ca3d0bf7646c6e); C:\Programme\Google\Update\GoogleUpdate.exe [2009-09-24 133104] S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-07 183280] S3 getPlus? Helper;getPlus? Helper; C:\Programme\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176] S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] -----------------EOF----------------- SKAN z Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware 1.44 Wersja bazy definicji: 3849 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 2010-03-11 12:54:10 mbam-log-2010-03-11 (12-54-00).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|) Przeskanowane obiekty: 203767 Upłynęło: 1 hour(s), 13 minute(s), 49 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 20 Zainfekowane wartości rejestru: 2 Zainfekowane pliki rejestru: 2 Zainfekowane foldery: 6 Zainfekowane pliki: 17 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\TypeLib\{37b85a20-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> No action taken. HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> No action taken. Zainfekowane wartości rejestru: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken. Zainfekowane pliki rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Zainfekowane foldery: C:\Programme\MyGlobalSearch (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\Cache (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\History (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\Settings (Adware.MyWebSearch) -> No action taken. Zainfekowane pliki: C:\Programme\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\1.bin\M9FFXTBR.JAR (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\1.bin\M9FFXTBR.MANIFEST (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\1.bin\M9NTSTBR.JAR (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\1.bin\M9NTSTBR.MANIFEST (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\1.bin\M9PLUGIN.DLL (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\1.bin\NPMYGLSH.DLL (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\Cache\000854A1 (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\Cache\000855D9 (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\Cache\00249BB4 (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\Cache\00E518BE.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\Cache\00E5209D.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\Cache\00E52CF2.bin (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\Cache\01FB9558 (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) -> No action taken. C:\Programme\MyGlobalSearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) -> No action taken. usunąłem zaznaczone zainfekowane pliki co dalej robić? SKAN z Malwarebytes´Anti-Malware po usunieciu zainfekowanych plikow Malwarebytes' Anti-Malware 1.44 Wersja bazy definicji: 3849 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 2010-03-11 15:32:57 mbam-log-2010-03-11 (15-32-57).txt Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|) Przeskanowane obiekty: 203731 Upłynęło: 1 hour(s), 19 minute(s), 10 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 0 Zainfekowane pliki rejestru: 0 Zainfekowane foldery: 0 Zainfekowane pliki: 0 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: (Nie wykryto groźnych plików) Zainfekowane pliki rejestru: (Nie wykryto groźnych plików) Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: (Nie wykryto groźnych plików) czyli nie mam juz robaka wirusa? moge jeszcze cos zrobic? Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Marzec 11, 2010 Zgłoś Share Napisano Marzec 11, 2010 Daj świeży log z RSITa, bo po tym co zrobił Malwarebytes' parę rzeczy powinno się w nim zmienić. Link do komentarza Udostępnij na innych stronach More sharing options...
Mainzer92 Napisano Marzec 11, 2010 Autor Zgłoś Share Napisano Marzec 11, 2010 Logfile of random's system information tool 1.06 (written by random/random) Run by Besitzer at 2010-03-11 23:27:10 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 46 GB (60%) free of 76 GB Total RAM: 502 MB (36% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:27:18, on 2010-03-11 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Besitzer\Desktop\RSIT.exe C:\Programme\trend micro\Besitzer.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: PHPNukeDE Toolbar - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHP1.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: PHPNukeDE Toolbar - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHP1.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing) O3 - Toolbar: PHPNukeDE Toolbar - {c9508125-4747-4733-b048-e4b82dc9716d} - C:\Programme\PHPNukeDE\tbPHP1.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bearShare] "C:\Programme\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe O23 - Service: getPlus? Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Usługa Google Update (gupdate1ca3d0bf7646c6e) (gupdate1ca3d0bf7646c6e) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe -- End of file - 7401 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] Winamp Toolbar Loader - C:\Programme\Winamp Toolbar\winamptb.dll [2009-02-19 1262888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2010-02-11 329312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-07 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9508125-4747-4733-b048-e4b82dc9716d}] PHPNukeDE Toolbar - C:\Programme\PHPNukeDE\tbPHP1.dll [2010-02-13 2349080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - BearShare MediaBar - C:\Programme\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll [] {c9508125-4747-4733-b048-e4b82dc9716d} - PHPNukeDE Toolbar - C:\Programme\PHPNukeDE\tbPHP1.dll [2010-02-13 2349080] {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Programme\Winamp Toolbar\winamptb.dll [2009-02-19 1262888] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-08-14 98304] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-08-14 114688] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-08-14 94208] "NWEReboot"= [] "RemoteControl"=C:\Programme\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768] "NeroFilterCheck"=C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe [2006-01-12 155648] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000] "BearShare"=C:\Programme\BearShare\BearShare.exe /pause [] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2009-10-11 149280] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "TkBellExe"=C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe [2010-02-11 198160] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2006-08-14 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Metin2\metin2.bin"="C:\Programme\Metin2\metin2.bin:*:Disabled:metin2" "C:\Programme\BearShare\BearShare.exe"="C:\Programme\BearShare\BearShare.exe:*:Enabled:BearShare" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Programme\Nowe Gadu-Gadu\gg.exe"="C:\Programme\Nowe Gadu-Gadu\gg.exe:*:Disabled:Nowe Gadu-Gadu" "C:\Programme\BearShare Applications\BearShare\BearShare.exe"="C:\Programme\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare" "C:\Programme\Wru\Wru.exe"="C:\Programme\Wru\Wru.exe:*:Enabled:Wru P2P Client" "C:\Programme\age-of\Empires.exe"="C:\Programme\age-of\Empires.exe:*:Enabled:Age of Empires" "C:\Dokumente und Einstellungen\Besitzer\Desktop\age-of\Empires.exe"="C:\Dokumente und Einstellungen\Besitzer\Desktop\age-of\Empires.exe:*:Enabled:Age of Empires" "C:\Programme\Metin2_Germany\metin2.bin"="C:\Programme\Metin2_Germany\metin2.bin:*:Enabled:metin2" "C:\Programme\Java\jre6\bin\javaw.exe"="C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary" "C:\Programme\Ventrilo\Ventrilo.exe"="C:\Programme\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe" "C:\Programme\Gadu-Gadu 10\gg.exe"="C:\Programme\Gadu-Gadu 10\gg.exe:*:Disabled:Gadu-Gadu 10" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Programme\MSN Messenger\livecall.exe"="C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" ======List of files/folders created in the last 1 months====== 2010-03-11 10:53:04 ----D---- C:\Programme\trend micro 2010-03-11 10:53:01 ----D---- C:\rsit 2010-03-10 23:54:54 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$ 2010-03-10 22:50:51 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes 2010-03-10 22:50:42 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-03-10 22:50:40 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-03-10 03:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$ 2010-02-24 07:42:28 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$ 2010-02-15 23:47:50 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OpenFM 2010-02-15 23:47:47 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\OpenFM 2010-02-15 08:22:56 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gadu-Gadu 10 2010-02-15 08:22:47 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Gadu-Gadu 10 2010-02-15 08:22:12 ----D---- C:\Programme\Gadu-Gadu 10 2010-02-12 08:41:51 ----RD---- C:\Programme\Skype ======List of files/folders modified in the last 1 months====== 2010-03-11 21:30:08 ----D---- C:\WINDOWS\Temp 2010-03-11 21:26:14 ----D---- C:\WINDOWS\Prefetch 2010-03-11 17:10:37 ----D---- C:\Programme\Asprate 2010-03-11 16:36:21 ----SD---- C:\WINDOWS\Tasks 2010-03-11 16:36:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater 2010-03-11 13:24:59 ----D---- C:\Programme\Flock 2010-03-11 13:20:16 ----D---- C:\WINDOWS\system32\drivers 2010-03-11 13:20:16 ----D---- C:\WINDOWS\addins 2010-03-11 13:19:51 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-03-11 13:18:15 ----RD---- C:\Programme 2010-03-11 09:37:26 ----D---- C:\WINDOWS\system32\CatRoot2 2010-03-11 06:28:52 ----D---- C:\WINDOWS 2010-03-11 06:28:20 ----D---- C:\WINDOWS\system32 2010-03-10 23:55:36 ----HD---- C:\WINDOWS\inf 2010-03-10 23:55:30 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-03-10 23:55:27 ----D---- C:\WINDOWS\system32\de-de 2010-03-10 23:55:27 ----D---- C:\Programme\Internet Explorer 2010-03-10 23:55:15 ----D---- C:\WINDOWS\ie7updates 2010-03-10 23:55:03 ----A---- C:\WINDOWS\imsins.BAK 2010-03-10 23:54:39 ----HD---- C:\WINDOWS\$hf_mig$ 2010-03-10 21:54:48 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Skype 2010-03-10 06:34:40 ----D---- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Vso 2010-03-10 05:15:14 ----D---- C:\Programme\Mozilla Firefox 2010-03-10 05:07:40 ----D---- C:\WINDOWS\Media 2010-03-10 05:07:40 ----D---- C:\WINDOWS\Help 2010-03-10 05:06:19 ----D---- C:\WINDOWS\ie8updates 2010-03-10 03:03:46 ----D---- C:\Programme\Movie Maker 2010-03-08 08:26:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real 2010-03-02 06:30:12 ----A---- C:\WINDOWS\system32\MRT.exe 2010-02-27 18:52:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton 2010-02-27 18:52:44 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared 2010-02-26 08:06:30 ----SHD---- C:\WINDOWS\Installer 2010-02-22 15:52:27 ----D---- C:\PROGRAM FILES 2010-02-19 19:18:14 ----SHD---- C:\Config.Msi 2010-02-12 08:41:50 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120] R3 E100B;Intel? PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-08-06 163328] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-08-14 1109568] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-10-23 12288] R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-10-27 47360] R3 st3bus28;st3bus28; C:\WINDOWS\system32\DRIVERS\st3bus28.sys [2002-12-28 8416] R3 st3mp28;st3mp28; C:\WINDOWS\system32\DRIVERS\st3mp28.sys [2002-12-28 95328] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PAC207;SoC PC-Camera; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 162176] S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2006-08-23 41728] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aswUpdSv;avast! iAVS4 Control Service; C:\Programme\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752] R2 avast! Antivirus;avast! Antivirus; C:\Programme\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680] R2 Capture Device Service;Capture Device Service; C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Programme\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Programme\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920] S2 gupdate1ca3d0bf7646c6e;Usługa Google Update (gupdate1ca3d0bf7646c6e); C:\Programme\Google\Update\GoogleUpdate.exe [2009-09-24 133104] S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-07 183280] S3 getPlus? Helper;getPlus? Helper; C:\Programme\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176] S3 usnjsvc;Messenger USN Journal Reader-Service für freigegebene Ordner; C:\Programme\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Usługa udostępniania w sieci programu Windows Media Player; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-12-01 918016] -----------------EOF----------------- i jak : P? Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Marzec 11, 2010 Zgłoś Share Napisano Marzec 11, 2010 Log wygląda na czysty. System działa już normalnie, czy jeszcze coś się dzieje. Jeśli coś jest nie tak, to opisz co. [edit] Byłbym zapomniał. Zmień Avasta na jakiegoś antywirusa, który działa. Z darmowych rozwiązań polecam połączenie Avira + Comodo Firewall, lub samo Comodo Internet Security. Link do komentarza Udostępnij na innych stronach More sharing options...
Mainzer92 Napisano Marzec 12, 2010 Autor Zgłoś Share Napisano Marzec 12, 2010 no wszystko jest okey jesli chodzi o avasta no czytalem o nim wszystko z nim jest okey tylko niekiedy wysyla bledne powiadomienia czy cos o wirusie to nie tak zle jesli cos takiego sie stanie to skan zrobie Malwarebytes' Anti-Malware i sie sprawdzi dzieki i pozdrawiam Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Marzec 12, 2010 Zgłoś Share Napisano Marzec 12, 2010 Aż za którymś razem wpuści Viruta, Sality, czy coś podobnego i Malwarebytes' (ani żaden inny program tego typu) nie pomoże. Avast czasem wykrywa te dwa wirusy, które wymieniłem, ale nie potrafi ich zatrzymać. Bydlaki rozprzestrzeniają się szybko na wszystkie pliki z rozszerzeniem exe, jakie znajdą. Link do komentarza Udostępnij na innych stronach More sharing options...