Biblioteka DLL nie jest poprawnym obrazem systemu windows nt

DchJos · 13 Kwiecień 2009 13:03

Bardzo proszę o pomoc, taki sam problem, jestem na skraju załamania nerwowego…

Przepraszam za podpięcie sie pod inny temat …

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:58:48, on 2009-04-13

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)

O2 - BHO: (no name) - {52D06F97-5511-43FA-8FDA-C481864FD26E} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmuhflh.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe


--

End of file - 5216 bytes

ComboFix 09-04-13.A2 - Administrator 2009-04-13 15:05.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2046.1638 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe


UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA 

.


((((((((((((((((((((((((( Pliki utworzone od 2009-03-13 do 2009-04-13 )))))))))))))))))))))))))))))))

.


2009-04-13 10:42 . 2008-12-11 06:38	159600	----a-w	c:\windows\system32\drivers\pctgntdi.sys

2009-04-13 10:41 . 2009-03-06 14:45	130424	----a-w	c:\windows\system32\drivers\PCTCore.sys

2009-04-13 10:41 . 2008-12-18 10:16	73840	----a-w	c:\windows\system32\drivers\PCTAppEvent.sys

2009-04-13 10:41 . 2008-12-10 10:36	64392	----a-w	c:\windows\system32\drivers\pctplsg.sys

2009-04-13 10:41 . 2009-04-13 10:41	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\PC Tools

2009-04-12 15:55 . 2009-04-12 15:58	9984	----a-w	c:\windows\system32\mmmuhflh.dll

2009-04-07 21:31 . 2009-04-07 21:31	189784	----a-w	c:\windows\system32\PnkBstrB.xtr

2009-04-07 20:58 . 2009-04-07 20:58	--------	d-----w	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\PunkBuster

2009-04-07 20:55 . 2009-04-07 20:55	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\id Software

2009-04-07 20:52 . 2009-04-07 20:52	2246144	----a-w	c:\windows\system32\pbsvc.exe

2009-04-07 20:52 . 2009-04-07 20:52	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\id Software

2009-04-07 18:49 . 2009-04-07 18:49	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Diskeeper Corporation

2009-04-07 07:20 . 2009-04-07 14:41	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Mount&Blade

2009-04-06 19:54 . 2009-04-06 20:12	--------	d-----w	C:\Left 4 Dead

2009-03-25 10:04 . 2009-03-25 10:04	--------	d-----w	c:\documents and settings\LocalService\Pulpit

2009-03-20 22:36 . 2004-08-18 08:34	442368	----a-r	c:\windows\system32\vp6vfw.dll


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-13 12:45 . 2007-12-12 22:35	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2009-04-13 12:39 . 2001-10-26 16:15	82010	----a-w	c:\windows\system32\perfc015.dat

2009-04-13 12:39 . 2001-10-26 16:15	484634	----a-w	c:\windows\system32\perfh015.dat

2009-04-13 11:35 . 2009-04-13 11:35	--------	d-----w	c:\program files\Alwil Software

2009-04-13 11:22 . 2007-12-04 13:11	--------	d---a-w	c:\documents and settings\All Users\Dane aplikacji\TEMP

2009-04-13 11:19 . 2009-04-13 11:19	--------	d-----w	c:\program files\Trend Micro

2009-04-13 10:43 . 2009-04-13 10:41	--------	d-----w	c:\program files\Spyware Doctor

2009-04-13 10:42 . 2009-04-13 10:41	--------	d-----w	c:\program files\Common Files\PC Tools

2009-04-12 11:24 . 2008-04-25 14:29	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Skype

2009-04-12 11:24 . 2007-11-28 18:43	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\skypePM

2009-04-12 07:04 . 2007-12-12 22:35	--------	d-----w	c:\program files\Spybot - Search & Destroy

2009-04-12 07:03 . 2009-03-24 21:48	--------	d-----w	c:\program files\Lavasoft

2009-04-12 07:03 . 2008-11-13 22:27	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Lavasoft

2009-04-12 06:29 . 2009-03-26 07:35	4028	----a-w	C:\aaw7boot.log

2009-04-12 06:27 . 2008-09-10 08:28	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\uTorrent

2009-04-11 22:59 . 2009-01-19 16:30	--------	d-----w	c:\program files\Lineage II

2009-04-11 22:24 . 2008-11-20 21:30	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Ventrilo

2009-04-11 18:21 . 2009-03-06 19:22	--------	d-----w	c:\program files\Garena

2009-04-11 15:02 . 2008-10-15 13:29	--------	d-----w	c:\program files\NAPI-PROJEKT

2009-04-10 17:07 . 2008-08-02 17:53	--------	d-----w	c:\program files\Uniblue

2009-04-10 17:07 . 2008-08-02 17:14	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Uniblue

2009-04-10 12:34 . 2007-11-28 08:49	--------	d--h--w	c:\program files\InstallShield Installation Information

2009-04-09 07:11 . 2007-12-30 23:54	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\foobar2000

2009-04-07 21:31 . 2008-02-18 14:31	138944	----a-w	c:\windows\system32\drivers\PnkBstrK.sys

2009-04-07 21:31 . 2008-02-18 14:31	189784	----a-w	c:\windows\system32\PnkBstrB.exe

2009-04-07 21:26 . 2008-02-18 14:30	75064	----a-w	c:\windows\system32\PnkBstrA.exe

2009-04-07 20:52 . 2008-05-02 12:59	22328	----a-w	c:\documents and settings\Administrator\Dane aplikacji\PnkBstrK.sys

2009-04-07 19:45 . 2009-04-07 19:44	--------	d-----w	c:\program files\Fallout 3

2009-04-07 19:40 . 2009-04-07 19:40	--------	d-----w	c:\program files\Microsoft Games for Windows - LIVE

2009-04-07 19:29 . 2009-04-07 19:29	--------	d-----w	c:\program files\Bethesda Softworks

2009-04-07 19:28 . 2008-11-08 02:24	70776	----a-w	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2009-04-07 19:14 . 2009-03-04 19:12	--------	d-----w	c:\program files\Executive Software

2009-04-07 18:49 . 2009-04-07 18:49	--------	d-----w	c:\program files\Diskeeper Corporation

2009-04-07 07:22 . 2009-04-07 07:19	--------	d-----w	c:\program files\Mount&Blade

2009-04-03 13:58 . 2009-04-03 13:58	--------	d-----w	c:\program files\Ventrilo

2009-04-03 13:58 . 2008-11-07 19:50	--------	d-----w	c:\program files\Common Files\Wise Installation Wizard

2009-04-01 21:29 . 2007-12-11 08:57	--------	d-----w	c:\program files\Warcraft III

2009-03-22 01:31 . 2008-07-09 00:09	87606	----a-w	c:\windows\War3Unin.dat

2009-03-20 22:36 . 2009-03-20 22:36	--------	d-----w	c:\program files\EA GAMES

2009-03-14 01:38 . 2009-03-14 01:38	--------	d-----w	c:\program files\Auto Combat Points

2009-03-10 20:58 . 2007-12-04 17:37	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\teamspeak2

2009-03-06 02:35 . 2008-02-12 17:14	--------	d-----w	c:\program files\Valve

2009-03-01 17:40 . 2007-12-12 23:10	--------	d-----w	c:\program files\SpeedFan

2009-02-25 11:20 . 2009-02-25 11:20	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\InstallShield Installation Information

2009-02-25 11:12 . 2009-02-25 11:12	--------	d-----w	c:\program files\KOEI

2009-02-15 18:15 . 2008-08-09 19:17	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\BESTplayer

2009-02-13 13:55 . 2009-02-13 13:55	--------	d-----w	c:\program files\Ubisoft

2009-01-19 18:20 . 2007-12-24 01:21	18864	----a-w	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-12-03 14:57 . 2008-12-03 14:57	47360	----a-w	c:\documents and settings\Administrator\Dane aplikacji\pcouffin.sys

2007-11-28 18:43 . 2007-11-28 18:43	32	----a-w	c:\documents and settings\All Users\Dane aplikacji\ezsid.dat

.


((((((((((((((((((((((((((((( SnapShot@2009-04-13_13.32.18,18 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-04-13 12:36 . 2009-04-13 12:36	16384 c:\windows\Temp\Perflib_Perfdata_5b0.dat

+ 2009-04-13 12:35 . 2009-04-13 12:35	16384 c:\windows\Temp\Perflib_Perfdata_1cc.dat

- 2001-10-26 16:15 . 2009-04-13 10:37	82010 c:\windows\system32\perfc015.dat

+ 2001-10-26 16:15 . 2009-04-13 12:39	82010 c:\windows\system32\perfc015.dat

+ 2001-08-17 21:30 . 2009-04-13 12:39	66376 c:\windows\system32\perfc009.dat

- 2001-08-17 21:30 . 2009-04-13 10:37	66376 c:\windows\system32\perfc009.dat

+ 2009-04-13 11:35 . 2009-02-05 20:06	51376 c:\windows\system32\drivers\aswTdi.sys

+ 2009-04-13 11:35 . 2009-02-05 20:06	23152 c:\windows\system32\drivers\aswRdr.sys

+ 2009-04-13 11:35 . 2009-02-05 20:08	94032 c:\windows\system32\drivers\aswmon2.sys

+ 2009-04-13 11:35 . 2009-02-05 20:08	93296 c:\windows\system32\drivers\aswmon.sys

+ 2009-04-13 11:35 . 2009-02-05 20:07	20560 c:\windows\system32\drivers\aswFsBlk.sys

+ 2009-04-13 11:35 . 2009-02-05 20:05	26944 c:\windows\system32\drivers\aavmker4.sys

+ 2009-04-13 11:35 . 2009-02-05 20:04	97480 c:\windows\system32\AvastSS.scr

- 2001-10-26 16:15 . 2009-04-13 10:37	484634 c:\windows\system32\perfh015.dat

+ 2001-10-26 16:15 . 2009-04-13 12:39	484634 c:\windows\system32\perfh015.dat

+ 2001-08-17 21:30 . 2009-04-13 12:39	427592 c:\windows\system32\perfh009.dat

- 2001-08-17 21:30 . 2009-04-13 10:37	427592 c:\windows\system32\perfh009.dat

+ 2009-04-13 11:35 . 2009-02-05 20:07	114768 c:\windows\system32\drivers\aswSP.sys

+ 2009-04-13 11:35 . 2009-02-05 20:11	1256296 c:\windows\system32\aswBoot.exe

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 1885464]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

"nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\mmmuhflh.dll


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute	REG_MULTI_SZ autocheck autochk *\[u]0[/u]autocheck lsdelete


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 18:24 1694208 c:\program files\Messenger\msmsgs.exe


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Lineage II\\LineageII.exe"=

"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=

"c:\\Program Files\\7-Zip\\7zFM.exe"=

"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Hamachi\\hamachi.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=

"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=

"c:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\wscntfy.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26453:TCP"= 26453:TCP:BitComet 26453 TCP

"26453:UDP"= 26453:UDP:BitComet 26453 UDP

"17771:UDP"= 17771:UDP:17771

"23381:TCP"= 23381:TCP:BitComet 23381 TCP

"23381:UDP"= 23381:UDP:BitComet 23381 UDP


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)


R2 acpi32;acpi32; [x]

R2 amd64si;amd64si; [x]

R2 ati64si;ati64si; [x]

R2 fips32cup;fips32cup; [x]

R2 i386si;i386si; [x]

R2 ksi32sk;ksi32sk; [x]

R2 netsik;netsik; [x]

R2 nicsk32;nicsk32; [x]

R2 port135sik;port135sik; [x]

R2 securentm;securentm; [x]

R2 systemntmi;systemntmi; [x]

R2 ws2_32sik;ws2_32sik; [x]

R3 AmdTools;AMD Special Tools Driver; [x]

R3 iteio;iteio; [x]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]

R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [2008-09-08 98488]

R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]



--- Inne Usługi/Sterowniki w Pamięci ---


*NewlyCreated* - AAVMKER4

*NewlyCreated* - ASWFSBLK

*NewlyCreated* - ASWMON2

*NewlyCreated* - ASWRDR

*NewlyCreated* - ASWSP

*NewlyCreated* - ASWTDI

*NewlyCreated* - ASWUPDSV

*NewlyCreated* - AVAST!_ANTIVIRUS

*NewlyCreated* - AVAST!_MAIL_SCANNER

*NewlyCreated* - AVAST!_WEB_SCANNER

.

Zawartość folderu 'Zaplanowane zadania'


2009-04-10 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []


2009-04-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []


2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]


2009-03-30 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job

- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []


2008-08-02 c:\windows\Tasks\Uniblue SpeedUpMyPC.job

- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []


2008-08-03 c:\windows\Tasks\Uniblue SpyEraser.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

.

.

------- Skan uzupełniający -------

.

IE: &D&ownload &with BitComet

IE: &D&ownload all video with BitComet

IE: &D&ownload all with BitComet

IE: Download all links using BitComet

IE: Download all videos using BitComet

IE: Download link using &BitComet

IE: Download with GetRight

IE: Open with GetRight Browser

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java

FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ixnf2nff.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=

FF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll

.


**************************************************************************


catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-13 15:09

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'explorer.exe'(2372)

c:\windows\system32\nview.dll

c:\windows\system32\NVWRSPL.DLL

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\browselc.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

c:\progra~1\SPYBOT~1\SDHelper.dll

c:\program files\Microsoft Office\OFFICE11\msohev.dll

c:\windows\system32\nvwddi.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

.

Czas ukończenia: 2009-04-13 15:13

ComboFix-quarantined-files.txt 2009-04-13 13:13

ComboFix2.txt 2009-04-13 11:34


Przed: 28 471 050 240 bajtów wolnych

Po: 28,457,418,752 bajtów wolnych


252	--- E O F ---	2008-01-10 02:01

[/code]

Frog · 13 Kwiecień 2009 13:10

DchJos , na przyszłość nie podpinaj się pod istniejące tematy - jeżeli masz problem, załóż własny temat.

Wydzielono.

Leon1 · 13 Kwiecień 2009 13:17

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 ale nie włączaj

Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

DchJos · 13 Kwiecień 2009 13:29

Dziekuję za błyskawiczną odpowiedź

ComboFix 09-04-13.A2 - Administrator 2009-04-13 15:25.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2046.1591 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\Administrator\Pulpit\CFScript.txt

 * Utworzono nowy punkt przywracania


UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA 


FILE ::

c:\windows\system32\mmmuhflh.dll

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\windows\system32\mmmuhflh.dll


.

((((((((((((((((((((((((( Pliki utworzone od 2009-03-13 do 2009-04-13 )))))))))))))))))))))))))))))))

.


2009-04-13 10:42 . 2008-12-11 06:38	159600	----a-w	c:\windows\system32\drivers\pctgntdi.sys

2009-04-13 10:41 . 2009-03-06 14:45	130424	----a-w	c:\windows\system32\drivers\PCTCore.sys

2009-04-13 10:41 . 2008-12-18 10:16	73840	----a-w	c:\windows\system32\drivers\PCTAppEvent.sys

2009-04-13 10:41 . 2008-12-10 10:36	64392	----a-w	c:\windows\system32\drivers\pctplsg.sys

2009-04-13 10:41 . 2009-04-13 10:41	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\PC Tools

2009-04-07 21:31 . 2009-04-07 21:31	189784	----a-w	c:\windows\system32\PnkBstrB.xtr

2009-04-07 20:58 . 2009-04-07 20:58	--------	d-----w	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\PunkBuster

2009-04-07 20:55 . 2009-04-07 20:55	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\id Software

2009-04-07 20:52 . 2009-04-07 20:52	2246144	----a-w	c:\windows\system32\pbsvc.exe

2009-04-07 20:52 . 2009-04-07 20:52	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\id Software

2009-04-07 18:49 . 2009-04-07 18:49	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Diskeeper Corporation

2009-04-07 07:20 . 2009-04-07 14:41	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Mount&Blade

2009-04-06 19:54 . 2009-04-06 20:12	--------	d-----w	C:\Left 4 Dead

2009-03-25 10:04 . 2009-03-25 10:04	--------	d-----w	c:\documents and settings\LocalService\Pulpit

2009-03-20 22:36 . 2004-08-18 08:34	442368	----a-r	c:\windows\system32\vp6vfw.dll


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-13 12:45 . 2007-12-12 22:35	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2009-04-13 12:39 . 2001-10-26 16:15	82010	----a-w	c:\windows\system32\perfc015.dat

2009-04-13 12:39 . 2001-10-26 16:15	484634	----a-w	c:\windows\system32\perfh015.dat

2009-04-13 11:35 . 2009-04-13 11:35	--------	d-----w	c:\program files\Alwil Software

2009-04-13 11:22 . 2007-12-04 13:11	--------	d---a-w	c:\documents and settings\All Users\Dane aplikacji\TEMP

2009-04-13 11:19 . 2009-04-13 11:19	--------	d-----w	c:\program files\Trend Micro

2009-04-13 10:43 . 2009-04-13 10:41	--------	d-----w	c:\program files\Spyware Doctor

2009-04-13 10:42 . 2009-04-13 10:41	--------	d-----w	c:\program files\Common Files\PC Tools

2009-04-12 11:24 . 2008-04-25 14:29	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Skype

2009-04-12 11:24 . 2007-11-28 18:43	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\skypePM

2009-04-12 07:04 . 2007-12-12 22:35	--------	d-----w	c:\program files\Spybot - Search & Destroy

2009-04-12 07:03 . 2009-03-24 21:48	--------	d-----w	c:\program files\Lavasoft

2009-04-12 07:03 . 2008-11-13 22:27	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Lavasoft

2009-04-12 06:29 . 2009-03-26 07:35	4028	----a-w	C:\aaw7boot.log

2009-04-12 06:27 . 2008-09-10 08:28	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\uTorrent

2009-04-11 22:59 . 2009-01-19 16:30	--------	d-----w	c:\program files\Lineage II

2009-04-11 22:24 . 2008-11-20 21:30	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Ventrilo

2009-04-11 18:21 . 2009-03-06 19:22	--------	d-----w	c:\program files\Garena

2009-04-11 15:02 . 2008-10-15 13:29	--------	d-----w	c:\program files\NAPI-PROJEKT

2009-04-10 17:07 . 2008-08-02 17:53	--------	d-----w	c:\program files\Uniblue

2009-04-10 17:07 . 2008-08-02 17:14	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Uniblue

2009-04-10 12:34 . 2007-11-28 08:49	--------	d--h--w	c:\program files\InstallShield Installation Information

2009-04-09 07:11 . 2007-12-30 23:54	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\foobar2000

2009-04-07 21:31 . 2008-02-18 14:31	138944	----a-w	c:\windows\system32\drivers\PnkBstrK.sys

2009-04-07 21:31 . 2008-02-18 14:31	189784	----a-w	c:\windows\system32\PnkBstrB.exe

2009-04-07 21:26 . 2008-02-18 14:30	75064	----a-w	c:\windows\system32\PnkBstrA.exe

2009-04-07 20:52 . 2008-05-02 12:59	22328	----a-w	c:\documents and settings\Administrator\Dane aplikacji\PnkBstrK.sys

2009-04-07 19:45 . 2009-04-07 19:44	--------	d-----w	c:\program files\Fallout 3

2009-04-07 19:40 . 2009-04-07 19:40	--------	d-----w	c:\program files\Microsoft Games for Windows - LIVE

2009-04-07 19:29 . 2009-04-07 19:29	--------	d-----w	c:\program files\Bethesda Softworks

2009-04-07 19:28 . 2008-11-08 02:24	70776	----a-w	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2009-04-07 19:14 . 2009-03-04 19:12	--------	d-----w	c:\program files\Executive Software

2009-04-07 18:49 . 2009-04-07 18:49	--------	d-----w	c:\program files\Diskeeper Corporation

2009-04-07 07:22 . 2009-04-07 07:19	--------	d-----w	c:\program files\Mount&Blade

2009-04-03 13:58 . 2009-04-03 13:58	--------	d-----w	c:\program files\Ventrilo

2009-04-03 13:58 . 2008-11-07 19:50	--------	d-----w	c:\program files\Common Files\Wise Installation Wizard

2009-04-01 21:29 . 2007-12-11 08:57	--------	d-----w	c:\program files\Warcraft III

2009-03-22 01:31 . 2008-07-09 00:09	87606	----a-w	c:\windows\War3Unin.dat

2009-03-20 22:36 . 2009-03-20 22:36	--------	d-----w	c:\program files\EA GAMES

2009-03-14 01:38 . 2009-03-14 01:38	--------	d-----w	c:\program files\Auto Combat Points

2009-03-10 20:58 . 2007-12-04 17:37	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\teamspeak2

2009-03-06 02:35 . 2008-02-12 17:14	--------	d-----w	c:\program files\Valve

2009-03-01 17:40 . 2007-12-12 23:10	--------	d-----w	c:\program files\SpeedFan

2009-02-25 11:20 . 2009-02-25 11:20	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\InstallShield Installation Information

2009-02-25 11:12 . 2009-02-25 11:12	--------	d-----w	c:\program files\KOEI

2009-02-15 18:15 . 2008-08-09 19:17	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\BESTplayer

2009-02-13 13:55 . 2009-02-13 13:55	--------	d-----w	c:\program files\Ubisoft

2009-01-19 18:20 . 2007-12-24 01:21	18864	----a-w	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-12-03 14:57 . 2008-12-03 14:57	47360	----a-w	c:\documents and settings\Administrator\Dane aplikacji\pcouffin.sys

2007-11-28 18:43 . 2007-11-28 18:43	32	----a-w	c:\documents and settings\All Users\Dane aplikacji\ezsid.dat

.


((((((((((((((((((((((((((((( SnapShot@2009-04-13_13.32.18,18 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-04-13 12:36 . 2009-04-13 12:36	16384 c:\windows\Temp\Perflib_Perfdata_5b0.dat

+ 2009-04-13 12:35 . 2009-04-13 12:35	16384 c:\windows\Temp\Perflib_Perfdata_1cc.dat

- 2001-10-26 16:15 . 2009-04-13 10:37	82010 c:\windows\system32\perfc015.dat

+ 2001-10-26 16:15 . 2009-04-13 12:39	82010 c:\windows\system32\perfc015.dat

+ 2001-08-17 21:30 . 2009-04-13 12:39	66376 c:\windows\system32\perfc009.dat

- 2001-08-17 21:30 . 2009-04-13 10:37	66376 c:\windows\system32\perfc009.dat

+ 2009-04-13 11:35 . 2009-02-05 20:06	51376 c:\windows\system32\drivers\aswTdi.sys

+ 2009-04-13 11:35 . 2009-02-05 20:06	23152 c:\windows\system32\drivers\aswRdr.sys

+ 2009-04-13 11:35 . 2009-02-05 20:08	94032 c:\windows\system32\drivers\aswmon2.sys

+ 2009-04-13 11:35 . 2009-02-05 20:08	93296 c:\windows\system32\drivers\aswmon.sys

+ 2009-04-13 11:35 . 2009-02-05 20:07	20560 c:\windows\system32\drivers\aswFsBlk.sys

+ 2009-04-13 11:35 . 2009-02-05 20:05	26944 c:\windows\system32\drivers\aavmker4.sys

+ 2009-04-13 11:35 . 2009-02-05 20:04	97480 c:\windows\system32\AvastSS.scr

- 2001-10-26 16:15 . 2009-04-13 10:37	484634 c:\windows\system32\perfh015.dat

+ 2001-10-26 16:15 . 2009-04-13 12:39	484634 c:\windows\system32\perfh015.dat

+ 2001-08-17 21:30 . 2009-04-13 12:39	427592 c:\windows\system32\perfh009.dat

- 2001-08-17 21:30 . 2009-04-13 10:37	427592 c:\windows\system32\perfh009.dat

+ 2009-04-13 11:35 . 2009-02-05 20:07	114768 c:\windows\system32\drivers\aswSP.sys

+ 2009-04-13 11:35 . 2009-02-05 20:11	1256296 c:\windows\system32\aswBoot.exe

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 1885464]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

"nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute	REG_MULTI_SZ autocheck autochk *\[u]0[/u]autocheck lsdelete


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--------- 2004-10-13 18:24 1694208 c:\program files\Messenger\msmsgs.exe


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Lineage II\\LineageII.exe"=

"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=

"c:\\Program Files\\7-Zip\\7zFM.exe"=

"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Hamachi\\hamachi.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=

"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=

"c:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\wscntfy.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26453:TCP"= 26453:TCP:BitComet 26453 TCP

"26453:UDP"= 26453:UDP:BitComet 26453 UDP

"17771:UDP"= 17771:UDP:17771

"23381:TCP"= 23381:TCP:BitComet 23381 TCP

"23381:UDP"= 23381:UDP:BitComet 23381 UDP


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)


R2 acpi32;acpi32; [x]

R2 amd64si;amd64si; [x]

R2 ati64si;ati64si; [x]

R2 fips32cup;fips32cup; [x]

R2 i386si;i386si; [x]

R2 ksi32sk;ksi32sk; [x]

R2 netsik;netsik; [x]

R2 nicsk32;nicsk32; [x]

R2 port135sik;port135sik; [x]

R2 securentm;securentm; [x]

R2 systemntmi;systemntmi; [x]

R2 ws2_32sik;ws2_32sik; [x]

R3 AmdTools;AMD Special Tools Driver; [x]

R3 iteio;iteio; [x]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]

R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [2008-09-08 98488]

R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]

S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]

S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]



--- Inne Usługi/Sterowniki w Pamięci ---


*NewlyCreated* - AAVMKER4

*NewlyCreated* - ASWFSBLK

*NewlyCreated* - ASWMON2

*NewlyCreated* - ASWRDR

*NewlyCreated* - ASWSP

*NewlyCreated* - ASWTDI

*NewlyCreated* - ASWUPDSV

*NewlyCreated* - AVAST!_ANTIVIRUS

*NewlyCreated* - AVAST!_MAIL_SCANNER

*NewlyCreated* - AVAST!_WEB_SCANNER

.

Zawartość folderu 'Zaplanowane zadania'


2009-04-10 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []


2009-04-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []


2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]


2009-03-30 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job

- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []


2008-08-02 c:\windows\Tasks\Uniblue SpeedUpMyPC.job

- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []


2008-08-03 c:\windows\Tasks\Uniblue SpyEraser.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []

.

.

------- Skan uzupełniający -------

.

IE: &D&ownload &with BitComet

IE: &D&ownload all video with BitComet

IE: &D&ownload all with BitComet

IE: Download all links using BitComet

IE: Download all videos using BitComet

IE: Download link using &BitComet

IE: Download with GetRight

IE: Open with GetRight Browser

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java

FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ixnf2nff.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=

FF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll

.


**************************************************************************


catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-13 15:26

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

Czas ukończenia: 2009-04-13 15:28

ComboFix-quarantined-files.txt 2009-04-13 13:28

ComboFix2.txt 2009-04-13 13:13

ComboFix3.txt 2009-04-13 11:34


Przed: 28 431 007 744 bajtów wolnych

Po: 28,417,421,312 bajtów wolnych


244	--- E O F ---	2008-01-10 02:01

[/code]

Błąd przestał wyskakiwać.

Leon1 · 13 Kwiecień 2009 13:55

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix