Naruszenie praw dostepu + DEP


(Gadia) #1

Mam taki ogromny problem a zaczal sie on gdy kupilem nowy dysk twardy podlaczylem go do komputera i zainstalowalem windows xp sp3 corporation , na poczatku pokazywalo mi błąd explorera " zapobieganie wykonywaniu danych " wtedy system był " zawieszony" i menadzeze zadan musialem zakonczyc proces dr watson zeby moc cokolwiek dalej robic , wtedy zmieniłem DEP dla istotnych programów , ok system mi już niewywalal tego bledu ale teraz dokladnie co 22-25minut restartuje mi sie explorer.exe ( zamyka wszystkie otwarte foldery i znikaja niektore ikonki kolo zegara i nieda sie ich przywrocic ) postanowilem zmienic system na stary ktorego uzywalem a ktory mam nadal na innym dysku ( aktualnie posiadam 3 dyski ) wiec wszedlem na ten stary system (xp sp2 pro i przed zamontowaniem nowego dysku nic takiego mi sie nie robilo ) i tam dokladnie to samo sie zaczelo robic co 22-25 minut - przywracanie systemu niepomaga przeskanowalem system adwarami antywirusami i nic wylaczalem DEP i tez nic nie pomoglo probowalem przeladowywac niektore biblioteki i tez nic z tego

bardzo prosze o pomoc bo mnie tu normalnie .... :frowning:

log z dr watsona

Wystąpił wyjątek aplikacji:

        Apl: C:\WINDOWS\explorer.exe (pid=13908)

        Kiedy: 2009-06-22 @ 14:54:41.609

        Numer wyjątku: c0000005 (naruszenie praw dostępu)


*----> Informacje o systemie <----*

        Nazwa komputera: GAD

        Nazwa użytkownika: Gadin

        Identyfikator sesji terminala: 0

        Liczba procesorów: 2

        Typ procesora: x86 Family 15 Model 67 Stepping 3

        Wersja systemu Windows: 5.1

        Bieżąca kompilacja: 2600

        Dodatek Service Pack: 3.

        Bieżący typ: Multiprocessor Free

        Zarejestrowana organizacja: 

        Zarejestrowany właściciel: Gadin


*----> Lista zadań <----*

   0 System Process

   4 System

 716 smss.exe

 764 csrss.exe

 788 winlogon.exe

 832 services.exe

 844 lsass.exe

1008 svchost.exe

1092 svchost.exe

1188 svchost.exe

1312 svchost.exe

1436 svchost.exe

1564 spoolsv.exe

1924 FirewallGUI.exe

1932 CTSysVol.exe

1940 Rundll32.exe

1960 razerhid.exe

1996 RUNDLL32.EXE

2008 ctfmon.exe

 336 nvsvc32.exe

 356 FWService.exe

1448 alg.exe

2052 wscntfy.exe

2116 razertra.exe

2164 razerofa.exe

13908 explorer.exe

8452 mirc.exe

9196 firefox.exe

13068 tlen.exe

13880 IEXPLORE.EXE

14224 drwtsn32.exe


*----> Lista modułów <----*

(0000000000400000 - 0000000000409000: C:\WINDOWS\system32\Normaliz.dll

(0000000001000000 - 00000000010ff000: C:\WINDOWS\explorer.exe

(0000000001360000 - 0000000001632000: C:\WINDOWS\system32\xpsp2res.dll

(0000000002c40000 - 0000000002c4b000: C:\Program Files\SubEdit-Player\codec\MatroskaSplitter\mkunicode.dll

(0000000003660000 - 0000000003674000: C:\Tlen.pl\hook.dll

(0000000010000000 - 0000000010029000: C:\Program Files\SubEdit-Player\codec\MatroskaSplitter\mmfinfo.dll

(0000000010930000 - 0000000010979000: C:\WINDOWS\system32\portabledeviceapi.dll

(00000000109c0000 - 00000000109ec000: C:\WINDOWS\system32\portabledevicetypes.dll

(00000000164a0000 - 00000000164c3000: C:\WINDOWS\system32\wpdshserviceobj.dll

(000000001f840000 - 000000001f858000: C:\WINDOWS\system32\odbcint.dll

(00000000433a0000 - 00000000433e5000: C:\WINDOWS\system32\iertutil.dll

(0000000043620000 - 00000000436f0000: C:\WINDOWS\system32\WININET.dll

(0000000043700000 - 0000000043827000: C:\WINDOWS\system32\urlmon.dll

(0000000043850000 - 000000004388c000: C:\WINDOWS\system32\webcheck.dll

(0000000043900000 - 0000000043ecd000: C:\WINDOWS\system32\ieframe.dll

(0000000047310000 - 0000000047316000: C:\WINDOWS\system32\dot3dlg.dll

(000000004d530000 - 000000004d589000: C:\WINDOWS\system32\WINHTTP.dll

(0000000059410000 - 00000000595da000: C:\WINDOWS\AppPatch\AcGenral.DLL

(000000005b1d0000 - 000000005b208000: C:\WINDOWS\system32\UxTheme.dll

(000000005ba90000 - 000000005bb02000: C:\WINDOWS\system32\themeui.dll

(000000005cfe0000 - 000000005d006000: C:\WINDOWS\system32\ShimEng.dll

(000000005d520000 - 000000005d5ba000: C:\WINDOWS\system32\comctl32.dll

(0000000061dc0000 - 0000000061de8000: C:\WINDOWS\system32\OneX.DLL

(0000000066780000 - 00000000667d8000: C:\WINDOWS\system32\hnetcfg.dll

(0000000068000000 - 0000000068036000: C:\WINDOWS\system32\rsaenh.dll

(000000006c6d0000 - 000000006c71d000: C:\WINDOWS\system32\DUSER.dll

(000000006ff40000 - 000000006ff95000: C:\WINDOWS\system32\NETAPI32.dll

(0000000071600000 - 0000000071613000: C:\WINDOWS\system32\browselc.dll

(00000000716a0000 - 00000000716c2000: C:\WINDOWS\system32\eappcfg.dll

(00000000719f0000 - 0000000071a30000: C:\WINDOWS\system32\mswsock.dll

(0000000071a30000 - 0000000071a38000: C:\WINDOWS\System32\wshtcpip.dll

(0000000071a40000 - 0000000071a48000: C:\WINDOWS\system32\WS2HELP.dll

(0000000071a50000 - 0000000071a67000: C:\WINDOWS\system32\WS2_32.dll

(0000000071ac0000 - 0000000071ad2000: C:\WINDOWS\system32\MPR.dll

(0000000071ba0000 - 0000000071bb3000: C:\WINDOWS\system32\SAMLIB.dll

(0000000071bc0000 - 0000000071bce000: C:\WINDOWS\System32\ntlanman.dll

(0000000071c30000 - 0000000071c37000: C:\WINDOWS\System32\NETRAP.dll

(0000000071c40000 - 0000000071c80000: C:\WINDOWS\System32\NETUI1.dll

(0000000071c80000 - 0000000071c97000: C:\WINDOWS\System32\NETUI0.dll

(0000000071cf0000 - 0000000071d0b000: C:\WINDOWS\system32\ACTXPRXY.DLL

(0000000071d60000 - 0000000071d6e000: C:\WINDOWS\system32\eappprxy.dll

(0000000072350000 - 000000007235a000: C:\WINDOWS\system32\dot3api.dll

(0000000072ca0000 - 0000000072ca8000: C:\WINDOWS\system32\msacm32.drv

(0000000072cb0000 - 0000000072cb9000: C:\WINDOWS\system32\wdmaud.drv

(0000000074600000 - 000000007463d000: C:\WINDOWS\system32\ODBC32.dll

(00000000746d0000 - 000000007471c000: C:\WINDOWS\system32\MSCTF.dll

(0000000074a80000 - 0000000074a88000: C:\WINDOWS\system32\POWRPROF.dll

(0000000074aa0000 - 0000000074aaa000: C:\WINDOWS\system32\BatMeter.dll

(0000000075180000 - 00000000751ae000: C:\WINDOWS\system32\msctfime.ime

(0000000075940000 - 0000000075a39000: C:\WINDOWS\system32\MSGINA.dll

(0000000075d70000 - 0000000075e01000: C:\WINDOWS\system32\MLANG.dll

(0000000075f30000 - 0000000075f37000: C:\WINDOWS\System32\drprov.dll

(0000000075f40000 - 0000000075f4a000: C:\WINDOWS\System32\davclnt.dll

(0000000075f50000 - 000000007604d000: C:\WINDOWS\system32\BROWSEUI.dll

(0000000076050000 - 00000000760b5000: C:\WINDOWS\system32\MSVCP60.dll

(0000000076330000 - 0000000076340000: C:\WINDOWS\system32\WINSTA.dll

(0000000076350000 - 0000000076355000: C:\WINDOWS\system32\MSIMG32.dll

(0000000076360000 - 000000007637d000: C:\WINDOWS\system32\IMM32.DLL

(0000000076380000 - 00000000763c9000: C:\WINDOWS\system32\comdlg32.dll

(00000000763d0000 - 0000000076577000: C:\WINDOWS\system32\NETSHELL.dll

(0000000076580000 - 00000000765a1000: C:\WINDOWS\system32\stobject.dll

(00000000765d0000 - 00000000765ed000: C:\WINDOWS\System32\CSCDLL.dll

(00000000768b0000 - 0000000076932000: C:\WINDOWS\system32\CRYPTUI.dll

(0000000076960000 - 0000000076968000: C:\WINDOWS\system32\LINKINFO.dll

(0000000076970000 - 0000000076996000: C:\WINDOWS\system32\ntshrui.dll

(00000000769a0000 - 0000000076a55000: C:\WINDOWS\system32\USERENV.dll

(0000000076b00000 - 0000000076b11000: C:\WINDOWS\system32\ATL.DLL

(0000000076b20000 - 0000000076b4e000: C:\WINDOWS\system32\WINMM.dll

(0000000076be0000 - 0000000076beb000: C:\WINDOWS\system32\PSAPI.DLL

(0000000076bf0000 - 0000000076c1e000: C:\WINDOWS\system32\credui.dll

(0000000076c20000 - 0000000076c4e000: C:\WINDOWS\system32\WINTRUST.dll

(0000000076c80000 - 0000000076ca8000: C:\WINDOWS\system32\IMAGEHLP.dll

(0000000076d50000 - 0000000076d69000: C:\WINDOWS\system32\iphlpapi.dll

(0000000076e70000 - 0000000076e7e000: C:\WINDOWS\system32\rtutils.dll

(0000000076f40000 - 0000000076f48000: C:\WINDOWS\system32\WTSAPI32.dll

(0000000076f50000 - 0000000076f7d000: C:\WINDOWS\system32\WLDAP32.dll

(0000000076fc0000 - 000000007703f000: C:\WINDOWS\system32\CLBCATQ.DLL

(0000000077040000 - 000000007710d000: C:\WINDOWS\system32\COMRes.dll

(0000000077110000 - 000000007719b000: C:\WINDOWS\system32\OLEAUT32.dll

(00000000773c0000 - 00000000774c3000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

(00000000774d0000 - 000000007760d000: C:\WINDOWS\system32\ole32.dll

(0000000077910000 - 0000000077a06000: C:\WINDOWS\system32\SETUPAPI.dll

(0000000077a10000 - 0000000077a65000: C:\WINDOWS\System32\cscui.dll

(0000000077a70000 - 0000000077b06000: C:\WINDOWS\system32\CRYPT32.dll

(0000000077b10000 - 0000000077b22000: C:\WINDOWS\system32\MSASN1.dll

(0000000077b30000 - 0000000077b52000: C:\WINDOWS\system32\appHelp.dll

(0000000077bc0000 - 0000000077bc7000: C:\WINDOWS\system32\midimap.dll

(0000000077bd0000 - 0000000077be5000: C:\WINDOWS\system32\MSACM32.dll

(0000000077bf0000 - 0000000077bf8000: C:\WINDOWS\system32\VERSION.dll

(0000000077c00000 - 0000000077c58000: C:\WINDOWS\system32\msvcrt.dll

(0000000077dc0000 - 0000000077e6c000: C:\WINDOWS\system32\ADVAPI32.dll

(0000000077e70000 - 0000000077f02000: C:\WINDOWS\system32\RPCRT4.dll

(0000000077f10000 - 0000000077f59000: C:\WINDOWS\system32\GDI32.dll

(0000000077f60000 - 0000000077fd6000: C:\WINDOWS\system32\SHLWAPI.dll

(0000000077fe0000 - 0000000077ff1000: C:\WINDOWS\system32\Secur32.dll

(000000007c800000 - 000000007c8fd000: C:\WINDOWS\system32\kernel32.dll

(000000007c900000 - 000000007c9b1000: C:\WINDOWS\system32\ntdll.dll

(000000007c9c0000 - 000000007d1de000: C:\WINDOWS\system32\SHELL32.dll

(000000007e1e0000 - 000000007e351000: C:\WINDOWS\system32\SHDOCVW.dll

(000000007e360000 - 000000007e3f1000: C:\WINDOWS\system32\USER32.dll

(000000007e690000 - 000000007e740000: C:\WINDOWS\system32\SXS.DLL


*----> Zrzut stanu dla wątku o identyfikatorze 0x2e78 <----*


eax=004dd6e6 ebx=031aff1c ecx=fffff506 edx=03230000 esi=000d8000 edi=000d8000

eip=02e00de2 esp=0322d3b8 ebp=0322e418 iopl=0 nv up ei ng nz na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286


funkcja: 

        02e00dc6 c0efff shr bh,0xff

        02e00dc9 ff8b85c4efff dec dword ptr [ebx-0x103b7b]

        02e00dcf ff03 inc dword ptr [ebx]

        02e00dd1 85e4 test esp,esp

        02e00dd3 ef out dx,eax

        02e00dd4 ffff ???

        02e00dd6 03c1 add eax,ecx

        02e00dd8 49 dec ecx

        02e00dd9 8d9500f0ffff lea edx,[ebp-0x1000]

        02e00ddf c1e902 shr ecx,0x2

BŁĄD ->02e00de2 8902 mov [edx],eax ds:0023:03230000=????????

        02e00de4 83c204 add edx,0x4

        02e00de7 83c005 add eax,0x5

        02e00dea 49 dec ecx

        02e00deb 75f5 jnz 02e00de2

        02e00ded 33c0 xor eax,eax

        02e00def 8902 mov [edx],eax

        02e00df1 6a00 push 0x0

        02e00df3 57 push edi

        02e00df4 ffb5fcefffff push dword ptr [ebp-0x1004]

        02e00dfa e8bbfbffff call 02e009ba


*----> Wsteczne śledzenie stosu <----*

ChildEBP RetAddr Args to Child              

0322e418 004db409 004db40e 004db413 004db418 0x2e00de2

004db404 00000000 00000000 00000000 00000000 0x4db409


*----> Zrzut stosu <----*

000000000322d3b8 ac 3a 00 00 d4 87 0d 00 - e0 00 0f 01 69 0a e0 02 .:..........i...

000000000322d3c8 1a 02 00 00 13 00 00 00 - 00 00 7c 01 09 00 00 00 ..........|.....

000000000322d3d8 04 00 00 00 00 a0 0d 00 - 00 ee 05 00 00 02 00 00 ................

000000000322d3e8 00 10 00 00 4c 00 4e 00 - 08 01 00 00 00 02 00 00 ....L.N.........

000000000322d3f8 02 00 00 00 00 00 40 00 - c8 00 00 01 50 54 08 00 ......@.....PT..

000000000322d408 00 80 4d 00 50 aa 1d 00 - 50 aa 1d 00 ac 3a 00 00 ..M.P...P....:..

000000000322d418 04 a0 4d 00 09 a0 4d 00 - 0e a0 4d 00 13 a0 4d 00 ..M...M...M...M.

000000000322d428 18 a0 4d 00 1d a0 4d 00 - 22 a0 4d 00 27 a0 4d 00 ..M...M.".M.'.M.

000000000322d438 2c a0 4d 00 31 a0 4d 00 - 36 a0 4d 00 3b a0 4d 00 ,.M.1.M.6.M.;.M.

000000000322d448 40 a0 4d 00 45 a0 4d 00 - 4a a0 4d 00 4f a0 4d 00 @.M.E.M.J.M.O.M.

000000000322d458 54 a0 4d 00 59 a0 4d 00 - 5e a0 4d 00 63 a0 4d 00 T.M.Y.M.^.M.c.M.

000000000322d468 68 a0 4d 00 6d a0 4d 00 - 72 a0 4d 00 77 a0 4d 00 h.M.m.M.r.M.w.M.

000000000322d478 7c a0 4d 00 81 a0 4d 00 - 86 a0 4d 00 8b a0 4d 00 |.M...M...M...M.

000000000322d488 90 a0 4d 00 95 a0 4d 00 - 9a a0 4d 00 9f a0 4d 00 ..M...M...M...M.

000000000322d498 a4 a0 4d 00 a9 a0 4d 00 - ae a0 4d 00 b3 a0 4d 00 ..M...M...M...M.

000000000322d4a8 b8 a0 4d 00 bd a0 4d 00 - c2 a0 4d 00 c7 a0 4d 00 ..M...M...M...M.

000000000322d4b8 cc a0 4d 00 d1 a0 4d 00 - d6 a0 4d 00 db a0 4d 00 ..M...M...M...M.

000000000322d4c8 e0 a0 4d 00 e5 a0 4d 00 - ea a0 4d 00 ef a0 4d 00 ..M...M...M...M.

000000000322d4d8 f4 a0 4d 00 f9 a0 4d 00 - fe a0 4d 00 03 a1 4d 00 ..M...M...M...M.

000000000322d4e8 08 a1 4d 00 0d a1 4d 00 - 12 a1 4d 00 17 a1 4d 00 ..M...M...M...M.

BŁĄD ->02e00de2 8902 mov [edx],eax ds:0023:03230000=????????

do czego to sie odnosi ? log z combofixa

ComboFix 09-06-21.01 - Gadin 2009-06-22 14:29.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1719 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Gadin\Pulpit\ComboFix.exe

FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

.


((((((((((((((((((((((((( Pliki utworzone od 2009-05-22 do 2009-06-22 )))))))))))))))))))))))))))))))

.


2009-06-22 12:28 . 2009-06-22 12:28	--------	d-----w-	c:\windows\system32\xircom

2009-06-22 12:28 . 2009-06-22 12:28	--------	d-----w-	c:\windows\system32\wbem\snmp

2009-06-22 12:28 . 2009-06-22 12:28	--------	d-----w-	c:\program files\microsoft frontpage

2009-06-22 09:49 . 2009-06-22 09:49	--------	d--h--w-	c:\windows\PIF

2009-06-21 19:33 . 2006-08-18 08:28	208896	------w-	c:\windows\system32\nvuide.exe

2009-06-21 19:27 . 2009-06-21 19:28	--------	d-----w-	c:\windows\NV13361364.TMP

2009-06-21 19:26 . 2009-06-21 19:28	--------	d-----w-	c:\windows\nview

2009-06-21 17:53 . 2009-06-21 17:56	--------	d-----w-	c:\program files\Spybot - Search & Destroy

2009-06-21 17:53 . 2009-06-21 17:56	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2009-06-21 17:34 . 2009-06-21 17:35	--------	d-----w-	C:\IrfanView


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-22 12:29 . 2009-06-21 15:06	--------	d---a-w-	c:\documents and settings\All Users\Dane aplikacji\TEMP

2009-06-22 10:54 . 2009-06-21 15:03	--------	d-----w-	c:\documents and settings\Gadin\Dane aplikacji\mIRC

2009-06-22 10:54 . 2009-06-21 15:06	--------	d-----w-	c:\documents and settings\Gadin\Dane aplikacji\uTorrent

2009-06-21 20:32 . 2009-06-21 20:32	134920	----a-w-	c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1045.dat

2009-06-21 20:32 . 2009-06-21 14:48	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-06-21 19:40 . 2001-10-26 16:15	49712	----a-w-	c:\windows\system32\perfc015.dat

2009-06-21 19:40 . 2001-10-26 16:15	355830	----a-w-	c:\windows\system32\perfh015.dat

2009-06-21 19:32 . 2009-06-21 19:32	--------	d-----w-	c:\program files\DIFX

2009-06-21 17:21 . 2009-06-21 16:22	--------	d-----w-	c:\program files\a-squared Free

2009-06-21 17:19 . 2009-06-21 15:04	--------	d-----w-	c:\documents and settings\Gadin\Dane aplikacji\Tlen.pl

2009-06-21 17:17 . 2009-06-21 15:06	--------	d-----w-	c:\program files\Spyware Doctor

2009-06-21 16:28 . 2009-06-21 16:07	--------	d-----w-	c:\program files\SkanerOnline

2009-06-21 16:03 . 2009-06-21 15:06	--------	d-----w-	c:\program files\Common Files\PC Tools

2009-06-21 15:56 . 2009-06-21 15:01	--------	d-----w-	c:\program files\SubEdit-Player

2009-06-21 15:47 . 2009-06-21 15:47	--------	d-----w-	c:\program files\Common Files\Adobe

2009-06-21 15:44 . 2009-06-21 15:44	--------	d-----w-	c:\program files\DC++

2009-06-21 15:39 . 2009-06-21 15:39	--------	d-----w-	c:\program files\Razer

2009-06-21 15:39 . 2009-06-21 15:23	--------	d--h--w-	c:\program files\InstallShield Installation Information

2009-06-21 15:37 . 2009-06-21 15:23	--------	d-----w-	c:\program files\Creative

2009-06-21 15:29 . 2009-06-21 14:53	--------	d-----w-	c:\program files\Common Files\InstallShield

2009-06-21 15:20 . 2009-06-21 15:09	--------	d-----w-	c:\program files\PC Tools Firewall Plus

2009-06-21 15:11 . 2009-06-21 15:11	--------	d-----w-	c:\documents and settings\Gadin\Dane aplikacji\PCToolsFirewallPlus

2009-06-21 15:07 . 2009-06-21 15:07	--------	d-----w-	c:\program files\uTorrent

2009-06-21 14:58 . 2009-06-21 14:58	0	----a-w-	c:\windows\nsreg.dat

2009-06-21 14:52 . 2009-06-21 14:52	12328	----a-w-	c:\documents and settings\Gadin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-06-21 14:47 . 2009-06-21 14:47	--------	d-----w-	c:\program files\Usługi online

2009-06-21 14:46 . 2009-06-21 14:46	21856	----a-w-	c:\windows\system32\emptyregdb.dat

2009-06-21 14:45 . 2009-06-21 14:45	--------	d-----w-	c:\program files\Windows Media Connect 2

2009-06-18 16:07 . 2009-06-21 14:53	454681	----a-w-	c:\windows\system32\nvudisp.exe

2009-04-03 09:18 . 2009-06-21 15:06	130936	----a-w-	c:\windows\system32\drivers\PCTCore.sys

.


------- Sigcheck -------


[-] 2008-05-02 06:48	361344	8E036EEC565910417EA020CE0962AA24	c:\windows\system32\drivers\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-23 2652056]

"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2009-06-21 65624]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]

"razer"="c:\program files\Razer\razerhid.exe" [2005-05-17 147456]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-24 13524992]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-03-24 86016]

"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-03-24 1626112]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-03-01 124928]


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Tlen.pl\\tlen.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\uTorrent\\utorrent.exe"=


R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-06-21 130936]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-06-21 159600]

R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-06-21 73840]

R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-06-21 95640]

R3 Razerlow;Razerlow USB Filter Driver;c:\windows\system32\drivers\Razerlow.sys [2009-06-21 13225]

.

.

------- Skan uzupełniający -------

.

uStart Page = about:blank

FF - ProfilePath - 

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-22 14:30

Windows 5.1.2600 Dodatek Service Pack 3 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'explorer.exe'(13908)

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

e:\program files\WinRAR\rarext.dll

.

Czas ukończenia: 2009-06-22 14:31

ComboFix-quarantined-files.txt 2009-06-22 12:31

ComboFix2.txt 2009-06-22 12:20


Przed: 147 908 882 432 bajtów wolnych

Po: 147 904 139 264 bajtów wolnych


118

-- Dodane 23.06.2009 (Wt) 20:11 --

nikt niema zadnego pomyslu ?

-- Dodane 23.06.2009 (Wt) 21:04 --

Dobra juz wiem co mi siedzi na kompie a jest to niejaki win32 daum.a ! wykrywaja go nieliczne programy antywirusowe jak avg kasperski ( tylko usua wszyskie pliki ) oraz dr web ( chyba najlepszy bo wylecza niektore exeki :< ) http://www.programosy.pl/program,dr-web-cureit.html

post chce zostawic dla potomnych :wink: aktualnie mi sie skanuje caly zystem i wszystkie zarazone pliki exe :frowning: