wiesio52
(Wiesio52)
13 Kwiecień 2009 19:11
#1
Witam, mam dość nietypowy problem. Skanowałem avastem komputer kuzyna, ponieważ nie uruchamia się Mozilla Firefox, przy włączaniu Panelu Sterowania komputer zawiesza się na krótką chwilę. Avast nie wykrył wirusów, więc jest to dość dziwne, zwłaszcza, że kuzyn twierdzi, że nic przy komputerze nie robił co mogłoby spowodować taką awarię. Bardzo proszę o sprawdzenia loga HJ i szybką odpowiedź, za co z góry bardzo dziękuję.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:02, on 2009-04-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\xmplay\xmplay.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{729DCD91-BA87-493F-949A-CEDED4E42503}: NameServer = 192.252.205.1 217.17.34.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5501 bytes
Leon1
(Leon$)
13 Kwiecień 2009 19:23
#2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi … t=&gc=1&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi … t=&gc=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi … t=&gc=1&q=%s O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
usuń HijackThisem >> Fix checked
Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 ale nie włączaj
Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy
Otwórz notatnik i wklej
zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
Powinno rozpocząć się usuwanie
Potem log z usuwania Combofix
wiesio52
(Wiesio52)
19 Kwiecień 2009 17:23
#3
Przepraszam, że nie odpisywałem szybciej, ale dopiero teraz jestem u kuzyna, a wtedy brakło mi czasu, dlatego teraz mogę przesłać wygenerowany log z ComboFix. Oto on:
ComboFix 09-04-13.A2 - aaa 2009-04-19 19:19.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.2047.1467 [GMT 2:00]
Uruchomiony z: c:\documents and settings\aaa\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\aaa\Pulpit\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090419-0] *On-access scanning disabled* (Updated)
FW: ActiveArmor Firewall *disabled*
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((( Pliki utworzone od 2009-03-19 do 2009-04-19 )))))))))))))))))))))))))))))))
.
2009-04-14 07:30 . 2009-04-14 07:30 -------- d-s---w c:\documents and settings\aaa\UserData
2009-04-13 19:02 . 2009-04-19 17:11 -------- d-----w C:\Mozilla
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-19 17:10 . 2009-03-01 15:48 -------- d-----w c:\documents and settings\aaa\Dane aplikacji\Skype
2009-04-19 17:10 . 2009-03-01 15:52 -------- d-----w c:\documents and settings\aaa\Dane aplikacji\skypePM
2009-04-19 09:32 . 2006-03-02 12:00 49712 ----a-w c:\windows\system32\perfc015.dat
2009-04-19 09:32 . 2006-03-02 12:00 355830 ----a-w c:\windows\system32\perfh015.dat
2009-04-13 19:38 . 2009-04-13 19:38 -------- d-----w c:\program files\AskBardis
2009-04-13 19:04 . 2009-04-13 19:04 -------- d-----w c:\program files\Trend Micro
2009-03-27 12:04 . 2008-07-10 13:58 196608 ----a-w c:\windows\system32\drivers\nStandard.bin
2009-03-24 17:26 . 2008-11-03 12:47 527 ----a-w C:\angielski.ini
2009-03-14 15:15 . 2008-07-10 14:00 46864 ----a-w c:\documents and settings\aaa\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-03-06 14:47 . 2006-03-02 12:00 285184 ----a-w c:\windows\system32\pdh.dll
2009-03-01 19:02 . 2009-03-01 19:02 -------- d-----w c:\program files\AskSearch
2009-03-01 19:02 . 2009-03-01 19:02 -------- d-----w c:\program files\Foxit Software
2009-03-01 19:02 . 2009-03-01 19:02 -------- d-----w c:\documents and settings\aaa\Dane aplikacji\Foxit
2009-03-01 16:03 . 2009-03-01 16:02 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Creative
2009-03-01 16:01 . 2008-07-10 13:44 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-01 16:00 . 2009-03-01 15:55 -------- d-----w c:\program files\Creative
2009-03-01 15:59 . 2008-07-10 13:43 -------- d-----w c:\program files\Common Files\InstallShield
2009-03-01 15:58 . 2009-03-01 15:58 -------- d-----w c:\program files\Common Files\muvee Technologies
2009-03-01 15:58 . 2009-03-01 15:58 -------- d-----w c:\program files\muvee Technologies
2009-03-01 15:57 . 2009-03-01 15:57 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\muvee Technologies
2009-03-01 15:56 . 2009-03-01 15:56 -------- d-----w c:\program files\SightSpeed
2009-03-01 15:40 . 2009-03-01 15:40 -------- d-----r c:\program files\Skype
2009-03-01 15:40 . 2009-03-01 15:40 -------- d-----w c:\program files\Common Files\Skype
2009-03-01 15:40 . 2009-03-01 15:40 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype
2009-02-16 15:30 . 2004-10-09 06:40 903703 ----a-w c:\windows\system32\ff_x264.dll
2009-02-16 15:27 . 2004-10-05 08:16 557451 ----a-w c:\windows\system32\libmplayer.dll
2009-02-16 15:23 . 2009-02-22 17:44 145081 ----a-w c:\windows\system32\libmpeg2_ff.dll
2009-02-16 15:18 . 2009-02-22 17:44 1388966 ----a-w c:\windows\system32\ffmpegmt.dll
2009-02-16 13:49 . 2009-02-22 17:44 328334 ----a-w c:\windows\system32\ff_kernelDeint.dll
2009-02-16 13:47 . 2004-10-12 06:40 4451209 ----a-w c:\windows\system32\libavcodec.dll
2009-02-14 14:15 . 2009-02-22 17:44 486400 ----a-w c:\windows\system32\ff_libfaad2.dll
2009-02-09 21:28 . 2004-10-12 06:39 98304 ----a-w c:\windows\system32\ff_wmv9.dll
2009-02-09 19:19 . 2009-02-22 17:44 183296 ----a-w c:\windows\system32\ff_samplerate.dll
2009-02-09 19:19 . 2009-02-22 17:44 178688 ----a-w c:\windows\system32\ff_libmad.dll
2009-02-09 19:18 . 2009-02-22 17:44 113152 ----a-w c:\windows\system32\ff_unrar.dll
2009-02-09 19:18 . 2009-02-22 17:44 146944 ----a-w c:\windows\system32\ff_tremor.dll
2009-02-09 19:18 . 2009-02-22 17:44 257024 ----a-w c:\windows\system32\ff_libdts.dll
2009-02-09 19:18 . 2009-02-22 17:44 142848 ----a-w c:\windows\system32\ff_liba52.dll
2009-02-09 18:56 . 2009-02-22 17:44 67584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-09 18:56 . 2009-02-22 17:44 53760 ----a-w c:\windows\system32\ffavisynth.dll
2009-02-09 18:55 . 2009-02-22 17:44 64512 ----a-w c:\windows\system32\FLT_ffdshow.dll
2009-02-09 18:55 . 2009-02-22 17:44 100352 ----a-w c:\windows\system32\makeAVIS.exe
2009-02-09 14:19 . 2006-03-02 12:00 1846528 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:52 . 2004-08-04 00:39 2017280 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:52 . 2006-03-02 12:00 2137600 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:22 . 2006-03-02 12:00 725504 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:22 . 2006-03-02 12:00 686080 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:22 . 2006-03-02 12:00 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:22 . 2006-03-02 12:00 722944 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:10 . 2006-03-02 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2006-03-02 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 20:11 . 2006-03-02 12:00 55808 ----a-w c:\windows\system32\secur32.dll
2009-01-24 10:20 . 2008-10-20 14:36 263056 ----a-w C:\install.bmp
.
((((((((((((((((((((((((((((( SnapShot@2009-04-13_21.37.43,95 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-19 17:09 . 2009-04-19 17:09 16384 c:\windows\Temp\Perflib_Perfdata_3f4.dat
+ 2008-07-10 13:51 . 2008-07-09 07:57 26488 c:\windows\system32\spupdsvc.exe
- 2009-02-20 17:58 . 2007-11-30 11:21 19320 c:\windows\system32\spmsg.dll
+ 2009-02-20 17:58 . 2007-11-30 12:40 19320 c:\windows\system32\spmsg.dll
+ 2006-03-02 12:00 . 2009-02-03 20:11 55808 c:\windows\system32\secur32.dll
- 2006-03-02 12:00 . 2006-03-02 12:00 55808 c:\windows\system32\secur32.dll
+ 2006-03-02 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
- 2006-03-02 12:00 . 2008-10-16 10:39 39424 c:\windows\system32\pngfilt.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 39424 c:\windows\system32\pngfilt.dll
+ 2006-03-02 12:00 . 2009-04-19 09:32 49712 c:\windows\system32\perfc015.dat
- 2006-03-02 12:00 . 2009-03-29 08:20 49712 c:\windows\system32\perfc015.dat
- 2006-03-02 12:00 . 2009-03-29 08:20 40128 c:\windows\system32\perfc009.dat
+ 2006-03-02 12:00 . 2009-04-19 09:32 40128 c:\windows\system32\perfc009.dat
+ 2008-07-10 13:36 . 2008-06-12 14:19 91648 c:\windows\system32\mtxoci.dll
+ 2006-03-02 12:00 . 2008-06-12 14:19 66560 c:\windows\system32\mtxclu.dll
- 2006-03-02 12:00 . 2006-03-02 12:00 66560 c:\windows\system32\mtxclu.dll
- 2008-07-10 13:36 . 2006-03-02 12:00 58880 c:\windows\system32\msdtclog.dll
+ 2008-07-10 13:36 . 2008-06-12 14:19 58880 c:\windows\system32\msdtclog.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 16384 c:\windows\system32\jsproxy.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 16384 c:\windows\system32\jsproxy.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 96768 c:\windows\system32\inseng.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 96768 c:\windows\system32\inseng.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 81920 c:\windows\system32\ieencode.dll
- 2006-03-02 12:00 . 2006-03-02 12:00 81920 c:\windows\system32\ieencode.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 55808 c:\windows\system32\extmgr.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 55808 c:\windows\system32\extmgr.dll
+ 2006-03-02 12:00 . 2009-02-03 20:11 55808 c:\windows\system32\dllcache\secur32.dll
- 2006-03-02 12:00 . 2006-03-02 12:00 55808 c:\windows\system32\dllcache\secur32.dll
+ 2006-03-02 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
+ 2006-03-02 12:00 . 2009-02-20 08:32 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-07-10 13:36 . 2008-06-12 14:19 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2006-03-02 12:00 . 2008-06-12 14:19 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2006-03-02 12:00 . 2006-03-02 12:00 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2008-07-10 13:36 . 2006-03-02 12:00 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2008-07-10 13:36 . 2008-06-12 14:19 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 96768 c:\windows\system32\dllcache\inseng.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 96768 c:\windows\system32\dllcache\inseng.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 81920 c:\windows\system32\dllcache\ieencode.dll
- 2006-03-02 12:00 . 2006-03-02 12:00 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2008-07-10 13:37 . 2009-02-19 09:58 18432 c:\windows\system32\dllcache\iedw.exe
- 2008-07-10 13:37 . 2008-10-15 09:45 18432 c:\windows\system32\dllcache\iedw.exe
+ 2006-03-02 12:00 . 2009-02-20 08:32 55808 c:\windows\system32\dllcache\extmgr.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2008-07-10 13:36 . 2005-07-26 04:42 60416 c:\windows\system32\dllcache\colbact.dll
+ 2008-07-10 13:36 . 2005-07-26 04:42 60416 c:\windows\system32\colbact.dll
+ 2006-01-31 14:45 . 2009-02-19 23:50 369152 c:\windows\system32\xpsp3res.dll
- 2006-01-31 14:45 . 2008-10-15 19:05 369152 c:\windows\system32\xpsp3res.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 662016 c:\windows\system32\wininet.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 662016 c:\windows\system32\wininet.dll
- 2006-03-02 12:00 . 2006-03-02 12:00 351232 c:\windows\system32\winhttp.dll
+ 2006-03-02 12:00 . 2008-12-16 12:51 351232 c:\windows\system32\winhttp.dll
+ 2008-07-10 13:36 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2008-07-10 13:36 . 2009-02-09 10:22 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2008-07-10 13:36 . 2009-02-09 10:22 473088 c:\windows\system32\wbem\fastprox.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 617472 c:\windows\system32\urlmon.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 474112 c:\windows\system32\shlwapi.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 474112 c:\windows\system32\shlwapi.dll
+ 2006-03-02 12:00 . 2009-02-09 10:10 111104 c:\windows\system32\services.exe
+ 2006-03-02 12:00 . 2009-02-09 10:22 399360 c:\windows\system32\rpcss.dll
+ 2006-03-02 12:00 . 2009-04-19 09:32 355830 c:\windows\system32\perfh015.dat
- 2006-03-02 12:00 . 2009-03-29 08:20 355830 c:\windows\system32\perfh015.dat
+ 2006-03-02 12:00 . 2009-04-19 09:32 311740 c:\windows\system32\perfh009.dat
- 2006-03-02 12:00 . 2009-03-29 08:20 311740 c:\windows\system32\perfh009.dat
+ 2006-03-02 12:00 . 2009-03-06 14:47 285184 c:\windows\system32\pdh.dll
- 2006-03-02 12:00 . 2006-03-02 12:00 285184 c:\windows\system32\pdh.dll
+ 2006-03-02 12:00 . 2009-02-09 10:22 722944 c:\windows\system32\ntdll.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 532480 c:\windows\system32\mstime.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 532480 c:\windows\system32\mstime.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 146432 c:\windows\system32\msrating.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 146432 c:\windows\system32\msrating.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 449024 c:\windows\system32\mshtmled.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 449024 c:\windows\system32\mshtmled.dll
+ 2008-07-10 13:36 . 2008-06-12 14:19 161792 c:\windows\system32\msdtcuiu.dll
+ 2008-07-10 13:36 . 2008-06-12 14:19 956928 c:\windows\system32\msdtctm.dll
+ 2008-07-10 13:36 . 2008-06-12 14:19 428032 c:\windows\system32\msdtcprx.dll
+ 2006-03-02 12:00 . 2009-02-09 10:22 725504 c:\windows\system32\lsasrv.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 251392 c:\windows\system32\iepeers.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 251392 c:\windows\system32\iepeers.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 205312 c:\windows\system32\dxtrans.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 205312 c:\windows\system32\dxtrans.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 357888 c:\windows\system32\dxtmsft.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 357888 c:\windows\system32\dxtmsft.dll
+ 2008-07-10 13:36 . 2008-04-21 21:28 218112 c:\windows\system32\dllcache\wordpad.exe
+ 2008-07-10 13:36 . 2009-02-06 16:39 227840 c:\windows\system32\dllcache\wmiprvse.exe
+ 2008-07-10 13:36 . 2009-02-09 10:22 453120 c:\windows\system32\dllcache\wmiprvsd.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 662016 c:\windows\system32\dllcache\wininet.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 662016 c:\windows\system32\dllcache\wininet.dll
+ 2006-03-02 12:00 . 2008-12-16 12:51 351232 c:\windows\system32\dllcache\winhttp.dll
- 2006-03-02 12:00 . 2006-03-02 12:00 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 617472 c:\windows\system32\dllcache\urlmon.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-03-02 12:00 . 2009-02-09 10:10 111104 c:\windows\system32\dllcache\services.exe
+ 2006-03-02 12:00 . 2009-02-09 10:22 399360 c:\windows\system32\dllcache\rpcss.dll
+ 2006-03-02 12:00 . 2009-03-06 14:47 285184 c:\windows\system32\dllcache\pdh.dll
- 2006-03-02 12:00 . 2006-03-02 12:00 285184 c:\windows\system32\dllcache\pdh.dll
+ 2006-03-02 12:00 . 2009-02-09 10:22 722944 c:\windows\system32\dllcache\ntdll.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 532480 c:\windows\system32\dllcache\mstime.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 532480 c:\windows\system32\dllcache\mstime.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 146432 c:\windows\system32\dllcache\msrating.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 146432 c:\windows\system32\dllcache\msrating.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 449024 c:\windows\system32\dllcache\mshtmled.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-07-10 13:36 . 2008-06-12 14:19 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-07-10 13:36 . 2008-06-12 14:19 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-07-10 13:36 . 2008-06-12 14:19 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2006-03-02 12:00 . 2009-02-09 10:22 725504 c:\windows\system32\dllcache\lsasrv.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2008-07-10 13:36 . 2009-02-09 10:22 473088 c:\windows\system32\dllcache\fastprox.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 151552 c:\windows\system32\dllcache\cdfview.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 151552 c:\windows\system32\dllcache\cdfview.dll
+ 2006-03-02 12:00 . 2009-02-09 10:22 686080 c:\windows\system32\dllcache\advapi32.dll
- 2006-03-02 12:00 . 2006-03-02 12:00 686080 c:\windows\system32\dllcache\advapi32.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 151552 c:\windows\system32\cdfview.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 151552 c:\windows\system32\cdfview.dll
- 2006-03-02 12:00 . 2006-03-02 12:00 686080 c:\windows\system32\advapi32.dll
+ 2006-03-02 12:00 . 2009-02-09 10:22 686080 c:\windows\system32\advapi32.dll
+ 2006-03-02 12:00 . 2009-03-02 23:51 1495552 c:\windows\system32\shdocvw.dll
+ 2006-03-02 12:00 . 2008-12-20 22:44 1291264 c:\windows\system32\quartz.dll
- 2006-03-02 12:00 . 2008-05-07 05:16 1291264 c:\windows\system32\quartz.dll
- 2006-03-02 12:00 . 2008-08-14 13:46 2137600 c:\windows\system32\ntoskrnl.exe
+ 2006-03-02 12:00 . 2009-02-09 11:52 2137600 c:\windows\system32\ntoskrnl.exe
+ 2004-08-04 00:39 . 2009-02-09 11:52 2017280 c:\windows\system32\ntkrnlpa.exe
- 2004-08-04 00:39 . 2008-08-14 13:46 2017280 c:\windows\system32\ntkrnlpa.exe
+ 2006-03-02 12:00 . 2009-02-20 08:32 3080704 c:\windows\system32\mshtml.dll
+ 2006-03-02 12:00 . 2009-03-21 14:21 1014784 c:\windows\system32\kernel32.dll
+ 2006-03-02 12:00 . 2009-03-02 23:51 1495552 c:\windows\system32\dllcache\shdocvw.dll
+ 2006-03-02 12:00 . 2008-12-20 22:44 1291264 c:\windows\system32\dllcache\quartz.dll
- 2006-03-02 12:00 . 2008-05-07 05:16 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2009-02-20 18:19 . 2009-02-09 11:52 2181760 c:\windows\system32\dllcache\ntoskrnl.exe
- 2009-02-20 18:19 . 2008-08-14 13:46 2017280 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-20 18:19 . 2009-02-09 11:52 2017280 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2009-02-20 18:19 . 2009-02-09 11:52 2059008 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2009-02-20 18:19 . 2008-08-14 13:46 2059008 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-20 18:19 . 2009-02-09 11:52 2137600 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-02-20 18:19 . 2008-08-14 13:46 2137600 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-03-02 12:00 . 2009-02-20 08:32 3080704 c:\windows\system32\dllcache\mshtml.dll
+ 2006-03-02 12:00 . 2009-03-21 14:21 1014784 c:\windows\system32\dllcache\kernel32.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 1055744 c:\windows\system32\dllcache\danim.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 1055744 c:\windows\system32\dllcache\danim.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 1023488 c:\windows\system32\dllcache\browseui.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 1055744 c:\windows\system32\danim.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 1055744 c:\windows\system32\danim.dll
+ 2006-03-02 12:00 . 2009-02-20 08:32 1023488 c:\windows\system32\browseui.dll
- 2006-03-02 12:00 . 2008-10-16 10:39 1023488 c:\windows\system32\browseui.dll
+ 2009-02-20 18:19 . 2009-02-09 11:52 2181760 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-02-20 18:19 . 2009-02-09 11:52 2017280 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-20 18:19 . 2008-08-14 13:46 2017280 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-20 18:19 . 2008-08-14 13:46 2059008 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-20 18:19 . 2009-02-09 11:52 2059008 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-20 18:19 . 2009-02-09 11:52 2137600 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-02-20 18:19 . 2008-08-14 13:46 2137600 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-04-19 17:11 . 2009-04-06 05:57 24921544 c:\windows\system32\MRT.exe
.
-- Migawka wyzerowana --
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-16 9302632]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Ralink Wireless Utility.lnk - c:\windows\RaUI.exe [2009-02-19 598016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"msacm.avis"= ff_acm.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
--a------ 2007-07-18 16:20 1114112 c:\program files\ASUS\SmartDoctor\SmartDoctor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-07-12 11:03 380928 c:\program files\ASUS\GamerOSD\GamerOSD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-01 10:21 153136 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
--------- 2007-06-07 15:01 155648 c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]
--a------ 2006-11-01 15:50 2154496 c:\program files\GameFace Messenger\GameFace.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--------- 2006-07-13 08:12 729088 c:\program files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2006-12-18 15:34 868352 c:\program files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0420Mon.exe]
--a------ 2007-04-30 03:00 32768 c:\windows\V0420Mon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {729DCD91-BA87-493F-949A-CEDED4E42503} = 192.252.205.1 217.17.34.10
FF - ProfilePath - c:\documents and settings\aaa\Dane aplikacji\Mozilla\Firefox\Profiles\9z0cw2cx.default\
FF - prefs.js: browser.search.selectedEngine - Wirtualna Polska
FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-19 19:20
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(2260)
c:\windows\system32\msi.dll
.
Czas ukończenia: 2009-04-19 19:20
ComboFix-quarantined-files.txt 2009-04-19 17:20
ComboFix2.txt 2009-04-13 19:38
Przed: 79 676 547 072 bajtów wolnych
Po: 79,736,643,584 bajtów wolnych
315 --- E O F --- 2009-04-19 17:12