Nieuruchamiające się programy


(Wiesio52) #1

Witam, mam dość nietypowy problem. Skanowałem avastem komputer kuzyna, ponieważ nie uruchamia się Mozilla Firefox, przy włączaniu Panelu Sterowania komputer zawiesza się na krótką chwilę. Avast nie wykrył wirusów, więc jest to dość dziwne, zwłaszcza, że kuzyn twierdzi, że nic przy komputerze nie robił co mogłoby spowodować taką awarię. Bardzo proszę o sprawdzenia loga HJ i szybką odpowiedź, za co z góry bardzo dziękuję. :slight_smile:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:05:02, on 2009-04-13

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

D:\xmplay\xmplay.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{729DCD91-BA87-493F-949A-CEDED4E42503}: NameServer = 192.252.205.1 217.17.34.10

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


--

End of file - 5501 bytes

(Leon$) #2

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?s ... ntry395642 ale nie włączaj

Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile:


(Wiesio52) #3

Przepraszam, że nie odpisywałem szybciej, ale dopiero teraz jestem u kuzyna, a wtedy brakło mi czasu, dlatego teraz mogę przesłać wygenerowany log z ComboFix. Oto on:

ComboFix 09-04-13.A2 - aaa 2009-04-19 19:19.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.2047.1467 [GMT 2:00]

Uruchomiony z: c:\documents and settings\aaa\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\aaa\Pulpit\CFScript.txt

AV: avast! antivirus 4.8.1335 [VPS 090419-0] *On-access scanning disabled* (Updated)

FW: ActiveArmor Firewall *disabled*

 * Utworzono nowy punkt przywracania

.


((((((((((((((((((((((((( Pliki utworzone od 2009-03-19 do 2009-04-19 )))))))))))))))))))))))))))))))

.


2009-04-14 07:30 . 2009-04-14 07:30	--------	d-s---w	c:\documents and settings\aaa\UserData

2009-04-13 19:02 . 2009-04-19 17:11	--------	d-----w	C:\Mozilla


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-19 17:10 . 2009-03-01 15:48	--------	d-----w	c:\documents and settings\aaa\Dane aplikacji\Skype

2009-04-19 17:10 . 2009-03-01 15:52	--------	d-----w	c:\documents and settings\aaa\Dane aplikacji\skypePM

2009-04-19 09:32 . 2006-03-02 12:00	49712	----a-w	c:\windows\system32\perfc015.dat

2009-04-19 09:32 . 2006-03-02 12:00	355830	----a-w	c:\windows\system32\perfh015.dat

2009-04-13 19:38 . 2009-04-13 19:38	--------	d-----w	c:\program files\AskBardis

2009-04-13 19:04 . 2009-04-13 19:04	--------	d-----w	c:\program files\Trend Micro

2009-03-27 12:04 . 2008-07-10 13:58	196608	----a-w	c:\windows\system32\drivers\nStandard.bin

2009-03-24 17:26 . 2008-11-03 12:47	527	----a-w	C:\angielski.ini

2009-03-14 15:15 . 2008-07-10 14:00	46864	----a-w	c:\documents and settings\aaa\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-03-06 14:47 . 2006-03-02 12:00	285184	----a-w	c:\windows\system32\pdh.dll

2009-03-01 19:02 . 2009-03-01 19:02	--------	d-----w	c:\program files\AskSearch

2009-03-01 19:02 . 2009-03-01 19:02	--------	d-----w	c:\program files\Foxit Software

2009-03-01 19:02 . 2009-03-01 19:02	--------	d-----w	c:\documents and settings\aaa\Dane aplikacji\Foxit

2009-03-01 16:03 . 2009-03-01 16:02	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Creative

2009-03-01 16:01 . 2008-07-10 13:44	--------	d--h--w	c:\program files\InstallShield Installation Information

2009-03-01 16:00 . 2009-03-01 15:55	--------	d-----w	c:\program files\Creative

2009-03-01 15:59 . 2008-07-10 13:43	--------	d-----w	c:\program files\Common Files\InstallShield

2009-03-01 15:58 . 2009-03-01 15:58	--------	d-----w	c:\program files\Common Files\muvee Technologies

2009-03-01 15:58 . 2009-03-01 15:58	--------	d-----w	c:\program files\muvee Technologies

2009-03-01 15:57 . 2009-03-01 15:57	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\muvee Technologies

2009-03-01 15:56 . 2009-03-01 15:56	--------	d-----w	c:\program files\SightSpeed

2009-03-01 15:40 . 2009-03-01 15:40	--------	d-----r	c:\program files\Skype

2009-03-01 15:40 . 2009-03-01 15:40	--------	d-----w	c:\program files\Common Files\Skype

2009-03-01 15:40 . 2009-03-01 15:40	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Skype

2009-02-16 15:30 . 2004-10-09 06:40	903703	----a-w	c:\windows\system32\ff_x264.dll

2009-02-16 15:27 . 2004-10-05 08:16	557451	----a-w	c:\windows\system32\libmplayer.dll

2009-02-16 15:23 . 2009-02-22 17:44	145081	----a-w	c:\windows\system32\libmpeg2_ff.dll

2009-02-16 15:18 . 2009-02-22 17:44	1388966	----a-w	c:\windows\system32\ffmpegmt.dll

2009-02-16 13:49 . 2009-02-22 17:44	328334	----a-w	c:\windows\system32\ff_kernelDeint.dll

2009-02-16 13:47 . 2004-10-12 06:40	4451209	----a-w	c:\windows\system32\libavcodec.dll

2009-02-14 14:15 . 2009-02-22 17:44	486400	----a-w	c:\windows\system32\ff_libfaad2.dll

2009-02-09 21:28 . 2004-10-12 06:39	98304	----a-w	c:\windows\system32\ff_wmv9.dll

2009-02-09 19:19 . 2009-02-22 17:44	183296	----a-w	c:\windows\system32\ff_samplerate.dll

2009-02-09 19:19 . 2009-02-22 17:44	178688	----a-w	c:\windows\system32\ff_libmad.dll

2009-02-09 19:18 . 2009-02-22 17:44	113152	----a-w	c:\windows\system32\ff_unrar.dll

2009-02-09 19:18 . 2009-02-22 17:44	146944	----a-w	c:\windows\system32\ff_tremor.dll

2009-02-09 19:18 . 2009-02-22 17:44	257024	----a-w	c:\windows\system32\ff_libdts.dll

2009-02-09 19:18 . 2009-02-22 17:44	142848	----a-w	c:\windows\system32\ff_liba52.dll

2009-02-09 18:56 . 2009-02-22 17:44	67584	----a-w	c:\windows\system32\ff_vfw.dll

2009-02-09 18:56 . 2009-02-22 17:44	53760	----a-w	c:\windows\system32\ffavisynth.dll

2009-02-09 18:55 . 2009-02-22 17:44	64512	----a-w	c:\windows\system32\FLT_ffdshow.dll

2009-02-09 18:55 . 2009-02-22 17:44	100352	----a-w	c:\windows\system32\makeAVIS.exe

2009-02-09 14:19 . 2006-03-02 12:00	1846528	----a-w	c:\windows\system32\win32k.sys

2009-02-09 11:52 . 2004-08-04 00:39	2017280	----a-w	c:\windows\system32\ntkrnlpa.exe

2009-02-09 11:52 . 2006-03-02 12:00	2137600	----a-w	c:\windows\system32\ntoskrnl.exe

2009-02-09 10:22 . 2006-03-02 12:00	725504	----a-w	c:\windows\system32\lsasrv.dll

2009-02-09 10:22 . 2006-03-02 12:00	686080	----a-w	c:\windows\system32\advapi32.dll

2009-02-09 10:22 . 2006-03-02 12:00	399360	----a-w	c:\windows\system32\rpcss.dll

2009-02-09 10:22 . 2006-03-02 12:00	722944	----a-w	c:\windows\system32\ntdll.dll

2009-02-09 10:10 . 2006-03-02 12:00	111104	----a-w	c:\windows\system32\services.exe

2009-02-06 16:54 . 2006-03-02 12:00	35328	----a-w	c:\windows\system32\sc.exe

2009-02-03 20:11 . 2006-03-02 12:00	55808	----a-w	c:\windows\system32\secur32.dll

2009-01-24 10:20 . 2008-10-20 14:36	263056	----a-w	C:\install.bmp

.


((((((((((((((((((((((((((((( SnapShot@2009-04-13_21.37.43,95 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-04-19 17:09 . 2009-04-19 17:09	16384 c:\windows\Temp\Perflib_Perfdata_3f4.dat

+ 2008-07-10 13:51 . 2008-07-09 07:57	26488 c:\windows\system32\spupdsvc.exe

- 2009-02-20 17:58 . 2007-11-30 11:21	19320 c:\windows\system32\spmsg.dll

+ 2009-02-20 17:58 . 2007-11-30 12:40	19320 c:\windows\system32\spmsg.dll

+ 2006-03-02 12:00 . 2009-02-03 20:11	55808 c:\windows\system32\secur32.dll

- 2006-03-02 12:00 . 2006-03-02 12:00	55808 c:\windows\system32\secur32.dll

+ 2006-03-02 12:00 . 2009-02-06 16:54	35328 c:\windows\system32\sc.exe

- 2006-03-02 12:00 . 2008-10-16 10:39	39424 c:\windows\system32\pngfilt.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	39424 c:\windows\system32\pngfilt.dll

+ 2006-03-02 12:00 . 2009-04-19 09:32	49712 c:\windows\system32\perfc015.dat

- 2006-03-02 12:00 . 2009-03-29 08:20	49712 c:\windows\system32\perfc015.dat

- 2006-03-02 12:00 . 2009-03-29 08:20	40128 c:\windows\system32\perfc009.dat

+ 2006-03-02 12:00 . 2009-04-19 09:32	40128 c:\windows\system32\perfc009.dat

+ 2008-07-10 13:36 . 2008-06-12 14:19	91648 c:\windows\system32\mtxoci.dll

+ 2006-03-02 12:00 . 2008-06-12 14:19	66560 c:\windows\system32\mtxclu.dll

- 2006-03-02 12:00 . 2006-03-02 12:00	66560 c:\windows\system32\mtxclu.dll

- 2008-07-10 13:36 . 2006-03-02 12:00	58880 c:\windows\system32\msdtclog.dll

+ 2008-07-10 13:36 . 2008-06-12 14:19	58880 c:\windows\system32\msdtclog.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	16384 c:\windows\system32\jsproxy.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	16384 c:\windows\system32\jsproxy.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	96768 c:\windows\system32\inseng.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	96768 c:\windows\system32\inseng.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	81920 c:\windows\system32\ieencode.dll

- 2006-03-02 12:00 . 2006-03-02 12:00	81920 c:\windows\system32\ieencode.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	55808 c:\windows\system32\extmgr.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	55808 c:\windows\system32\extmgr.dll

+ 2006-03-02 12:00 . 2009-02-03 20:11	55808 c:\windows\system32\dllcache\secur32.dll

- 2006-03-02 12:00 . 2006-03-02 12:00	55808 c:\windows\system32\dllcache\secur32.dll

+ 2006-03-02 12:00 . 2009-02-06 16:54	35328 c:\windows\system32\dllcache\sc.exe

+ 2006-03-02 12:00 . 2009-02-20 08:32	39424 c:\windows\system32\dllcache\pngfilt.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	39424 c:\windows\system32\dllcache\pngfilt.dll

+ 2008-07-10 13:36 . 2008-06-12 14:19	91648 c:\windows\system32\dllcache\mtxoci.dll

+ 2006-03-02 12:00 . 2008-06-12 14:19	66560 c:\windows\system32\dllcache\mtxclu.dll

- 2006-03-02 12:00 . 2006-03-02 12:00	66560 c:\windows\system32\dllcache\mtxclu.dll

- 2008-07-10 13:36 . 2006-03-02 12:00	58880 c:\windows\system32\dllcache\msdtclog.dll

+ 2008-07-10 13:36 . 2008-06-12 14:19	58880 c:\windows\system32\dllcache\msdtclog.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	16384 c:\windows\system32\dllcache\jsproxy.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	16384 c:\windows\system32\dllcache\jsproxy.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	96768 c:\windows\system32\dllcache\inseng.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	96768 c:\windows\system32\dllcache\inseng.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	81920 c:\windows\system32\dllcache\ieencode.dll

- 2006-03-02 12:00 . 2006-03-02 12:00	81920 c:\windows\system32\dllcache\ieencode.dll

+ 2008-07-10 13:37 . 2009-02-19 09:58	18432 c:\windows\system32\dllcache\iedw.exe

- 2008-07-10 13:37 . 2008-10-15 09:45	18432 c:\windows\system32\dllcache\iedw.exe

+ 2006-03-02 12:00 . 2009-02-20 08:32	55808 c:\windows\system32\dllcache\extmgr.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	55808 c:\windows\system32\dllcache\extmgr.dll

+ 2008-07-10 13:36 . 2005-07-26 04:42	60416 c:\windows\system32\dllcache\colbact.dll

+ 2008-07-10 13:36 . 2005-07-26 04:42	60416 c:\windows\system32\colbact.dll

+ 2006-01-31 14:45 . 2009-02-19 23:50	369152 c:\windows\system32\xpsp3res.dll

- 2006-01-31 14:45 . 2008-10-15 19:05	369152 c:\windows\system32\xpsp3res.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	662016 c:\windows\system32\wininet.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	662016 c:\windows\system32\wininet.dll

- 2006-03-02 12:00 . 2006-03-02 12:00	351232 c:\windows\system32\winhttp.dll

+ 2006-03-02 12:00 . 2008-12-16 12:51	351232 c:\windows\system32\winhttp.dll

+ 2008-07-10 13:36 . 2009-02-06 16:39	227840 c:\windows\system32\wbem\wmiprvse.exe

+ 2008-07-10 13:36 . 2009-02-09 10:22	453120 c:\windows\system32\wbem\wmiprvsd.dll

+ 2008-07-10 13:36 . 2009-02-09 10:22	473088 c:\windows\system32\wbem\fastprox.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	617472 c:\windows\system32\urlmon.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	474112 c:\windows\system32\shlwapi.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	474112 c:\windows\system32\shlwapi.dll

+ 2006-03-02 12:00 . 2009-02-09 10:10	111104 c:\windows\system32\services.exe

+ 2006-03-02 12:00 . 2009-02-09 10:22	399360 c:\windows\system32\rpcss.dll

+ 2006-03-02 12:00 . 2009-04-19 09:32	355830 c:\windows\system32\perfh015.dat

- 2006-03-02 12:00 . 2009-03-29 08:20	355830 c:\windows\system32\perfh015.dat

+ 2006-03-02 12:00 . 2009-04-19 09:32	311740 c:\windows\system32\perfh009.dat

- 2006-03-02 12:00 . 2009-03-29 08:20	311740 c:\windows\system32\perfh009.dat

+ 2006-03-02 12:00 . 2009-03-06 14:47	285184 c:\windows\system32\pdh.dll

- 2006-03-02 12:00 . 2006-03-02 12:00	285184 c:\windows\system32\pdh.dll

+ 2006-03-02 12:00 . 2009-02-09 10:22	722944 c:\windows\system32\ntdll.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	532480 c:\windows\system32\mstime.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	532480 c:\windows\system32\mstime.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	146432 c:\windows\system32\msrating.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	146432 c:\windows\system32\msrating.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	449024 c:\windows\system32\mshtmled.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	449024 c:\windows\system32\mshtmled.dll

+ 2008-07-10 13:36 . 2008-06-12 14:19	161792 c:\windows\system32\msdtcuiu.dll

+ 2008-07-10 13:36 . 2008-06-12 14:19	956928 c:\windows\system32\msdtctm.dll

+ 2008-07-10 13:36 . 2008-06-12 14:19	428032 c:\windows\system32\msdtcprx.dll

+ 2006-03-02 12:00 . 2009-02-09 10:22	725504 c:\windows\system32\lsasrv.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	251392 c:\windows\system32\iepeers.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	251392 c:\windows\system32\iepeers.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	205312 c:\windows\system32\dxtrans.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	205312 c:\windows\system32\dxtrans.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	357888 c:\windows\system32\dxtmsft.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	357888 c:\windows\system32\dxtmsft.dll

+ 2008-07-10 13:36 . 2008-04-21 21:28	218112 c:\windows\system32\dllcache\wordpad.exe

+ 2008-07-10 13:36 . 2009-02-06 16:39	227840 c:\windows\system32\dllcache\wmiprvse.exe

+ 2008-07-10 13:36 . 2009-02-09 10:22	453120 c:\windows\system32\dllcache\wmiprvsd.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	662016 c:\windows\system32\dllcache\wininet.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	662016 c:\windows\system32\dllcache\wininet.dll

+ 2006-03-02 12:00 . 2008-12-16 12:51	351232 c:\windows\system32\dllcache\winhttp.dll

- 2006-03-02 12:00 . 2006-03-02 12:00	351232 c:\windows\system32\dllcache\winhttp.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	617472 c:\windows\system32\dllcache\urlmon.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	474112 c:\windows\system32\dllcache\shlwapi.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	474112 c:\windows\system32\dllcache\shlwapi.dll

+ 2006-03-02 12:00 . 2009-02-09 10:10	111104 c:\windows\system32\dllcache\services.exe

+ 2006-03-02 12:00 . 2009-02-09 10:22	399360 c:\windows\system32\dllcache\rpcss.dll

+ 2006-03-02 12:00 . 2009-03-06 14:47	285184 c:\windows\system32\dllcache\pdh.dll

- 2006-03-02 12:00 . 2006-03-02 12:00	285184 c:\windows\system32\dllcache\pdh.dll

+ 2006-03-02 12:00 . 2009-02-09 10:22	722944 c:\windows\system32\dllcache\ntdll.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	532480 c:\windows\system32\dllcache\mstime.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	532480 c:\windows\system32\dllcache\mstime.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	146432 c:\windows\system32\dllcache\msrating.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	146432 c:\windows\system32\dllcache\msrating.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	449024 c:\windows\system32\dllcache\mshtmled.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	449024 c:\windows\system32\dllcache\mshtmled.dll

+ 2008-07-10 13:36 . 2008-06-12 14:19	161792 c:\windows\system32\dllcache\msdtcuiu.dll

+ 2008-07-10 13:36 . 2008-06-12 14:19	956928 c:\windows\system32\dllcache\msdtctm.dll

+ 2008-07-10 13:36 . 2008-06-12 14:19	428032 c:\windows\system32\dllcache\msdtcprx.dll

+ 2006-03-02 12:00 . 2009-02-09 10:22	725504 c:\windows\system32\dllcache\lsasrv.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	251392 c:\windows\system32\dllcache\iepeers.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	251392 c:\windows\system32\dllcache\iepeers.dll

+ 2008-07-10 13:36 . 2009-02-09 10:22	473088 c:\windows\system32\dllcache\fastprox.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	205312 c:\windows\system32\dllcache\dxtrans.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	205312 c:\windows\system32\dllcache\dxtrans.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	357888 c:\windows\system32\dllcache\dxtmsft.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	357888 c:\windows\system32\dllcache\dxtmsft.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	151552 c:\windows\system32\dllcache\cdfview.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	151552 c:\windows\system32\dllcache\cdfview.dll

+ 2006-03-02 12:00 . 2009-02-09 10:22	686080 c:\windows\system32\dllcache\advapi32.dll

- 2006-03-02 12:00 . 2006-03-02 12:00	686080 c:\windows\system32\dllcache\advapi32.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	151552 c:\windows\system32\cdfview.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	151552 c:\windows\system32\cdfview.dll

- 2006-03-02 12:00 . 2006-03-02 12:00	686080 c:\windows\system32\advapi32.dll

+ 2006-03-02 12:00 . 2009-02-09 10:22	686080 c:\windows\system32\advapi32.dll

+ 2006-03-02 12:00 . 2009-03-02 23:51	1495552 c:\windows\system32\shdocvw.dll

+ 2006-03-02 12:00 . 2008-12-20 22:44	1291264 c:\windows\system32\quartz.dll

- 2006-03-02 12:00 . 2008-05-07 05:16	1291264 c:\windows\system32\quartz.dll

- 2006-03-02 12:00 . 2008-08-14 13:46	2137600 c:\windows\system32\ntoskrnl.exe

+ 2006-03-02 12:00 . 2009-02-09 11:52	2137600 c:\windows\system32\ntoskrnl.exe

+ 2004-08-04 00:39 . 2009-02-09 11:52	2017280 c:\windows\system32\ntkrnlpa.exe

- 2004-08-04 00:39 . 2008-08-14 13:46	2017280 c:\windows\system32\ntkrnlpa.exe

+ 2006-03-02 12:00 . 2009-02-20 08:32	3080704 c:\windows\system32\mshtml.dll

+ 2006-03-02 12:00 . 2009-03-21 14:21	1014784 c:\windows\system32\kernel32.dll

+ 2006-03-02 12:00 . 2009-03-02 23:51	1495552 c:\windows\system32\dllcache\shdocvw.dll

+ 2006-03-02 12:00 . 2008-12-20 22:44	1291264 c:\windows\system32\dllcache\quartz.dll

- 2006-03-02 12:00 . 2008-05-07 05:16	1291264 c:\windows\system32\dllcache\quartz.dll

+ 2009-02-20 18:19 . 2009-02-09 11:52	2181760 c:\windows\system32\dllcache\ntoskrnl.exe

- 2009-02-20 18:19 . 2008-08-14 13:46	2017280 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2009-02-20 18:19 . 2009-02-09 11:52	2017280 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2009-02-20 18:19 . 2009-02-09 11:52	2059008 c:\windows\system32\dllcache\ntkrnlpa.exe

- 2009-02-20 18:19 . 2008-08-14 13:46	2059008 c:\windows\system32\dllcache\ntkrnlpa.exe

+ 2009-02-20 18:19 . 2009-02-09 11:52	2137600 c:\windows\system32\dllcache\ntkrnlmp.exe

- 2009-02-20 18:19 . 2008-08-14 13:46	2137600 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2006-03-02 12:00 . 2009-02-20 08:32	3080704 c:\windows\system32\dllcache\mshtml.dll

+ 2006-03-02 12:00 . 2009-03-21 14:21	1014784 c:\windows\system32\dllcache\kernel32.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	1055744 c:\windows\system32\dllcache\danim.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	1055744 c:\windows\system32\dllcache\danim.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	1023488 c:\windows\system32\dllcache\browseui.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	1023488 c:\windows\system32\dllcache\browseui.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	1055744 c:\windows\system32\danim.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	1055744 c:\windows\system32\danim.dll

+ 2006-03-02 12:00 . 2009-02-20 08:32	1023488 c:\windows\system32\browseui.dll

- 2006-03-02 12:00 . 2008-10-16 10:39	1023488 c:\windows\system32\browseui.dll

+ 2009-02-20 18:19 . 2009-02-09 11:52	2181760 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2009-02-20 18:19 . 2009-02-09 11:52	2017280 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2009-02-20 18:19 . 2008-08-14 13:46	2017280 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2009-02-20 18:19 . 2008-08-14 13:46	2059008 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2009-02-20 18:19 . 2009-02-09 11:52	2059008 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2009-02-20 18:19 . 2009-02-09 11:52	2137600 c:\windows\Driver Cache\i386\ntkrnlmp.exe

- 2009-02-20 18:19 . 2008-08-14 13:46	2137600 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2009-04-19 17:11 . 2009-04-06 05:57	24921544 c:\windows\system32\MRT.exe

.

-- Migawka wyzerowana --

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]

"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-16 9302632]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]


c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Ralink Wireless Utility.lnk - c:\windows\RaUI.exe [2009-02-19 598016]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.asv2"= asusasv2.dll

"msacm.avis"= ff_acm.acm


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]

--a------ 2007-07-18 16:20 1114112 c:\program files\ASUS\SmartDoctor\SmartDoctor.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]

--a------ 2007-07-12 11:03 380928 c:\program files\ASUS\GamerOSD\GamerOSD.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-06-01 10:21 153136 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]

--------- 2007-06-07 15:01 155648 c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameFace Messenger]

--a------ 2006-11-01 15:50 2154496 c:\program files\GameFace Messenger\GameFace.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]

--------- 2006-07-13 08:12 729088 c:\program files\Analog Devices\SoundMAX\SMax4.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

-ra------ 2006-12-18 15:34 868352 c:\program files\Analog Devices\Core\smax4pnp.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0420Mon.exe]

--a------ 2007-04-30 03:00 32768 c:\windows\V0420Mon.exe


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=


S1 aswSP;avast! Self Protection; [x]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

S3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\DRIVERS\V0420Vid.sys [2007-05-31 99648]


.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.pl/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {729DCD91-BA87-493F-949A-CEDED4E42503} = 192.252.205.1 217.17.34.10

FF - ProfilePath - c:\documents and settings\aaa\Dane aplikacji\Mozilla\Firefox\Profiles\9z0cw2cx.default\

FF - prefs.js: browser.search.selectedEngine - Wirtualna Polska

FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=

.


**************************************************************************


catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-19 19:20

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'explorer.exe'(2260)

c:\windows\system32\msi.dll

.

Czas ukończenia: 2009-04-19 19:20

ComboFix-quarantined-files.txt 2009-04-19 17:20

ComboFix2.txt 2009-04-13 19:38


Przed: 79 676 547 072 bajtów wolnych

Po: 79,736,643,584 bajtów wolnych


315	--- E O F ---	2009-04-19 17:12