Błąd shimgvw.dll
Zdjęcia jedynie da się otwierać w paincie…
wklejam loga Combo Fix
shimgvw.dll
ComboFix 10-03-16.05 - Paulina 2010-03-17 13:19:26.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1015.519 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Paulina\Moje dokumenty\Pobieranie\ComboFix.exe
AV: Kaspersky Anti-Virus Personal *On-access scanning enabled* (Outdated) {816CD617-99F4-4B18-828E-80582E4B044D}
.
ADS - svchost.exe: deleted 36 bytes in 1 streams.
ADS - explorer.exe: deleted 36 bytes in 1 streams.
ADS - win32k.sys: deleted 36 bytes in 1 streams.
ADS - netcfgx.dll: deleted 36 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Alcmtr.exe
c:\windows\autorun.inf
c:\windows\svchost.exe
c:\windows\system32\temp1.exe
c:\windows\system32\temp2.exe
c:\windows\xcopy.exe
D:\autorun.inf
D:\copy.exe
D:\host.exe
E:\Autorun.inf
E:\copy.exe
E:\host.exe
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DAC970NT
-------\Service_dac970nt
((((((((((((((((((((((((( Pliki utworzone od 2010-02-17 do 2010-03-17 )))))))))))))))))))))))))))))))
.
2010-03-17 12:23 . 2010-03-17 12:23 -------- d-----w- c:\windows\system32\xircom
2010-03-17 12:23 . 2010-03-17 12:23 -------- d-----w- c:\windows\system32\wbem\snmp
2010-03-17 12:12 . 2010-03-17 12:12 -------- d-----w- c:\documents and settings\Paulina\Dane aplikacji\Uniblue
2010-03-17 12:12 . 2010-03-17 12:12 -------- d-----w- c:\program files\Uniblue
2010-03-17 12:12 . 2010-03-17 12:11 4004928 ----a-w- c:\windows\system32\cbaffregistrybooster.exe
2010-03-16 22:04 . 2010-03-16 22:04 -------- d-----w- c:\documents and settings\Paulina\Ustawienia lokalne\Dane aplikacji\Winamp Toolbar
2010-03-16 19:49 . 2010-03-16 19:49 12328 ----a-w- c:\documents and settings\Paulina\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-03-16 19:48 . 2009-09-03 09:45 120568 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-16 19:48 . 2009-09-03 09:45 118256 ------w- c:\windows\system32\pxinsi64.exe
2010-03-16 18:53 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-16 18:53 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-03-16 18:53 . 2010-03-16 18:53 -------- d-----w- c:\windows\Logs
2010-03-16 18:53 . 2010-03-16 18:53 -------- d-----w- c:\program files\Winamp Detect
2010-03-16 18:53 . 2010-03-16 18:53 -------- d-----w- c:\program files\Winamp Toolbar
2010-03-16 18:53 . 2010-03-16 18:53 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar
2010-03-09 14:32 . 2010-03-09 14:32 -------- d-----w- c:\documents and settings\Paulina\Ustawienia lokalne\Dane aplikacji\Identities
2010-03-03 17:05 . 2010-03-03 17:05 -------- d-----w- c:\program files\Gadu-Gadu 10
2010-02-21 10:44 . 2010-02-21 10:44 -------- d-----w- c:\windows\Sun
2010-02-21 09:54 . 2010-02-21 09:54 152576 ----a-w- c:\documents and settings\Paulina\Dane aplikacji\Sun\Java\jre1.6.0_15\lzma.dll
2010-02-21 09:50 . 2010-02-21 09:50 152576 ----a-w- c:\documents and settings\Paulina\Dane aplikacji\Sun\Java\jre1.6.0_12\lzma.dll
2010-02-21 09:48 . 2010-02-21 09:48 61440 ----a-w- c:\documents and settings\Paulina\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-46604c2c-n\decora-sse.dll
2010-02-21 09:48 . 2010-02-21 09:48 12800 ----a-w- c:\documents and settings\Paulina\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-46604c2c-n\decora-d3d.dll
2010-02-21 09:48 . 2010-02-21 09:48 503808 ----a-w- c:\documents and settings\Paulina\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-27767bba-n\msvcp71.dll
2010-02-21 09:48 . 2010-02-21 09:48 499712 ----a-w- c:\documents and settings\Paulina\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-27767bba-n\jmc.dll
2010-02-21 09:48 . 2010-02-21 09:48 348160 ----a-w- c:\documents and settings\Paulina\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-27767bba-n\msvcr71.dll
2010-02-21 09:48 . 2010-02-21 09:48 -------- d-----w- c:\program files\Common Files\Java
2010-02-21 09:48 . 2010-02-21 09:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-21 09:48 . 2010-02-21 09:54 -------- d-----w- c:\program files\Java
2010-02-19 14:19 . 2010-02-19 14:19 -------- d-----w- c:\documents and settings\Paulina\Dane aplikacji\Media Player Classic
2010-02-17 21:06 . 2010-03-10 22:23 -------- d-----w- c:\documents and settings\Paulina.gstreamer-0.10
2010-02-17 21:06 . 2010-03-06 09:50 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2010-02-17 21:06 . 2010-02-17 21:06 -------- d-----w- c:\documents and settings\Paulina\Dane aplikacji\OpenFM
2010-02-17 20:58 . 2010-03-11 19:10 -------- d-----w- c:\documents and settings\Paulina\Dane aplikacji\Nowe Gadu-Gadu
2010-02-17 20:57 . 2010-03-03 17:03 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2010-02-17 20:52 . 2010-02-17 20:52 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2010-02-17 20:52 . 2010-02-17 20:52 1060864 ----a-w- c:\windows\system32\mfc71.dll
2010-02-17 20:50 . 2010-02-17 20:50 -------- d-----w- c:\documents and settings\Paulina\Ustawienia lokalne\Dane aplikacji\cache
2010-02-17 20:49 . 2010-02-17 20:49 -------- d-----w- c:\documents and settings\Paulina\Dane aplikacji\Gadu-Gadu 10
2010-02-17 20:49 . 2010-02-17 20:49 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10
2010-02-17 20:15 . 2010-02-17 20:15 -------- d-----w- c:\windows\system32\Adobe
2010-02-17 20:13 . 2010-02-17 20:13 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NOS
2010-02-17 20:13 . 2010-02-17 20:13 -------- d-----w- c:\program files\NOS
2010-02-17 20:13 . 2010-01-25 09:02 31936 ----a-w- c:\documents and settings\Paulina\Dane aplikacji\Mozilla\Firefox\Profiles\6oj3qdzw.default\extensions{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-02-17 20:13 . 2010-01-25 09:02 29344 ----a-w- c:\documents and settings\Paulina\Dane aplikacji\Mozilla\Firefox\Profiles\6oj3qdzw.default\extensions{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-02-17 20:12 . 2010-03-16 19:49 -------- d-----w- c:\documents and settings\Paulina\Ustawienia lokalne\Dane aplikacji\Adobe
2010-02-17 20:11 . 2010-02-17 20:11 -------- d-----w- c:\program files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-17 12:23 . 2010-03-17 12:23 -------- d-----w- c:\program files\microsoft frontpage
2010-03-17 09:02 . 2010-03-16 18:52 -------- d-----w- c:\documents and settings\Paulina\Dane aplikacji\Winamp
2010-03-16 19:53 . 2010-03-16 18:52 -------- d-----w- c:\program files\Winamp
2010-02-17 21:40 . 2010-02-17 21:39 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-17 18:48 . 2010-02-17 18:48 57772 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\Bases\ids00102.sys
2010-02-17 18:48 . 2010-02-17 18:48 23080 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\Bases\klfw.sys
2010-02-17 18:48 . 2010-02-17 18:48 12297 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\Bases\klstm.sys
2010-02-17 18:48 . 2010-02-17 18:48 12232 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal\5.0\Bases\klcr.sys
2010-02-17 18:46 . 2010-02-17 18:46 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal
2010-02-17 18:46 . 2010-02-17 18:46 -------- d-----w- c:\program files\Kaspersky Lab
2010-02-17 18:41 . 2010-02-17 18:41 0 ----a-w- c:\windows\nsreg.dat
2010-02-17 18:23 . 2010-02-17 18:20 -------- d-----w- c:\program files\Realtek
2010-02-17 18:23 . 2010-02-17 18:20 -------- d–h--w- c:\program files\InstallShield Installation Information
2010-02-17 18:23 . 2010-02-17 18:23 -------- d-----w- c:\documents and settings\Paulina\Dane aplikacji\InstallShield
2010-02-17 18:20 . 2010-02-17 18:20 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-17 18:14 . 2010-02-17 18:14 -------- d-----w- c:\program files\Intel
2010-02-17 18:13 . 2010-02-17 18:13 -------- d-----w- c:\program files\Yahoo!
2010-02-17 18:11 . 2001-10-26 16:15 49712 ----a-w- c:\windows\system32\perfc015.dat
2010-02-17 18:11 . 2001-10-26 16:15 355830 ----a-w- c:\windows\system32\perfh015.dat
2010-02-17 18:07 . 2010-02-17 17:57 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-17 17:57 . 2010-02-17 17:57 -------- d-----w- c:\program files\Usługi online
2010-02-17 17:55 . 2010-02-17 17:55 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-17 17:54 . 2010-02-17 17:54 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-22 18:11 . 2010-01-22 18:11 62800 ----a-w- c:\documents and settings\Paulina\Dane aplikacji\Mozilla\Firefox\Profiles\6oj3qdzw.default\extensions{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
2010-01-20 12:05 . 2010-01-20 12:05 42088 ----a-w- c:\documents and settings\Paulina\Dane aplikacji\Gadu-Gadu 10_userdata\ggbho.2.dll
2010-01-20 12:03 . 2010-01-20 12:03 11776 ----a-w- c:\documents and settings\Paulina\Dane aplikacji\Gadu-Gadu 10_userdata\npgg.2.dll
2010-01-18 06:30 . 2010-01-18 06:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-18 06:30 . 2010-01-18 06:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
2008-04-14 20:50 . 2008-04-14 20:50 163185 --sha-r- c:\windows\system32\sngmf.dll
.
------- Sigcheck -------
[-] 2008-05-02 . 8E036EEC565910417EA020CE0962AA24 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-14 . D9BD28BA6BB45A4C68DFE7E98C34FEDF . 1113088 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}”= “c:\program files\Winamp Toolbar\winamptb.dll” [2009-05-06 1262888]
[HKEY_CLASSES_ROOT\clsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Gadu-Gadu 10”=“c:\program files\Gadu-Gadu 10\gg.exe” [2010-01-20 12141160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“igfxtray”=“c:\windows\system32\igfxtray.exe” [2005-11-28 180224]
“igfxhkcmd”=“c:\windows\system32\hkcmd.exe” [2005-11-28 147456]
“igfxpers”=“c:\windows\system32\igfxpers.exe” [2005-11-28 192512]
“RTHDCPL”=“RTHDCPL.EXE” [2006-11-14 16270848]
“SkyTel”=“SkyTel.EXE” [2006-05-16 2879488]
“KAVPersonal50”=“c:\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe” [2006-03-20 168039]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-12-22 105392]
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe” [2009-12-11 1018304]
“WinampAgent”=“c:\program files\Winamp\winampa.exe” [2010-01-13 37888]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
“nltide_2”=“shell32” [X]
“nltide_3”=“advpack.dll” [2008-03-01 124928]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“DisableTaskMgr”= 1 (0x1)
“DisableRegistryTools”= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“AntiVirusOverride”=dword:00000001
“AntiVirusDisableNotify”=dword:00000001
“FirewallDisableNotify”=dword:00000001
“FirewallOverride”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
“UacDisableNotify”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“%windir%\system32\sessmgr.exe”=
“c:\WINDOWS\system32\igfxtray.exe”=
“c:\Program Files\Mozilla Firefox\firefox.exe”=
“c:\WINDOWS\system32\regsvr32.exe”=
“c:\WINDOWS\system32\igfxpers.exe”=
“c:\WINDOWS\system32\hkcmd.exe”=
“c:\Program Files\Nowe Gadu-Gadu\gg.exe”=
“c:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe”=
“c:\Program Files\Gadu-Gadu 10\gg.exe”=
“c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”=
“c:\WINDOWS\system32\dumprep.exe”=
“c:\Program Files\Nowe Gadu-Gadu\open-fm.exe”=
“c:\Program Files\Messenger\msmsgs.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“1768:TCP”= 1768:TCP:nbdtrfu
R1 Klmc;Klmc;c:\windows\system32\drivers\klmc.sys [2006-03-20 10899]
S2 kfoscgpat;Boot System;c:\windows\system32\svchost.exe -k netsvcs [2008-04-14 14336]
— Inne Usługi/Sterowniki w Pamięci —
*NewlyCreated* - DAC970NT
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
kfoscgpat
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://google.pl/
mStart Page = hxxp://www.yahoo.com
IE: &Winamp Search - c:\documents and settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
TCP: {D0D8F811-F40F-4613-943C-444669116657} = 194.204.159.1,195.136.61.1
FF - ProfilePath - c:\documents and settings\Paulina\Dane aplikacji\Mozilla\Firefox\Profiles\6oj3qdzw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli … ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli … pab&query=
FF - component: c:\documents and settings\Paulina\Dane aplikacji\Mozilla\Firefox\Profiles\6oj3qdzw.default\extensions{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\documents and settings\Paulina\Dane aplikacji\Gadu-Gadu 10_userdata\npgg.2.dll
FF - plugin: c:\documents and settings\Paulina\Dane aplikacji\Mozilla\Firefox\Profiles\6oj3qdzw.default\extensions{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-17 13:24
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kfoscgpat]
“ServiceDll”=“c:\windows\system32\sngmf.dll”
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- > ‘explorer.exe’(3516)
-
-
-
-
-
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.POL
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2010-03-17 13:25:42 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-03-17 12:25
Przed: 14 690 177 024 bajtów wolnych
Po: 14 650 384 384 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect
-
- End Of File - - BA32FC2C34484863DE2ADEB3C84EE8C9