Nie moge zmienić tapety mam niebieski ekran a na nim text który brzmi " zarażony kompyter itp." i jeszcze zablokowany menadżer zadań prosze o sprawdzenie loga za wszystkie błędy przepraszam pierwszy post moj 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:22, on 2008-09-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\uesiuqcr.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
E:\GG\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\regedit.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\AMD\USTAWI~1\Temp\Katalog tymczasowy 2 dla HiJackThis.zip\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - D:\Nowy folder\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”
O4 - HKLM…\Run: [FlashGet] “D:\Nowy folder\FlashGet universal\FlashGet.exe” /min
O4 - HKLM…\Run: [Malwarebytes Anti-Malware (reboot)] “D:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU…\Run: [Gadu-Gadu] “E:\GG\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [Orb] “C:\Program Files\Winamp Remote\bin\OrbTray.exe” /background
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All by FlashGet - D:\Nowy folder\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - D:\Nowy folder\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
–
End of file - 5515 bytes
Logo z Combofix:
ComboFix 08-09-05.02 - AMD 2008-09-06 13:31:08.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.524 [GMT 2:00]
Running from: C:\Documents and Settings\AMD\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\AMD\Dane aplikacji\BITS\BITS.ini
C:\Documents and Settings\AMD\Dane aplikacji\BITS\DHTTable.dat
C:\Documents and Settings\AMD\Dane aplikacji\BITS\ProxyList.ini
C:\Documents and Settings\AMD\Dane aplikacji\BITS\UPnP.ini
C:\WINDOWS\default.htm
C:\WINDOWS\system32\getsn32.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))
.
2008-09-06 12:47 . 2008-09-06 12:47 61,440 --a------ C:\WINDOWS\system32\drivers\jfmmstus.sys
2008-09-06 11:58 . 2008-09-06 13:32
2008-09-06 11:58 . 2008-09-06 12:00
2008-09-06 11:58 . 2008-08-26 13:10
2008-09-06 11:58 . 2008-09-06 12:19
2008-09-06 11:58 . 2008-08-26 15:02
2008-09-06 11:58 . 2008-08-26 15:02
2008-09-06 11:58 . 2008-08-26 15:02
2008-09-06 11:58 . 2008-09-06 11:58
2008-09-05 22:58 . 2005-02-25 05:36 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-09-05 22:50 . 2008-09-05 22:50
2008-09-05 22:47 . 2008-09-05 22:56
2008-09-05 22:00 . 2008-09-05 22:00
2008-09-05 22:00 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-05 22:00 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-05 21:59 . 2008-09-05 21:59
2008-09-05 21:49 . 2008-09-05 21:57
2008-09-05 21:17 . 2008-09-06 13:32
2008-09-05 17:49 . 2008-09-05 17:49 85,008 --a------ C:\WINDOWS\system32\uesiuqcr.exe
2008-09-05 17:49 . 2008-09-06 12:25 8,704 --a------ C:\WINDOWS\system32\smwin32.dll
2008-09-02 22:17 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-31 12:07 . 2008-08-31 12:07
2008-08-31 12:07 . 2008-08-31 12:07
2008-08-31 12:07 . 2008-08-31 12:07
2008-08-31 12:07 . 2008-08-31 12:08
2008-08-31 12:04 . 2008-08-31 12:09
2008-08-31 12:04 . 2008-08-31 12:10
2008-08-31 12:04 . 2007-03-08 01:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-08-31 12:04 . 2007-03-08 01:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-08-31 12:04 . 2007-03-08 01:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-08-29 13:48 . 2008-08-29 13:48
2008-08-27 14:18 . 2008-09-05 20:08 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-27 00:36 . 2008-08-27 00:36
2008-08-27 00:26 . 2008-08-27 00:26
2008-08-26 21:49 . 2008-08-26 22:29
2008-08-26 17:51 . 2008-08-26 17:51
2008-08-26 17:46 . 2008-08-26 17:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-26 17:43 . 2008-08-26 17:43
2008-08-26 17:38 . 2008-09-01 09:59
2008-08-26 15:05 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-08-26 15:04 . 2006-08-11 21:42 4,496,128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-08-26 15:04 . 2006-08-11 21:42 3,958,496 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-08-26 15:04 . 2006-08-11 21:42 3,958,496 --a–c— C:\WINDOWS\system32\dllcache\nv4_mini.sys
2008-08-26 15:04 . 2004-08-04 02:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-08-26 15:04 . 2004-08-04 00:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-08-26 15:03 . 2004-08-04 02:44 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-08-26 15:03 . 2004-08-04 01:07 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2008-08-26 15:03 . 2001-08-17 22:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2008-08-26 15:02 . 2008-08-26 15:02
2008-08-26 15:02 . 2008-08-26 15:02
2008-08-26 15:02 . 2008-08-26 13:10
2008-08-26 15:02 . 2008-08-26 15:02
2008-08-26 15:02 . 2008-08-26 15:02
2008-08-26 15:02 . 2008-08-26 15:02
2008-08-26 15:02 . 2008-08-26 15:02
2008-08-26 15:02 . 2008-08-26 15:02
2008-08-26 15:02 . 2008-08-26 14:35
2008-08-26 15:02 . 2008-09-05 22:00
2008-08-26 15:02 . 2008-08-26 14:53
2008-08-26 15:02 . 2008-08-26 13:11
2008-08-26 15:02 . 2008-09-05 21:59
2008-08-26 15:01 . 2008-08-26 14:31
2008-08-26 15:01 . 2008-08-26 13:13
2008-08-26 15:01 . 2008-09-06 11:58
2008-08-26 15:00 . 2008-08-26 13:16 261 --a------ C:\WINDOWS\system32$winnt$.inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 14:16 --------- d-----w C:\Program Files\ALLPlayer
2008-08-26 12:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-08-26 12:43 --------- d-----w C:\Documents and Settings\AMD\Dane aplikacji\OpenOffice.org2
2008-08-26 12:35 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-08-26 12:34 --------- d-----w C:\Program Files\Java
2008-08-26 12:33 --------- d-----w C:\Program Files\Common Files\Java
2008-08-26 12:33 --------- d-----w C:\Program Files\Alwil Software
2008-08-26 12:32 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-08-26 12:32 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-26 11:59 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-26 11:58 --------- d-----w C:\Program Files\Nero
2008-08-26 11:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-08-26 11:54 --------- d-----w C:\Program Files\XviD
2008-08-26 11:54 --------- d-----w C:\Program Files\DivX Total Pack
2008-08-26 11:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-26 11:14 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-26 11:13 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2008-07-16 1266992]
[HKEY_CLASSES_ROOT\clsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-27 152872]
“Gadu-Gadu”=“E:\GG\Gadu-Gadu\gg.exe” [2008-03-20 2127296]
“Orb”=“C:\Program Files\Winamp Remote\bin\OrbTray.exe” [2008-04-01 507904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-08-11 7630848]
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 153136]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe” [2005-08-26 36975]
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-08-04 36352]
“FlashGet”=“D:\Nowy folder\FlashGet universal\FlashGet.exe” [2008-08-19 1795656]
“Malwarebytes Anti-Malware (reboot)”=“D:\Program Files\Malwarebytes’ Anti-Malware\mbam.exe” [2008-09-02 1244848]
“SoundMan”=“SOUNDMAN.EXE” [2003-12-19 C:\WINDOWS\SOUNDMAN.EXE]
“nwiz”=“nwiz.exe” [2006-08-11 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“NvMCTray.dll” [2006-08-11 C:\WINDOWS\system32\nvmctray.dll]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“DisableTaskMgr”= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“DisableTaskMgr”= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“Userinit”=“C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\uesiuqcr.exe,”
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.divxa32”= DivXa32.acm
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Winamp Remote\bin\Orb.exe”=
“C:\Program Files\Winamp Remote\bin\OrbTray.exe”=
“C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”=
“D:\Nowy folder\FlashGet universal\FlashGet.exe”=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\AMD\Dane aplikacji\Mozilla\Firefox\Profiles\hg83qrcm.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_05\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 13:32:22
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-06 13:32:58
ComboFix-quarantined-files.txt 2008-09-06 11:32:56
ComboFix2.txt 2008-09-05 19:35:17
Pre-Run: 78,282,227,712 bajtów wolnych
Post-Run: 78,282,473,472 bajtów wolnych
180 — E O F — 2008-09-05 20:58:04
Jak skanuje komputer programem Malwarebytes’ Anti-Malware to mi wynajduje :
Trojan.Agent
hijack.desktop
hijack.TaskManager
LOG Z COMBOFIXA
ComboFix 08-09-05.02 - AMD 2008-09-06 14:24:44.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.496 [GMT 2:00]
Running from: C:\Documents and Settings\AMD\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\AMD\Pulpit\CFScript.txt
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\AMD\Dane aplikacji\BITS
C:\WINDOWS\default.htm
C:\WINDOWS\system32\drivers\jfmmstus.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SETUPNTGLM7X
-------\Service_SetupNTGLM7X
((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))
.
2008-09-06 14:27 . 2008-09-06 14:27
2008-09-06 11:58 . 2008-09-06 14:25
2008-09-06 11:58 . 2008-09-06 12:00
2008-09-06 11:58 . 2008-08-26 13:10
2008-09-06 11:58 . 2008-09-06 12:19
2008-09-06 11:58 . 2008-08-26 15:02
2008-09-06 11:58 . 2008-08-26 15:02
2008-09-06 11:58 . 2008-08-26 15:02
2008-09-06 11:58 . 2008-09-06 11:58
2008-09-05 22:58 . 2005-02-25 05:36 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-09-05 22:50 . 2008-09-05 22:50
2008-09-05 22:47 . 2008-09-05 22:56
2008-09-05 22:00 . 2008-09-05 22:00
2008-09-05 22:00 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-05 22:00 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-05 21:59 . 2008-09-05 21:59
2008-09-05 21:49 . 2008-09-05 21:57
2008-09-05 17:49 . 2008-09-05 17:49 85,008 --a------ C:\WINDOWS\system32\uesiuqcr.exe
2008-09-05 17:49 . 2008-09-06 12:25 8,704 --a------ C:\WINDOWS\system32\smwin32.dll
2008-09-02 22:17 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-31 12:07 . 2008-08-31 12:07
2008-08-31 12:07 . 2008-08-31 12:07
2008-08-31 12:07 . 2008-08-31 12:07
2008-08-31 12:07 . 2008-08-31 12:08
2008-08-31 12:04 . 2008-08-31 12:09
2008-08-31 12:04 . 2008-08-31 12:10
2008-08-31 12:04 . 2007-03-08 01:51 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-08-31 12:04 . 2007-03-08 01:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-08-31 12:04 . 2007-03-08 01:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-08-29 13:48 . 2008-08-29 13:48
2008-08-27 14:18 . 2008-09-05 20:08 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-08-27 00:36 . 2008-08-27 00:36
2008-08-27 00:26 . 2008-08-27 00:26
2008-08-26 21:49 . 2008-08-26 22:29
2008-08-26 17:51 . 2008-08-26 17:51
2008-08-26 17:46 . 2008-08-26 17:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-26 17:43 . 2008-08-26 17:43
2008-08-26 17:38 . 2008-09-01 09:59
2008-08-26 15:05 . 2001-08-17 23:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-08-26 15:04 . 2006-08-11 21:42 4,496,128 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-08-26 15:04 . 2006-08-11 21:42 3,958,496 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-08-26 15:04 . 2006-08-11 21:42 3,958,496 --a–c— C:\WINDOWS\system32\dllcache\nv4_mini.sys
2008-08-26 15:04 . 2004-08-04 02:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-08-26 15:04 . 2004-08-04 00:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-08-26 15:03 . 2004-08-04 02:44 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-08-26 15:03 . 2004-08-04 01:07 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2008-08-26 15:03 . 2001-08-17 22:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2008-08-26 15:02 . 2008-08-26 15:02
2008-08-26 15:02 . 2008-08-26 15:02
2008-08-26 15:02 . 2008-08-26 13:10
2008-08-26 15:02 . 2008-08-26 15:02
2008-08-26 15:02 . 2008-08-26 15:02
2008-08-26 15:02 . 2008-08-26 15:02
2008-08-26 15:02 . 2008-08-26 15:02
2008-08-26 15:02 . 2008-08-26 15:02
2008-08-26 15:02 . 2008-08-26 14:35
2008-08-26 15:02 . 2008-09-05 22:00
2008-08-26 15:02 . 2008-08-26 14:53
2008-08-26 15:02 . 2008-08-26 13:11
2008-08-26 15:02 . 2008-09-05 21:59
2008-08-26 15:01 . 2008-08-26 14:31
2008-08-26 15:01 . 2008-08-26 13:13
2008-08-26 15:01 . 2008-09-06 11:58
2008-08-26 15:00 . 2008-08-26 13:16 261 --a------ C:\WINDOWS\system32$winnt$.inf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 14:16 --------- d-----w C:\Program Files\ALLPlayer
2008-08-26 12:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-08-26 12:43 --------- d-----w C:\Documents and Settings\AMD\Dane aplikacji\OpenOffice.org2
2008-08-26 12:35 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-08-26 12:34 --------- d-----w C:\Program Files\Java
2008-08-26 12:33 --------- d-----w C:\Program Files\Common Files\Java
2008-08-26 12:33 --------- d-----w C:\Program Files\Alwil Software
2008-08-26 12:32 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-08-26 12:32 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-26 11:59 --------- d-----w C:\Program Files\Common Files\Ahead
2008-08-26 11:58 --------- d-----w C:\Program Files\Nero
2008-08-26 11:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-08-26 11:54 --------- d-----w C:\Program Files\XviD
2008-08-26 11:54 --------- d-----w C:\Program Files\DivX Total Pack
2008-08-26 11:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-26 11:14 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-26 11:13 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((( snapshot@2008-09-06_13.32.39.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-06 12:27:04 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_58c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2008-07-16 1266992]
[HKEY_CLASSES_ROOT\clsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-27 152872]
“Gadu-Gadu”=“E:\GG\Gadu-Gadu\gg.exe” [2008-03-20 2127296]
“Orb”=“C:\Program Files\Winamp Remote\bin\OrbTray.exe” [2008-04-01 507904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-08-11 7630848]
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 153136]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe” [2005-08-26 36975]
“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-08-04 36352]
“FlashGet”=“D:\Nowy folder\FlashGet universal\FlashGet.exe” [2008-08-19 1795656]
“SoundMan”=“SOUNDMAN.EXE” [2003-12-19 C:\WINDOWS\SOUNDMAN.EXE]
“nwiz”=“nwiz.exe” [2006-08-11 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“NvMCTray.dll” [2006-08-11 C:\WINDOWS\system32\nvmctray.dll]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.divxa32”= DivXa32.acm
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Winamp Remote\bin\Orb.exe”=
“C:\Program Files\Winamp Remote\bin\OrbTray.exe”=
“C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”=
“D:\Nowy folder\FlashGet universal\FlashGet.exe”=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S0 zkugboea;zkugboea;C:\WINDOWS\system32\drivers\jfmmstus.sys []
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 14:27:27
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2008-09-06 14:28:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-06 12:28:25
ComboFix2.txt 2008-09-06 11:32:59
ComboFix3.txt 2008-09-05 19:35:17
Pre-Run: 78,269,194,240 bajtów wolnych
Post-Run: 78,268,956,672 bajt˘w wolnych
178 — E O F — 2008-09-05 20:58:04
Thx za pomoc już wszystko działa wporządku