problemC:\Windows\System32\drivers\sfsync04.sys co to jest?

ad aware wykrył problem z sfsync04.sys; nie wiem czy to wirus czy coś innego, jeżeli ktoś miał z tym problem to będę bardzo wdzięczna za radę, za każdym razem jak to próbuje usunąc pojawia się z powrotem, co można z tym zrobić i co to faktycznie jest,dzięki

Dodane 10.06.2009 (Śr) 19:05

wklejam loga proszę o analizę

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:57:09, on 10/06/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\vVX1000.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\ehome\ehtray.exe

D:\Skype\Phone\Skype.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)

O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM…\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKLM…\Run: [VX1000] C:\Windows\vVX1000.exe

O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM…\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

O4 - HKLM…\Run: [LifeCam] “C:\Program Files\Microsoft LifeCam\LifeExp.exe”

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [itype] “C:\Program Files\Microsoft IntelliType Pro\itype.exe”

O4 - HKLM…\Run: [intelliPoint] “C:\Program Files\Microsoft IntelliPoint\ipoint.exe”

O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice

O4 - HKCU…\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU…\Run: [skype] “D:\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe

O4 - HKUS\S-1-5-19…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)

O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)

O4 - HKUS\S-1-5-20…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow … ab_nvd.cab

O17 - HKLM\System\CCS\Services\Tcpip…{5BE7CE20-F3F9-4C5C-8CF8-0F493CA04EA1}: NameServer = 172.30.140.69 172.31.76.69

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: mks_vir (mks_services) - Unknown owner - D:\Program Files\bin\mks_services.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

End of file - 8182 bytes

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 uruchom dwuklikiem

pokaż log

Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy

:slight_smile:

widzę że chyba nikt mi nie pomoże, to jakieś nowe paskudztwo ale przywróciłam system do kilku dni wstecz i narazie tego nie ma -zobaczymy na ile pomogło wiem że czasami one się kopiują i nawet po przywróceniu systemu znowu są po pewnym czasie ale zobaczymy, gdyby jednak ktoś spotkał sie z takim problem to chętnie wysłucham rad jak to zawalczyć,

Dodane 10.06.2009 (Śr) 22:37

dobrze usunę to hijack thisem, ale z tym combofix mam mały problem bo adawre nie moge wyłączyć więc chciałam go odinstalować ale nie udało mi się wszystkich komponentów i te co zostały nie chcą sie wcale dać usunąc i blokuja combofia ale zobaczę

Dodane 10.06.2009 (Śr) 22:55

usunęłam te zaznaczonem i zobaczę teraz z tym combofixem

Dodane 10.06.2009 (Śr) 23:21

za nic w świecie nie mogę usunąc adaware i tym samym nie mogę uruchomić combofix bo zniszczy komputer może sprubuje jeszcze z czegoś innego zrobić skan

Dodane 11.06.2009 (Cz) 0:46

wklejam z combofixa

ComboFix 09-06-09.06 - magda wladca 10/06/2009 23:26.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.1318 [GMT 1:00]

Running from: c:\users\magda wladca\Desktop\ComboFix.exe

SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\AutoRun.inf

D:\desktop.ini

.

((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))

.

2009-06-10 22:30 . 2009-06-10 22:30 -------- d-----w- c:\users\magda wladca\AppData\Local\temp

2009-06-10 21:33 . 2009-06-10 21:33 -------- d-sh–w- \Config.Msi

2009-06-10 20:27 . 2009-06-10 20:27 -------- d-----w- c:\windows\CheckSur

2009-06-10 20:23 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-10 20:23 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-06-10 20:18 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2009-06-10 18:44 . 2009-06-10 18:44 -------- d-----w- C:\rsit

2009-06-10 18:44 . 2009-06-10 18:44 -------- d-----w- \rsit

2009-06-10 18:31 . 2009-06-10 18:31 -------- d-----w- C:_OTL

2009-06-10 18:31 . 2009-06-10 18:31 -------- d-----w- _OTL

2009-06-10 17:51 . 2009-06-10 17:51 -------- d-----w- c:\users\magda wladca\DoctorWeb

2009-06-10 17:22 . 2009-06-10 22:28 -------- d—a-w- \Qoobox

2009-06-10 16:56 . 2009-06-10 16:56 -------- d-----w- c:\program files\Trend Micro

2009-06-10 16:03 . 2009-06-10 16:03 -------- d-----w- c:\users\magda wladca\AppData\Roaming\Uniblue

2009-06-10 15:57 . 2009-06-10 15:58 -------- d-----w- c:\users\magda wladca\spóldzielnia 1

2009-06-02 14:51 . 2009-06-02 14:51 -------- d-----w- c:\program files\Alternative Software Ltd

2009-05-31 13:56 . 2009-05-31 13:56 -------- d-----w- c:\users\magda wladca.dvdcss

2009-05-25 19:07 . 2009-05-25 19:08 -------- d-----w- c:\users\magda wladca\allegro

2009-05-22 11:24 . 2009-05-22 11:24 -------- d-----w- c:\program files\Sega

2009-05-21 16:45 . 2009-05-21 16:45 -------- d-----w- c:\users\magda wladca\AppData\Local\Apps

2009-05-21 16:29 . 2009-05-21 16:29 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2009-05-21 16:07 . 2009-05-21 16:07 -------- d-----w- c:\program files\ESET

2009-05-21 15:46 . 2009-05-21 15:46 -------- d-----w- c:\users\magda wladca\AppData\Local\WindowsUpdate

2009-05-20 19:48 . 2009-03-27 00:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys

2009-05-20 19:48 . 2009-05-20 19:48 -------- d-----w- c:\program files\CPUID

2009-05-19 19:50 . 2009-05-19 19:50 -------- d-----w- c:\users\magda wladca\AppData\Local\PC_Drivers_Headquarters

2009-05-19 18:12 . 2009-06-10 22:01 2147016704 --sha-w- \hiberfil.sys

2009-05-19 16:54 . 2009-05-20 18:15 -------- d-----w- c:\users\magda wladca\AppData\Local\eSupport.com

2009-05-17 16:26 . 2009-05-17 16:27 -------- d-----w- c:\program files\Microsoft IntelliPoint

2009-05-17 16:24 . 2009-05-17 16:25 -------- d-----w- c:\program files\Microsoft IntelliType Pro

2009-05-17 15:23 . 2008-05-16 18:31 768544 ----a-w- c:\windows\system32\nvcplui.exe

2009-05-17 15:23 . 2008-05-16 18:31 313888 ----a-w- c:\windows\system32\nvexpbar.dll

2009-05-17 15:23 . 2008-05-16 18:31 1079840 ----a-w- c:\windows\system32\nvcpluir.dll

2009-05-17 15:22 . 2008-05-16 18:31 446464 ----a-w- c:\windows\system32\nvudisp.exe

2009-05-17 15:21 . 2008-05-16 10:48 446464 ----a-w- c:\windows\system32\NVUNINST.EXE

2009-05-17 15:15 . 2009-05-17 15:15 -------- d-sh–w- C:\found.002

2009-05-17 15:15 . 2009-05-17 15:15 -------- d-sh–w- \found.002

2009-05-17 15:09 . 2009-05-17 15:17 1356 ----a-w- c:\users\magda wladca\AppData\Local\d3d9caps.dat

2009-05-16 17:36 . 2009-05-16 17:36 -------- d-----w- c:\users\magda wladca\AppData\Roaming\ATI

2009-05-16 17:36 . 2009-05-16 17:36 -------- d-----w- c:\users\magda wladca\AppData\Local\ATI

2009-05-16 17:31 . 2009-05-16 17:31 0 ----a-w- c:\windows\ativpsrm.bin

2009-05-16 17:30 . 2009-02-04 05:02 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2009-05-16 17:29 . 2009-05-16 17:29 10134 ----a-r- c:\users\magda wladca\AppData\Roaming\Microsoft\Installer{DC5D5D1D-E60F-E748-01BD-4AB0278B5AA0}\ARPPRODUCTICON.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-10 22:01 . 2009-05-19 18:12 2147016704 --sha-w- \hiberfil.sys

2009-06-10 22:01 . 2009-02-10 03:23 2460819456 --sha-w- \pagefile.sys

2009-06-10 21:49 . 2009-02-11 19:57 -------- d-----w- c:\users\magda wladca\AppData\Roaming\Skype

2009-06-10 21:33 . 2009-02-11 19:47 -------- d-----w- c:\programdata\Lavasoft

2009-06-10 19:35 . 2009-05-10 16:36 -------- d-----w- c:\users\magda wladca\AppData\Roaming\IrfanView

2009-06-10 19:35 . 2009-02-13 14:08 -------- d-----w- c:\programdata\HP Product Assistant

2009-06-02 14:52 . 2009-02-15 19:29 -------- d–h--w- c:\program files\InstallShield Installation Information

2009-05-27 18:59 . 2009-02-11 20:12 15688 ----a-w- c:\windows\system32\lsdelete.exe

2009-05-22 18:30 . 2009-05-22 18:30 0 —ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-05-22 18:23 . 2009-02-11 19:25 78832 ----a-w- c:\users\magda wladca\AppData\Local\GDIPFONTCACHEV1.DAT

2009-05-17 16:31 . 2009-05-17 16:31 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2009-05-17 15:29 . 2009-05-02 21:33 -------- d-----w- c:\programdata\NVIDIA

2009-05-16 11:34 . 2009-05-08 12:36 -------- d-----w- c:\program files\Common Files\LogiShrd

2009-05-16 11:21 . 2009-05-08 12:36 -------- d-----w- c:\programdata\Logishrd

2009-05-14 08:40 . 2009-05-10 12:05 -------- d-----w- c:\programdata\Kodak

2009-05-13 12:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-05-13 10:52 . 2009-05-10 12:06 -------- d-----w- c:\program files\Kodak

2009-05-10 16:36 . 2009-05-10 16:36 -------- d-----w- c:\program files\IrfanView

2009-05-10 09:38 . 2009-05-08 12:43 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs

2009-05-09 19:06 . 2009-02-16 17:36 -------- d-----w- c:\program files\Common Files\InstallShield

2009-05-09 12:32 . 2009-05-09 12:30 -------- d-----w- c:\program files\Microsoft LifeCam

2009-05-08 19:23 . 2009-05-01 13:24 -------- d-----w- c:\users\magda wladca\AppData\Roaming\Samsung

2009-05-08 12:42 . 2009-05-08 12:42 -------- d-----w- c:\users\magda wladca\AppData\Roaming\Leadertech

2009-05-08 12:36 . 2009-05-08 12:36 -------- d-----w- c:\programdata\Logitech

2009-05-07 17:44 . 2009-05-07 17:44 -------- d-----w- c:\programdata\Zylom

2009-05-07 17:44 . 2009-05-07 17:44 -------- d-----w- c:\program files\Zylom Games

2009-05-07 16:26 . 2009-05-07 16:26 -------- d-----w- c:\program files\SystemRequirementsLab

2009-05-05 16:10 . 2009-05-05 16:10 -------- d-----w- c:\users\magda wladca\AppData\Roaming\HP

2009-05-02 19:52 . 2009-05-02 19:50 -------- d–h--w- c:\program files\Temp

2009-05-02 19:51 . 2009-05-02 19:51 319456 ----a-w- c:\windows\DIFxAPI.dll

2009-05-02 19:51 . 2009-05-02 19:51 -------- d-----w- c:\program files\Realtek

2009-05-02 17:55 . 2009-05-02 17:55 4570 ----a-w- c:\program files\Uninst.isu

2009-05-02 17:55 . 2009-05-02 17:55 202 ----a-w- c:\program files\UNINSTALL.INF

2009-05-02 17:55 . 2009-05-02 17:55 216 ----a-w- c:\program files\TLCRUN.INI

2009-05-01 13:22 . 2009-05-01 13:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2009-05-01 13:03 . 2009-02-12 14:27 -------- d-----w- c:\program files\Common Files\Adobe

2009-05-01 12:57 . 2009-05-01 12:57 -------- d-----w- c:\program files\Samsung

2009-04-27 10:18 . 2009-02-13 14:03 141228 ----a-w- c:\windows\hpoins14.dat

2009-04-22 19:02 . 2009-04-22 19:04 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-04-20 12:41 . 2009-04-19 12:59 -------- d-----w- c:\program files\BearShare Applications

2009-04-19 17:29 . 2009-04-19 12:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-04-19 13:25 . 2009-04-19 13:25 -------- d-----w- c:\program files\SkanerOnline

2009-04-19 12:16 . 2009-04-19 12:09 -------- d-----w- c:\users\magda wladca\AppData\Roaming\uTorrent

2009-04-16 16:23 . 2009-05-02 19:50 540672 ----a-w- c:\windows\RtlExUpd.dll

2009-04-14 15:32 . 2009-05-02 19:51 1784352 ----a-w- c:\windows\system32\WavesLib.dll

2009-04-14 15:31 . 2009-05-02 19:51 1123872 ----a-w- c:\windows\system32\RtkPgExt.dll

2009-04-14 15:31 . 2009-05-02 19:51 55840 ----a-w- c:\windows\system32\RtkCoInst.dll

2009-04-14 15:31 . 2009-05-02 19:51 326176 ----a-w- c:\windows\system32\RtkApoApi.dll

2009-04-14 15:31 . 2009-05-02 19:51 2529824 ----a-w- c:\windows\system32\RtkAPO.dll

2009-04-14 15:12 . 2009-05-02 19:51 2358560 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys

2009-04-13 16:36 . 2009-02-15 22:13 -------- d-----w- c:\program files\INTERIAPL

2009-03-27 09:03 . 2009-03-27 09:03 795104 ----a-w- c:\windows\system32\dpinst.exe

2009-03-25 14:06 . 2009-05-02 19:51 142848 ----a-w- c:\windows\system32\AERTACap.dll

2009-03-24 10:10 . 2009-05-07 17:44 114688 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

2009-03-22 19:33 . 2009-03-22 19:33 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2009-03-22 19:33 . 2009-03-22 19:33 8854 ----a-r- c:\users\magda wladca\AppData\Roaming\Microsoft\Installer{F7C1C17E-70E3-475F-BD52-EA554391F15D}\Uninstall_GameShadow_F7C1C17E70E3475FBD52EA554391F15D.exe

2009-03-22 19:33 . 2009-03-22 19:33 45056 ----a-r- c:\users\magda wladca\AppData\Roaming\Microsoft\Installer{F7C1C17E-70E3-475F-BD52-EA554391F15D}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe

2009-03-22 19:33 . 2009-03-22 19:33 45056 ----a-r- c:\users\magda wladca\AppData\Roaming\Microsoft\Installer{F7C1C17E-70E3-475F-BD52-EA554391F15D}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe

2009-03-22 19:33 . 2009-03-22 19:33 45056 ----a-r- c:\users\magda wladca\AppData\Roaming\Microsoft\Installer{F7C1C17E-70E3-475F-BD52-EA554391F15D}\ARPPRODUCTICON.exe

2009-03-17 03:38 . 2009-04-16 15:35 13824 ----a-w- c:\windows\system32\apilogen.dll

2009-03-17 03:38 . 2009-04-16 15:35 24064 ----a-w- c:\windows\system32\amxread.dll

2001-08-22 18:47 . 2009-05-02 17:55 487473 ----a-w- c:\program files\scooby.exe

2001-05-16 11:20 . 2009-05-02 17:55 57344 ----a-w- c:\program files\UNINSTALL.EXE

2000-09-01 14:22 . 2009-05-02 17:55 25196 ----a-w- c:\program files\object.ini

2000-07-11 13:14 . 2009-05-02 17:55 286208 ----a-w- c:\program files\binkw32.dll

1999-05-21 12:29 . 2009-05-02 17:55 21504 ----a-w- c:\program files\TLCRUN.EXE

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“swg”=“c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2009-03-03 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“EnableUIADesktopToggle”= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@=“Service”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@=“Service”

[HKLM~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

“EnableFirewall”= 0 (0x0)

“DisableUnicastResponsesToMulticastBroadcast”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

“TCP Query User{CBA96156-DD0B-44F6-9263-6FF073935FEF}d:\program files\huawei technologies\huawei umts data card\3 usb modem.exe”= UDP:d:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem

“UDP Query User{AA4A59D0-2EC1-49F8-A0F5-8F6F181B0F35}d:\program files\huawei technologies\huawei umts data card\3 usb modem.exe”= TCP:d:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem

“TCP Query User{FADC1AEF-3C5E-43E4-8FD2-C18580DAE78A}c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe”= UDP:c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem

“UDP Query User{88FCBD92-62F5-4CA0-8796-550ABFD283AC}c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe”= TCP:c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe:3 USB Modem

“TCP Query User{B99ACCA7-BFF5-4E71-9D45-D6B7EDCACB5A}d:\skype\phone\skype.exe”= UDP:d:\skype\phone\skype.exe:Skype

“UDP Query User{9B7D4783-F98F-4261-9C2E-3AD634F2C368}d:\skype\phone\skype.exe”= TCP:d:\skype\phone\skype.exe:Skype

“TCP Query User{15F4CEE4-3312-422B-818F-1E96305ED73F}d:\skype\phone\skype.exe”= UDP:d:\skype\phone\skype.exe:skype.exe

“UDP Query User{A84EE7DB-865D-4E54-8E17-F760DB7684F2}d:\skype\phone\skype.exe”= TCP:d:\skype\phone\skype.exe:skype.exe

“{16705AED-C95D-44EB-AAA8-E2AE9A6FFB81}”= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

“{64000EC6-E04A-48C6-B442-5A07DD1B27E5}”= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

“{ADC7E007-AFE8-46AC-99EF-5057B547CFCD}”= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

“{93B3F5E3-40D5-4FA6-BCC1-A9F78330E01A}”= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe

“{311B26D5-70B4-422E-9355-BB359B514777}”= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe

“{88E8BD17-9BA4-4633-B116-96F9BB9BDDEE}”= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe

“{24046821-0EF2-41D7-A68A-0F177573BE52}”= UDP:d:\program files\uTorrent.exe:µTorrent (TCP-In)

“{DDAA77D7-7151-4297-AF4A-041A4E4C61DD}”= TCP:d:\program files\uTorrent.exe:µTorrent (UDP-In)

“{CBA8F30C-9768-4822-8BC3-2AAC78A0458A}”= UDP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare

“{0CA612B3-CEF5-4A26-8342-027734EA9C31}”= TCP:c:\program files\BearShare Applications\BearShare\BearShare.exe:BearShare

“{69F0EC66-FBEB-4F49-BF99-F9259D7FAFFB}”= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

“{C73B2A91-3D19-4D8E-B12C-643CD7051267}”= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe

“{4A7A00C8-9E90-45F3-951B-DCFBE4E7D55B}”= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

“{63A67053-AE64-48B4-9743-B61D3D71BB42}”= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe

“TCP Query User{56B04AC4-C04F-46F8-A9AC-74AC30CBC56B}c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe”= UDP:c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe:Kodak Software Updater

“UDP Query User{6A85B810-CE50-4F74-919A-A51904C58C8C}c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe”= TCP:c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe:Kodak Software Updater

[HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

“EnableFirewall”= 0 (0x0)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [22/04/2009 20:04 64160]

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [06/02/2009 14:23 106208]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [06/02/2009 14:23 727720]

R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [06/02/2009 14:24 92800]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;“c:\program files\Lavasoft\Ad-Aware\AAWService.exe” --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]

S2 mks_services;mks_vir;“d:\program files\bin\mks_services.exe” --> d:\program files\bin\mks_services.exe [?]

S3 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [20/05/2009 20:48 12672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

“c:\windows\System32\rundll32.exe” “c:\windows\System32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP

.

Contents of the ‘Scheduled Tasks’ folder

2009-06-10 c:\windows\Tasks\User_Feed_Synchronization-{928A14A2-4C5D-4C40-BAF3-9ADE04E8771A}.job

  • c:\windows\system32\msfeedssync.exe [2009-04-08 11:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.onet.pl/

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

Trusted Zone: mks.com.pl

TCP: {5BE7CE20-F3F9-4C5C-8CF8-0F493CA04EA1} = 172.31.140.69 172.30.140.69

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow … ab_nvd.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-10 23:30

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

c:\users\MAGDAW~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully

hidden files: 1

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

“BlindDial”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

“BlindDial”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

“BlindDial”=dword:00000000

.

Completion time: 2009-06-10 23:31

ComboFix-quarantined-files.txt 2009-06-10 22:31

Pre-Run: 22,003,646,464 bytes free

Post-Run: 24,728,739,840 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4

236 — E O F — 2009-06-10 20:43

Dodane 11.06.2009 (Cz) 11:24

wkleiłam loga z combofixa czekam na jakąś opinie dzięki