Psuje się dźwięk

Dla specjalistów Bezpieczeństwo
#1

Witam.

Po włączeniu komputera po około pół godziny wyskakuje mi błąd systemu po czym zawsze ‘tracę’ dźwięk. teoretycznie mam wszystko sprawne wszystkie dźwięki systemowe (np jak przy włączaniu kompa) ale jeśli bym chciała włączyć film lub posłuchać muzyki w programie to nie ma właśnie dźwięku. Jeśli błąd wyskoczy w trakcie oglądania filmu lub słuchania muzyki to wszystko działa (jednak przy ponownym włączeniu tego samego filmu już nie ma dźwięku).

Komunikat z błędem:

http://img239.imageshack.us/img239/5136/taietam.jpg

http://wklej.org/hash/e1bcf95f30/

#2 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/intl/

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

Fix w HJT

Daj log z Combofix

#3

nie wiem czy to o to chodzi… ale proszę bardzo

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:38:24, on 2009-05-05

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\MATLAB71\bin\win32\MATLAB.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

C:\WINDOWS\V0220Mon.exe

C:\Program Files\Creative\Shared Files\CTSched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\DOCUME~1\ULA\USTAWI~1\Temp\RtkBtMnt.exe

C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\ULA\Pulpit\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/intl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.1:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM…\Run: [VirtualCloneDrive] “C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe” /s

O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM…\Run: [NBKeyScan] “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”

O4 - HKLM…\Run: [iSTray] “C:\Program Files\Spyware Doctor\pctsTray.exe”

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM…\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe

O4 - HKLM…\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe

O4 - HKLM…\Run: [CreativeTaskScheduler] “C:\Program Files\Creative\Shared Files\CTSched.exe” /logon

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe

O4 - HKCU…\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” ASO-616B5711-6DAE-4795-A05F-39A1E5104020

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [Creative Live! Cam Manager] “C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe”

O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

End of file - 6647 bytes

#4

Miałaś usunąć podane wpisy w HJT, ale tego nie zrobiłaś, więc po kolei:

Uruchom HijackThis :arrow: Do a system scan only :arrow: zaznacz kratki przy podanych niżej wpisach :arrow: Naciśnij “Fix checked”:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/intl/

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

Daj log z Combofix - bezpośredni link do programu. Podczas pobierania i skanu Combofixem wyłącz antywirusa i zapore :!:

#5

ComboFix 09-05-04.A3 - ULA 2009-05-05 20:17.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1014.460 [GMT 2:00]

Uruchomiony z: c:\documents and settings\ULA\Pulpit\ComboFix.exe

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)

FW: Norton AntiVirus *enabled*

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

.

((((((((((((((((((((((((( Pliki utworzone od 2009-04-05 do 2009-05-05 )))))))))))))))))))))))))))))))

.

2009-05-04 19:03 . 2009-05-04 19:03 -------- d-----w c:\documents and settings\ULA\Dane aplikacji\Creative

2009-05-04 18:57 . 1999-10-11 01:00 41984 ------w c:\windows\Ctregrun.exe

2009-05-04 18:57 . 2008-04-13 22:09 5504 -c–a-w c:\windows\system32\dllcache\mstee.sys

2009-05-04 18:57 . 2008-04-13 22:09 5504 ----a-w c:\windows\system32\drivers\MSTEE.sys

2009-05-04 18:57 . 2008-04-13 22:16 10880 -c–a-w c:\windows\system32\dllcache\ndisip.sys

2009-05-04 18:57 . 2008-04-13 22:16 10880 ----a-w c:\windows\system32\drivers\NdisIP.sys

2009-05-04 18:57 . 2008-04-13 22:16 15232 -c–a-w c:\windows\system32\dllcache\streamip.sys

2009-05-04 18:57 . 2008-04-13 22:16 15232 ----a-w c:\windows\system32\drivers\StreamIP.sys

2009-05-04 18:57 . 2008-04-13 22:16 11136 -c–a-w c:\windows\system32\dllcache\slip.sys

2009-05-04 18:57 . 2008-04-13 22:16 11136 ----a-w c:\windows\system32\drivers\SLIP.sys

2009-05-04 18:54 . 2003-03-19 05:19 1060864 ------w c:\windows\system32\MFC71.DLL

2009-05-04 18:52 . 2009-05-04 19:07 -------- d-----w c:\program files\Creative

2009-05-04 13:46 . 2009-03-18 19:51 49152 ----a-w c:\windows\system32\ChCfg.exe

2009-05-04 13:45 . 2009-03-18 19:51 86016 ----a-w c:\windows\SoundMan.exe

2009-05-04 13:45 . 2009-03-18 19:51 1826816 ----a-w c:\windows\SkyTel.exe

2009-05-04 13:45 . 2009-03-18 19:51 1191936 ----a-w c:\windows\RtlUpd.exe

2009-05-04 13:45 . 2009-03-18 19:51 9715200 ----a-w c:\windows\RTLCPL.exe

2009-05-04 13:45 . 2009-03-18 19:51 4424192 ----a-w c:\windows\system32\drivers\RtkHDAud.sys

2009-05-04 13:45 . 2009-03-18 19:51 16132608 ----a-w c:\windows\RTHDCPL.exe

2009-05-04 13:45 . 2009-03-18 19:51 2162688 ----a-w c:\windows\MicCal.exe

2009-05-04 13:45 . 2009-03-18 19:51 2808832 ----a-w c:\windows\alcwzrd.exe

2009-05-04 13:45 . 2009-03-18 19:51 69632 ----a-w c:\windows\Alcmtr.exe

2009-05-04 13:45 . 2009-05-04 13:45 -------- d-----w c:\program files\Realtek

2009-05-04 13:44 . 2009-03-18 19:51 520192 ----a-w c:\windows\RtlExUpd.dll

2009-04-22 08:35 . 2009-04-22 08:35 56 —ha-w c:\windows\system32\ezsidmv.dat

2009-04-22 08:35 . 2009-05-05 15:54 -------- d-----w c:\documents and settings\ULA\Dane aplikacji\skypePM

2009-04-22 08:30 . 2009-05-05 17:54 -------- d-----w c:\documents and settings\ULA\Dane aplikacji\Skype

2009-04-22 08:30 . 2009-04-22 08:30 -------- d-----w c:\program files\Common Files\Skype

2009-04-22 08:30 . 2009-04-22 08:30 -------- d-----r c:\program files\Skype

2009-04-22 08:29 . 2009-04-22 08:30 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype

2009-04-12 14:16 . 2009-04-12 14:16 -------- d-----w c:\documents and settings\ULA\Ustawienia lokalne\Dane aplikacji\Ares

2009-04-12 14:16 . 2009-04-12 14:16 -------- d-----w c:\program files\Ares

2009-04-08 14:19 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys

2009-04-08 14:19 . 2009-03-06 14:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys

2009-04-08 14:19 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys

2009-04-08 14:19 . 2009-04-08 14:20 -------- d-----w c:\program files\Common Files\PC Tools

2009-04-08 14:19 . 2008-12-10 10:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys

2009-04-08 14:19 . 2009-04-14 09:37 -------- d-----w c:\program files\Spyware Doctor

2009-04-08 14:19 . 2009-04-08 14:19 -------- d-----w c:\documents and settings\ULA\Dane aplikacji\PC Tools

2009-04-08 14:19 . 2009-04-08 14:19 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Tools

2009-04-08 10:26 . 2009-04-08 10:26 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\2DBoy

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-05 17:56 . 2001-10-26 18:15 75684 ----a-w c:\windows\system32\perfc015.dat

2009-05-05 17:56 . 2001-10-26 18:15 451590 ----a-w c:\windows\system32\perfh015.dat

2009-05-04 18:58 . 2009-03-18 19:51 -------- d–h--w c:\program files\InstallShield Installation Information

2009-05-04 18:56 . 2009-03-18 19:51 -------- d-----w c:\program files\Common Files\InstallShield

2009-04-08 20:40 . 2009-03-25 17:08 -------- d-----w c:\program files\OrCAD_Demo

2009-03-29 10:24 . 2009-03-19 18:08 -------- d-----w c:\program files\BearShare Applications

2009-03-28 14:34 . 2009-03-21 14:18 -------- d-----w c:\program files\Common Files\Symantec Shared

2009-03-21 14:14 . 2009-03-21 14:14 -------- d-----w c:\program files\NeroInstall.bak

2009-03-21 14:12 . 2009-03-21 14:09 -------- d-----w c:\program files\Common Files\Nero

2009-03-21 14:09 . 2009-03-21 14:09 -------- d-----w c:\program files\Nero

2009-03-20 10:13 . 2009-03-20 10:13 -------- d-----w c:\program files\Real Alternative

2009-03-19 09:02 . 2009-03-19 08:52 -------- d-----w c:\program files\MATLAB71

2009-03-19 08:38 . 2009-03-19 08:38 -------- d-----w c:\program files\Atheros

2009-03-19 08:36 . 2009-03-19 08:36 290816 ----a-w c:\windows\system32\drivers\tifm21.sys

2009-03-18 22:09 . 2009-03-18 15:18 68456 ----a-w c:\documents and settings\ULA\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-03-18 22:04 . 2009-03-18 22:04 -------- d-----w c:\program files\Tlen.pl

2009-03-18 20:17 . 2009-03-18 20:17 -------- d-----w c:\program files\Common Files\Adobe AIR

2009-03-18 20:16 . 2009-03-18 20:16 -------- d-----w c:\program files\Common Files\Adobe

2009-03-18 19:52 . 2009-03-18 19:52 315392 ----a-w c:\windows\HideWin.exe

2009-03-18 19:51 . 2009-03-18 19:51 -------- d-----w c:\program files\Hewlett-Packard

2009-03-18 16:16 . 2009-03-18 16:16 -------- d-----w c:\program files\Elaborate Bytes

2009-03-18 16:13 . 2009-03-18 16:13 0 ----a-w c:\windows\nsreg.dat

2009-03-18 16:05 . 2009-03-18 15:54 -------- d-----w c:\program files\SubEdit-Player

2009-03-18 16:00 . 2009-03-18 15:59 -------- d-----w c:\program files\K-Lite Codec Pack

2009-03-18 15:43 . 2009-03-18 15:43 -------- d-----w c:\program files\Broadcom

2009-03-18 15:32 . 2009-03-18 15:32 -------- d-----w c:\program files\Intel

2009-03-18 15:30 . 2009-03-18 15:30 -------- d-----w c:\program files\Microsoft Works

2009-03-18 15:29 . 2009-03-18 15:29 -------- d-----w c:\program files\MSBuild

2009-03-18 11:38 . 2009-05-05 15:37 187766 ----a-w c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1045.dat

2009-03-18 11:37 . 2009-03-18 11:12 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-03-18 11:13 . 2009-03-18 11:13 -------- d-----w c:\program files\microsoft frontpage

2009-03-18 11:12 . 2001-07-22 00:36 67 --sha-w c:\windows\Fonts\desktop.ini

2009-03-18 11:11 . 2009-03-18 11:11 -------- d-----w c:\program files\Usługi online

2009-03-18 11:09 . 2009-03-18 11:09 21856 ----a-w c:\windows\system32\emptyregdb.dat

2009-03-12 15:30 . 2009-03-12 15:30 142504 ----a-w c:\windows\system32\ElbyVCD.dll

2009-03-02 11:41 . 2009-03-02 11:41 29184 ----a-w c:\windows\system32\drivers\VClone.sys

2009-02-17 17:11 . 2009-02-17 17:11 24232 ----a-w c:\windows\system32\drivers\ElbyCDIO.sys

2009-02-17 13:33 . 2009-02-17 13:33 89256 ----a-w c:\windows\system32\ElbyCDIO.dll

2009-02-09 18:56 . 2009-03-18 15:59 67584 ----a-w c:\windows\system32\ff_vfw.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]

2008-09-02 14:05 398776 ----a-w c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

“Komunikator”=“c:\program files\Tlen.pl\tlen.exe” [2009-01-17 5853672]

“IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe” [2008-02-28 1828136]

“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2009-03-27 24103720]

“Creative Live! Cam Manager”=“c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe” [2006-05-31 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-26 31016]

“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-27 35696]

“IgfxTray”=“c:\windows\system32\igfxtray.exe” [2009-03-19 142104]

“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2009-03-19 162584]

“Persistence”=“c:\windows\system32\igfxpers.exe” [2009-03-19 138008]

“VirtualCloneDrive”=“c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe” [2009-01-29 52392]

“NeroFilterCheck”=“c:\program files\Common Files\Nero\Lib\NeroCheck.exe” [2008-02-28 570664]

“NBKeyScan”=“c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [2008-02-18 2221352]

“AzMixerSel”=“c:\program files\Realtek\InstallShield\AzMixerSel.exe” [2009-03-18 53248]

“AVFX Engine”=“c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe” [2006-06-08 24576]

“V0220Mon.exe”=“c:\windows\V0220Mon.exe” [2006-06-28 32768]

“CreativeTaskScheduler”=“c:\program files\Creative\Shared Files\CTSched.exe” [2006-01-09 53340]

“RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.exe [2009-03-18 16132608]

c:\documents and settings\ULA\Menu Start\Programy\Autostart\

Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=

“c:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=

“c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“c:\Program Files\Skype\Phone\Skype.exe”=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-08 130424]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-04-08 348752]

S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\drivers\V0220Dev.sys [2009-05-04 146112]

S3 V0220Vfx;V0220VFX;c:\windows\system32\drivers\V0220Vfx.sys [2009-05-04 6272]

— Inne Usługi/Sterowniki w Pamięci —

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]

\Shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{00876077-247e-11de-b9ce-001d7208ce04}]

\Shell\AutoRun\command - t.com

\Shell\explore\Command - t.com

\Shell\open\Command - t.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{0087607c-247e-11de-b9ce-001d7208ce04}]

\Shell\AutoRun\command - t.com

\Shell\explore\Command - t.com

\Shell\open\Command - t.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{d178b4dd-38de-11de-b9ec-001d7208ce04}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL explore.exe

.

.

------- Skan uzupełniający -------

.

uInternet Settings,ProxyServer = 192.168.1.1:3128

IE: Eksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\ULA\Dane aplikacji\Mozilla\Firefox\Profiles\k6rhpr4j.default\

FF - prefs.js: browser.startup.homepage - www.google.pl

FF - prefs.js: network.proxy.ftp - 192.168.1.1

FF - prefs.js: network.proxy.ftp_port - 3128

FF - prefs.js: network.proxy.gopher - 192.168.1.1

FF - prefs.js: network.proxy.gopher_port - 3128

FF - prefs.js: network.proxy.http - 192.168.1.1

FF - prefs.js: network.proxy.http_port - 3128

FF - prefs.js: network.proxy.socks - 192.168.1.1

FF - prefs.js: network.proxy.socks_port - 3128

FF - prefs.js: network.proxy.ssl - 192.168.1.1

FF - prefs.js: network.proxy.ssl_port - 3128

FF - prefs.js: network.proxy.type - 1

FF - component: c:\program files\Mozilla Firefox\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-05 20:19

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

              • ‘explorer.exe’(2552)

c:\program files\Tlen.pl\hook.dll

.

Czas ukończenia: 2009-05-05 20:20

ComboFix-quarantined-files.txt 2009-05-05 18:20

Przed: 10 228 244 480 bajtów wolnych

Po: 11 394 236 416 bajtów wolnych

195