Zawirusowany komp+restart zakonczony kodem stanu 1073741819

Dla specjalistów Bezpieczeństwo
#1

Co jakis czas pokazuje mi się komunikat, że za minutę komputer zostanie wylaczony. c:\windows system 32\services.exe został nieoczekiwanie zakonczony kodem stanu 1073741819. Poza tym Avast wskazuje wirusy z ktorymi nie moge sobie poradzic. Jestem opornym użytkownikiem, wiec jesli ktos bylby tak mily to prosze o mozliwie jasne wyjasnienie jak mam dalej postepowac

Logfile of HijackThis v1.99.1

Scan saved at 21:34:08, on 2007-07-10

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\FixCamera.exe

C:\WINDOWS\tsnp325.exe

C:\WINDOWS\vsnp325.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\KASIA\USTAWI~1\Temp\Rar$EX00.891\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - Default URLSearchHook is missing

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [FixCamera] C:\WINDOWS\FixCamera.exe

O4 - HKLM…\Run: [tsnp325] C:\WINDOWS\tsnp325.exe

O4 - HKLM…\Run: [snp325] C:\WINDOWS\vsnp325.exe

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [updateMgr] “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1

O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#2

Pobierz Windows Worms Doors Cleaner, ustaw znaczki na zielono, Netbios może być na żółto.

Po użyciu narzędzia wymagany jest restart.

Usuń w HijackThis.

Daj log ComboFix.

#3

Usunelam wpis i załączam loga z Combofix:

“KASIA” - 2007-07-11 22:41:05 - ComboFix 07-07-10.1 - Dodatek Service Pack 2

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\svchost.exe

C:\WINDOWS\system32\xpdx.sys

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\xpdx

((((((((((((((((((((((((( Files Created from 2007-06-11 to 2007-07-11 )))))))))))))))))))))))))))))))

2007-07-11 22:39 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-11 20:33

2007-07-10 13:40 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-07-10 13:40

2007-07-10 13:40

2007-07-10 13:40

2007-07-10 13:40

2007-07-10 13:40

2007-07-10 13:40

2007-07-10 13:40

2007-07-09 22:57

2007-07-09 22:56

2007-07-09 22:56

2007-07-09 22:56

2007-07-09 22:37 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-07-09 22:37 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-07-09 22:37 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-07-09 22:37 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2007-07-09 22:37

2007-07-09 22:37

2007-07-09 21:57 0 --a------ C:\WINDOWS\nsreg.dat

2007-07-09 21:55 3,424 --a------ C:\WINDOWS\mozver.dat

2007-07-09 21:54

2007-07-09 21:53

2007-07-09 21:53

2007-07-09 21:47

2007-07-09 21:40

2007-07-09 21:29

2007-07-09 21:28

2007-07-09 21:24 982 --a------ C:\WINDOWS\unins000.dat

2007-07-09 18:15

2007-07-09 16:17

2007-07-09 14:07

2007-07-08 00:04

2007-07-07 12:02

2007-07-07 11:56

2007-07-07 11:35

2007-07-07 11:32

2007-07-07 11:29

2007-07-07 11:28

2007-07-07 11:28

2007-07-07 09:34

2007-07-07 00:31

2007-07-07 00:28

2007-07-07 00:26

2007-07-06 23:21 90,112 --a------ C:\WINDOWS\system32\NCTAudioFormatSettings3.dll

2007-07-06 23:21 86,016 --a------ C:\WINDOWS\system32\AddiTunes.exe

2007-07-06 23:21 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll

2007-07-06 23:21 780,288 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll

2007-07-06 23:21 778,240 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll

2007-07-06 23:21 764,416 --a------ C:\WINDOWS\system32\NCTRMFile.dll

2007-07-06 23:21 626,688 --a------ C:\WINDOWS\system32\NCTImageFile.dll

2007-07-06 23:21 61,440 --a------ C:\WINDOWS\system32\cygz.dll

2007-07-06 23:21 495,104 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll

2007-07-06 23:21 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2007-07-06 23:21 4,755,968 --a------ C:\WINDOWS\system32\apexconverter.exe

2007-07-06 23:21 398,798 --a------ C:\WINDOWS\system32\apexpmp.exe

2007-07-06 23:21 382,464 --a------ C:\WINDOWS\system32\NCTAVIFile.dll

2007-07-06 23:21 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2007-07-06 23:21 312,320 --a------ C:\WINDOWS\system32\NCTVideoView.dll

2007-07-06 23:21 3,138,048 --a------ C:\WINDOWS\system32\apexxbox.exe

2007-07-06 23:21 249,856 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll

2007-07-06 23:21 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll

2007-07-06 23:21 215,552 --a------ C:\WINDOWS\system32\NCTWMVFile.dll

2007-07-06 23:21 2,846,720 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll

2007-07-06 23:21 188,416 --a------ C:\WINDOWS\system32\NCTVideoFile.dll

2007-07-06 23:21 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll

2007-07-06 23:21 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll

2007-07-06 23:21 120,320 --a------ C:\WINDOWS\system32\apexchanger.exe

2007-07-06 23:21 109,568 --a------ C:\WINDOWS\system32\apex3gp.exe

2007-07-06 23:21 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll

2007-07-06 23:21 1,295,582 --a------ C:\WINDOWS\system32\cygwin1.dll

2007-07-06 23:21

2007-07-06 23:21

2007-07-05 18:12

2007-07-05 17:28

2007-07-05 17:13 87,608 --a------ C:\DOCUME~1\KASIA\DANEAP~1\inst.exe

2007-07-05 17:13 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys

2007-07-05 17:13 47,360 --a------ C:\DOCUME~1\KASIA\DANEAP~1\pcouffin.sys

2007-07-05 17:13

2007-07-05 17:13

2007-07-05 16:54

2007-07-05 11:31

2007-07-05 09:35

2007-07-03 19:10 132,904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys

2007-07-03 19:10 11,304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys

2007-06-30 19:00

2007-06-30 17:18

2007-06-30 14:33 304,128 --a------ C:\WINDOWS\IsUninst.exe

2007-06-30 14:33

2007-06-30 11:07

2007-06-28 12:20

2007-06-28 11:43

2007-06-27 23:02 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys

2007-06-27 23:02 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2007-06-27 23:02 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2007-06-27 23:02 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS

2007-06-27 23:02 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys

2007-06-27 23:02 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys

2007-06-27 23:02 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-28 08:39:49 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-06-28 08:39:49 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-06-24 21:00:47 -------- d-----w C:\Program Files\Usługi online

2007-05-16 07:18:44 95,864 ----a-w C:\WINDOWS\system32\NeroCo.dll

2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-23 14:42:50 972,336 ----a-w C:\WINDOWS\UNRecode.exe

2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

2007-06-08 15:18 976424 --a------ C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” []

“SoundMan”=“SOUNDMAN.EXE” [2004-11-15 12:20 C:\WINDOWS\SOUNDMAN.EXE]

“nwiz”=“nwiz.exe” [2005-12-14 16:51 C:\WINDOWS\system32\nwiz.exe]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” []

“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 15:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24]

“updateMgr”=“C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” [2006-03-30 16:45]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-27 19:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

“5T19I3B27A”=C:\WINDOWS\svchost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

AutoRun\command- E:\Go.exe

Contents of the ‘Scheduled Tasks’ folder

2007-07-03 16:59:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-11 22:43:44

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-11 22:44:49 - machine was rebooted

C:\ComboFix-quarantined-files.txt … 2007-07-11 22:44

— E O F —

#4

C:\Program Files\ AskTBar

Usuń folder.

Do notatnika wklej:

Plik > zapisz jako > zmień rozszerzenie z .txt na wszystkie pliki > zapisz pod nazwą Fix.reg np na

pulpicie > dwuklik na Fix.reg > potwierdzasz > restart.

Czyszczenie rejestru - jv16 PowerTools 2006 1.5.2.350

Czy jeszcze się coś pokazuje?

#5

Myslem ze powinno byc oki…poki co nic nie wyskakuje.Wielka dziekuwa za pomoc :smiley:

#6

Nowy log do kontroli :wink:

#7

log z hijjacka :slight_smile:

Logfile of HijackThis v1.99.1

Scan saved at 18:39:03, on 2007-07-12

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\KASIA\USTAWI~1\Temp\Rar$EX00.234\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [updateMgr] “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1

O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Złączono Posta : 12.07.2007 (Czw) 18:45

A tu z combofixa :lol:

“KASIA” - 2007-07-12 18:41:46 - ComboFix 07-07-10.1 - Dodatek Service Pack 2

((((((((((((((((((((((((( Files Created from 2007-06-12 to 2007-07-12 )))))))))))))))))))))))))))))))

2007-07-11 22:39 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-07-11 20:33

2007-07-10 13:40 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT

2007-07-10 13:40

2007-07-10 13:40

2007-07-10 13:40

2007-07-10 13:40

2007-07-10 13:40

2007-07-10 13:40

2007-07-10 13:40

2007-07-09 22:57

2007-07-09 22:56

2007-07-09 22:56

2007-07-09 22:56

2007-07-09 22:37 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2007-07-09 22:37 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2007-07-09 22:37 43,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys

2007-07-09 22:37 129,784 --------- C:\WINDOWS\system32\pxafs.dll

2007-07-09 22:37

2007-07-09 22:37

2007-07-09 21:57 0 --a------ C:\WINDOWS\nsreg.dat

2007-07-09 21:55 3,424 --a------ C:\WINDOWS\mozver.dat

2007-07-09 21:54

2007-07-09 21:53

2007-07-09 21:53

2007-07-09 21:47

2007-07-09 21:40

2007-07-09 21:29

2007-07-09 21:28

2007-07-09 21:24 982 --a------ C:\WINDOWS\unins000.dat

2007-07-09 18:15

2007-07-09 16:17

2007-07-09 14:07

2007-07-08 00:04

2007-07-07 12:02

2007-07-07 11:56

2007-07-07 11:35

2007-07-07 11:32

2007-07-07 11:29

2007-07-07 11:28

2007-07-07 11:28

2007-07-07 09:34

2007-07-07 00:31

2007-07-07 00:28

2007-07-06 23:21 90,112 --a------ C:\WINDOWS\system32\NCTAudioFormatSettings3.dll

2007-07-06 23:21 86,016 --a------ C:\WINDOWS\system32\AddiTunes.exe

2007-07-06 23:21 81,920 --a------ C:\WINDOWS\system32\viscomwave.dll

2007-07-06 23:21 780,288 --a------ C:\WINDOWS\system32\NCTVideoCompress.dll

2007-07-06 23:21 778,240 --a------ C:\WINDOWS\system32\NCTAudioCompress2.dll

2007-07-06 23:21 764,416 --a------ C:\WINDOWS\system32\NCTRMFile.dll

2007-07-06 23:21 626,688 --a------ C:\WINDOWS\system32\NCTImageFile.dll

2007-07-06 23:21 61,440 --a------ C:\WINDOWS\system32\cygz.dll

2007-07-06 23:21 495,104 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll

2007-07-06 23:21 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll

2007-07-06 23:21 4,755,968 --a------ C:\WINDOWS\system32\apexconverter.exe

2007-07-06 23:21 398,798 --a------ C:\WINDOWS\system32\apexpmp.exe

2007-07-06 23:21 382,464 --a------ C:\WINDOWS\system32\NCTAVIFile.dll

2007-07-06 23:21 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll

2007-07-06 23:21 312,320 --a------ C:\WINDOWS\system32\NCTVideoView.dll

2007-07-06 23:21 3,138,048 --a------ C:\WINDOWS\system32\apexxbox.exe

2007-07-06 23:21 249,856 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll

2007-07-06 23:21 237,568 --a------ C:\WINDOWS\system32\lame_enc.dll

2007-07-06 23:21 215,552 --a------ C:\WINDOWS\system32\NCTWMVFile.dll

2007-07-06 23:21 2,846,720 --a------ C:\WINDOWS\system32\NCTAudioCompress3.dll

2007-07-06 23:21 188,416 --a------ C:\WINDOWS\system32\NCTVideoFile.dll

2007-07-06 23:21 147,456 --a------ C:\WINDOWS\system32\viscomqtenc.dll

2007-07-06 23:21 139,264 --a------ C:\WINDOWS\system32\viscomqtde.dll

2007-07-06 23:21 120,320 --a------ C:\WINDOWS\system32\apexchanger.exe

2007-07-06 23:21 109,568 --a------ C:\WINDOWS\system32\apex3gp.exe

2007-07-06 23:21 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll

2007-07-06 23:21 1,295,582 --a------ C:\WINDOWS\system32\cygwin1.dll

2007-07-06 23:21

2007-07-06 23:21

2007-07-05 18:12

2007-07-05 17:28

2007-07-05 17:13 87,608 --a------ C:\DOCUME~1\KASIA\DANEAP~1\inst.exe

2007-07-05 17:13 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys

2007-07-05 17:13 47,360 --a------ C:\DOCUME~1\KASIA\DANEAP~1\pcouffin.sys

2007-07-05 17:13

2007-07-05 17:13

2007-07-05 16:54

2007-07-05 11:31

2007-07-05 09:35

2007-07-03 19:10 132,904 --a------ C:\WINDOWS\system32\drivers\imagesrv.sys

2007-07-03 19:10 11,304 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys

2007-06-30 19:00

2007-06-30 17:18

2007-06-30 14:33 304,128 --a------ C:\WINDOWS\IsUninst.exe

2007-06-30 14:33

2007-06-30 11:07

2007-06-28 12:20

2007-06-28 11:43

2007-06-27 23:02 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys

2007-06-27 23:02 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll

2007-06-27 23:02 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys

2007-06-27 23:02 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS

2007-06-27 23:02 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys

2007-06-27 23:02 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys

2007-06-27 23:02 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys

2007-06-27 23:02 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-28 08:39:49 49,492 ----a-w C:\WINDOWS\system32\perfc015.dat

2007-06-28 08:39:49 355,486 ----a-w C:\WINDOWS\system32\perfh015.dat

2007-06-24 21:00:47 -------- d-----w C:\Program Files\Usługi online

2007-05-16 07:18:44 95,864 ----a-w C:\WINDOWS\system32\NeroCo.dll

2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll

2007-04-23 14:42:50 972,336 ----a-w C:\WINDOWS\UNRecode.exe

2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll

2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

2007-06-08 15:18 976424 --a------ C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” []

“SoundMan”=“SOUNDMAN.EXE” [2004-11-15 12:20 C:\WINDOWS\SOUNDMAN.EXE]

“nwiz”=“nwiz.exe” [2005-12-14 16:51 C:\WINDOWS\system32\nwiz.exe]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-04-30 17:42]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” []

“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 15:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44]

“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24]

“updateMgr”=“C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” [2006-03-30 16:45]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-27 19:03]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

AutoRun\command- E:\Go.exe

Contents of the ‘Scheduled Tasks’ folder

2007-07-03 16:59:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-07-12 18:42:42

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-07-12 18:43:28

C:\ComboFix-quarantined-files.txt … 2007-07-12 18:43

C:\ComboFix2.txt … 2007-07-11 22:44

— E O F —

#8

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Już jest OK

#9

Jeszcze raz wielgachne dzieki,pozdrawiam :smiley: