Marooooo utworzono 15 grudnia 2008 utworzono 15 grudnia 2008 Witam. Chciałbym aby ktoś z Was sprawdził czy u mnie na kompie nie znajduje się jakiś wirus. Program antywirusowy, który mam to Avast Home Edition 4.8 Dzisiaj włączyłem kompa i Avast wyktył mi niby jakiegoś rootkita, od razu go usunąłem. Po ponownym uruchomieniu wyskoczyło mi jakieś okienko, coś na temat, że może być problem z Win XP SP 2 (bo takiego posiadam). Było coś napisane, że chce płyte Windowsa, a ja dałem na NIE. Zapomniałem zrobić screena ;/. Ale po ponownym uruchomieniu już było wszystko ok. Żadnych dziwnych komunikatów. Postępuję według tych tematów: http://www.forumpc.pl/index.php?showtopic=11018 http://www.forumpc.pl/index.php?showtopic=11017 Proszę o sprawdzenie następujących logów: HijackThis Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:28:12, on 2008-12-15Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Programy\Avast4\aswUpdSv.exeC:\Programy\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Programy\Avast4\ashDisp.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\Programy\DAEMON Tools Pro\DTProAgent.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\VDOTool\TBPanel.exeC:\Programy\Konnekt\konnekt.exeC:\Programy\PowerISO\PWRISOVM.EXEC:\xampp\apache\bin\apache.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Programy\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\xampp\mysql\bin\mysqld-nt.exeC:\WINDOWS\system32\nvsvc32.exeC:\xampp\apache\bin\apache.exeC:\Programy\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Programy\Avast4\ashMaiSv.exeC:\Programy\Avast4\ashWebSv.exeC:\Programy\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programy\SPYBOT~1\SDHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programy\PowerISO\1\PWRISOVM.EXEO4 - HKLM\..\Run: [avast!] C:\Programy\Avast4\ashDisp.exeO4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [ODSPConfig] C:\Programy\ODSP\ODSPConfig.exeO4 - HKLM\..\Run: [iSUSPM] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -schedulerO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programy\DAEMON Tools Pro\DTProAgent.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [TBPanel] C:\Program Files\VDOTool\TBPanel.exe /AO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Skrót do konnekt.lnk = C:\Programy\Konnekt\konnekt.exeO4 - Startup: Skrót do PWRISOVM.lnk = C:\Programy\PowerISO\PWRISOVM.EXEO8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Programy\Oprogramowanie interfejsu Bluetooth\btsendto_ie_ctx.htmO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\Visio 2003 PL\OFFICE11\REFIEBAR.DLL (file missing)O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programy\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programy\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htmO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programy\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Programy\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programy\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Programy\Avast4\ashWebSv.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programy\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeO23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exeO23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: ODSP Host Service (ODSP Host) - Unknown owner - C:\Programy\ODSP\ODSPHost_NT.exe (file missing)O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe--End of file - 7641 bytes ComboFix ComboFix 08-12-15.01 - MARO 2008-12-15 23:40:09.1 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.2047.1533 [GMT 1:00]Uruchomiony z: c:\documents and settings\MARO\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].[i] ADS - system32: deleted 13485019 bytes in 1 streams. [/i]((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\mdm.exe.((((((((((((((((((((((((( Pliki utworzone od 2008-11-15 do 2008-12-15 ))))))))))))))))))))))))))))))).2008-12-14 17:36 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll2008-12-14 17:36 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll2008-12-14 17:36 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll2008-12-14 17:36 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll2008-12-14 17:36 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll2008-12-14 17:36 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll2008-12-14 17:36 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll2008-12-14 16:48 . 2008-12-14 16:48 1,700,352 --a------ c:\windows\system32\gdiplus.dll2008-12-10 13:45 . 2008-10-03 11:17 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll2008-12-06 14:53 . 2008-12-06 14:53 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE2008-12-04 17:46 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll2008-11-29 16:29 . 2008-11-29 16:29 <DIR> d-------- c:\program files\Windows Media Connect 22008-11-29 16:29 . 2006-10-04 15:06 1,197,294 -----c--- c:\windows\system32\dllcache\sysmain.sdb2008-11-29 16:29 . 2006-10-04 15:06 764,868 -----c--- c:\windows\system32\dllcache\apph_sp.sdb2008-11-29 16:29 . 2006-10-04 15:06 217,118 -----c--- c:\windows\system32\dllcache\apphelp.sdb2008-11-29 16:28 . 2008-11-29 16:29 <DIR> d-------- c:\windows\system32\drivers\UMDF2008-11-23 18:57 . 2008-11-23 18:57 <DIR> d-------- c:\windows\NV9803532.TMP2008-11-23 18:57 . 2006-07-11 14:38 1,160,448 -ra------ c:\windows\system32\drivers\nvnrm.sys2008-11-23 18:57 . 2006-07-11 14:37 261,632 -ra------ c:\windows\system32\drivers\nvsnpu.sys2008-11-23 18:57 . 2006-06-29 08:40 208,896 --a------ c:\windows\system32\nvunrm.exe2008-11-23 18:57 . 2006-07-11 14:36 201,728 -ra------ c:\windows\system32\fdco1.dll2008-11-23 18:57 . 2006-07-11 14:38 110,592 -ra------ c:\windows\system32\drivers\nvtcp.sys2008-11-23 18:57 . 2006-07-11 14:38 57,856 -ra------ c:\windows\system32\drivers\NVENETFD.sys2008-11-23 18:57 . 2006-06-29 08:40 35,840 -ra------ c:\windows\system32\nvconrm.dll2008-11-23 18:57 . 2006-07-11 14:38 20,480 -ra------ c:\windows\system32\drivers\nvnetbus.sys2008-11-23 18:57 . 2006-07-11 14:36 11,264 -ra------ c:\windows\system32\bdco1.dll2008-11-23 18:57 . 2006-06-01 08:32 3,903 --a------ c:\windows\system32\nvnrm.nvu2008-11-23 18:45 . 2008-11-23 18:45 <DIR> d-------- c:\windows\nview2008-11-23 18:45 . 2008-11-12 14:54 453,152 --a------ c:\windows\system32\nvudisp.exe2008-11-23 18:45 . 2008-12-15 23:14 203,188 --a------ c:\windows\system32\nvapps.xml2008-11-23 18:45 . 2008-11-12 14:54 18,537 --a------ c:\windows\system32\nvdisp.nvu2008-11-23 18:44 . 2008-11-12 13:45 453,152 --a------ c:\windows\system32\NVUNINST.EXE2008-11-22 23:41 . 1999-04-23 22:22 151,552 --a------ c:\windows\system32\MSOSS.DLL2008-11-19 19:05 . 2008-11-19 19:05 <DIR> d-------- c:\program files\Common Files\Skype2008-11-19 19:05 . 2008-12-10 21:09 <DIR> d-------- c:\documents and settings\MARO\Dane aplikacji\skypePM2008-11-19 19:05 . 2008-11-19 19:05 56 --ah----- c:\windows\system32\ezsidmv.dat2008-11-17 16:09 . 2008-11-17 17:17 <DIR> d-------- c:\documents and settings\MARO\Dane aplikacji\Sports Interactive2008-11-17 15:57 . 2008-11-17 16:01 <DIR> d--h----- c:\program files\Zero G Registry2008-11-17 06:17 . 2008-11-17 06:17 <DIR> d--h----- c:\documents and settings\MARO\InstallAnywhere.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-12-15 19:00 183,112 ----a-w c:\windows\system32\PnkBstrB.exe2008-12-15 19:00 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys2008-12-15 16:05 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy2008-12-15 14:09 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP2008-12-11 21:41 --------- d-----w c:\documents and settings\MARO\Dane aplikacji\GanymedeNet2008-12-11 16:09 --------- d-----w c:\program files\Java2008-12-10 20:48 --------- d-----w c:\documents and settings\MARO\Dane aplikacji\Skype2008-12-08 21:48 --------- d-----w c:\program files\Common Files\Wise Installation Wizard2008-12-08 12:05 --------- d--h--w c:\program files\InstallShield Installation Information2008-12-06 13:56 107,888 ----a-w c:\windows\system32\CmdLineExt.dll2008-11-30 18:34 --------- d-----w c:\documents and settings\MARO\Dane aplikacji\uTorrent2008-11-25 12:20 --------- d-----w c:\program files\Lx_cats2008-11-23 17:46 --------- d-----w c:\program files\AGEIA Technologies2008-11-22 19:59 66,872 ----a-w c:\windows\system32\PnkBstrA.exe2008-11-19 18:05 --------- d-----w c:\program files\Skype2008-11-19 18:04 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype2008-11-13 15:19 --------- d-----w c:\documents and settings\MARO\Dane aplikacji\temp2008-11-13 11:59 --------- d-----w c:\documents and settings\MARO\Dane aplikacji\BlackBean2008-11-08 21:00 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\KONAMI2008-11-04 13:31 --------- d-----w c:\documents and settings\MARO\Dane aplikacji\MargonemMapki2008-11-03 15:07 --------- d-----w c:\documents and settings\MARO\Dane aplikacji\Hamachi2008-11-02 10:41 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys2008-11-02 10:41 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys2008-10-31 21:25 --------- d-----w c:\program files\MSXML 6.02008-10-30 15:32 --------- d-----w c:\program files\MSBuild2008-10-30 15:29 --------- d-----w c:\program files\Reference Assemblies2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll2008-10-22 04:29 14,303,392 ----a-w c:\windows\system32\xlive.dll2008-10-22 04:29 13,643,936 ----a-w c:\windows\system32\xlivefnt.dll2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll2008-10-13 08:56 70,936 ----a-w c:\windows\system32\PhysXLoader.dll2008-10-04 12:34 669,184 ----a-w c:\windows\system32\pbsvc.exe2008-10-04 12:34 22,328 ----a-w c:\documents and settings\MARO\Dane aplikacji\PnkBstrK.sys2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll2008-09-20 20:01 48,397 ----a-w c:\windows\UninstVeetleTVPlayer.exe2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys1999-05-17 11:58 99,840 ----a-w c:\program files\Common Files\IRAABOUT.DLL1998-12-09 00:53 70,144 ----a-w c:\program files\Common Files\IRAMDMTR.DLL1998-12-09 00:53 48,640 ----a-w c:\program files\Common Files\IRALPTTR.DLL1998-12-09 00:53 31,744 ----a-w c:\program files\Common Files\IRAWEBTR.DLL1998-12-09 00:53 186,368 ----a-w c:\program files\Common Files\IRAREG.DLL1998-12-09 00:53 17,920 ----a-w c:\program files\Common Files\IRASRIAL.DLL2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DAEMON Tools Pro Agent"="c:\programy\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]"TBPanel"="c:\program files\VDOTool\TBPanel.exe" [2008-07-03 2157096][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"avast!"="c:\programy\Avast4\ashDisp.exe" [2008-11-26 81000]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]"Nokia.PCSync"="c:\programy\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]c:\documents and settings\MARO\Menu Start\Programy\Autostart\Skr˘t do konnekt.lnk - c:\programy\Konnekt\konnekt.exe [2005-05-24 503808]Skr˘t do PWRISOVM.lnk - c:\programy\PowerISO\PWRISOVM.EXE [2006-03-18 184320][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.I420"= i420vfw.dll"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\BTTray.lnkbackup=c:\windows\pss\BTTray.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Privoxy.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Privoxy.lnkbackup=c:\windows\pss\Privoxy.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^MARO^Menu Start^Programy^Autostart^RocketDock.lnk]path=c:\documents and settings\MARO\Menu Start\Programy\Autostart\RocketDock.lnkbackup=c:\windows\pss\RocketDock.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^MARO^Menu Start^Programy^Autostart^Skrót do PWRISOVM.lnk]path=c:\documents and settings\MARO\Menu Start\Programy\Autostart\Skrót do PWRISOVM.lnkbackup=c:\windows\pss\Skrót do PWRISOVM.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^MARO^Menu Start^Programy^Autostart^UberIcon.lnk]path=c:\documents and settings\MARO\Menu Start\Programy\Autostart\UberIcon.lnkbackup=c:\windows\pss\UberIcon.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]c:\windows\system32\dumprep 0 -k [X][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer]--a------ 2005-12-06 12:08 20480 c:\windows\CameraFixer.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]--a------ 2006-03-02 13:00 15360 c:\windows\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]--a------ 2003-03-24 17:38 1443328 c:\programy\EdHTMLv5.0\EdHTML.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]--a------ 2005-05-24 22:41 503808 c:\programy\Konnekt\konnekt.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]--a------ 2007-03-06 17:48 488984 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]--a------ 2007-03-06 17:58 1060376 c:\programy\WebCam10\WebCam10.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]--a------ 2008-11-12 14:54 13672448 c:\windows\system32\nvcpl.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]--a------ 2008-11-12 14:54 86016 c:\windows\system32\nvmctray.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]--a------ 2007-06-18 15:10 271360 c:\programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2007-09-25 18:33 98304 c:\program files\QuickTime\qttask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]--a------ 2005-10-11 12:54 339968 c:\windows\vsnpstd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]-rahs---- 2008-09-16 11:16 1833296 c:\programy\Spybot - Search & Destroy\TeaTimer.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]--a------ 2008-11-12 14:54 1630208 c:\windows\system32\nwiz.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]-r------- 2006-06-01 09:48 16208384 c:\windows\RTHDCPL.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\WINDOWS\\system32\\sessmgr.exe"="c:\\Programy\\Gadu-Gadu\\gg.exe"="c:\\Programy\\NAPI-PROJEKT\\napisy.exe"="c:\\Programy\\Konnekt\\konnekt.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Programy\\BearShare\\BearShare.exe"="d:\\GRY\\Counter-Strike Source\\hl2.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="d:\\GRY\\TrackMania Nations ESWC\\TmNationsESWC.exe"="d:\\GRY\\TOCA 2 Touring Car\\Game\\TC2.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\WINDOWS\\system32\\dpnsvr.exe"="c:\\usr\\apache\\Apache.exe"="c:\\usr\\SMTP Server\\localsrv.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Programy\\MoorHunt\\MoorHunt.exe"="c:\\Programy\\Ygoow\\Ygoow.exe"="c:\\Programy\\SopCast\\SopCast.exe"="c:\\Programy\\SopCast\\adv\\SopAdver.exe"="c:\\Programy\\Mozilla Firefox\\firefox.exe"="c:\\xampp\\apache\\bin\\apache.exe"="d:\\GRY\\UT\\System\\UnrealTournament.exe"="d:\\GRY\\rFactor\\rFactor.exe"="c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"="c:\\WINDOWS\\system32\\java.exe"="d:\\GRY\\PES 09\\pes2009.exe"="d:\\GRY\\DiRT\\DiRT.exe"="d:\\GRY\\RGSC\\Rockstar Games Social Club\\RGSCLauncher.exe"="d:\\GRY\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="d:\\GRY\\Crysis\\Bin32\\Crysis.exe"="d:\\GRY\\LFS net\\LFS.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3478:UDP"= 3478:UDP:stun"3479:UDP"= 3479:UDP:stun 2"6112:UDP"= 6112:UDP:stun 3"5730:UDP"= 5730:UDP:game"5739:UDP"= 5739:UDP:game 1"9001:TCP"= 9001:TCP:game 2"11881:TCP"= 11881:TCP:game 3R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]R2 Apache2.2;Apache2.2;"c:\xampp\apache\bin\apache.exe" -k runservice [2008-06-14 17408]R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560]R2 ETDrv;ETDrv;c:\windows\system32\drivers\ETDrv.sys [2007-09-02 39880]S2 ODSP Host;ODSP Host Service;c:\programy\ODSP\ODSPHost_NT.exe []S3 huadio1;huadio1;\??\c:\huadio.tmp []S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2008-09-20 29184]S3 RT2400PCI;802.11b WLAN PCI;c:\windows\system32\DRIVERS\RT2400.sys [2007-08-20 61056]S3 zlportio;zlportio;\??\c:\windows\Temp\tmp000031820\zlportio.sys [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f27e213c-ae4a-11dc-b5e3-001966057f3d}]\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe\Shell\Open(&0)\command - Recycled\ctfmon.exe*Newly Created Service* - PROCEXP90.- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-PWRISOVM.EXE - c:\programy\PowerISO\1\PWRISOVM.EXEHKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exeHKLM-Run-ODSPConfig - c:\programy\ODSP\ODSPConfig.exeHKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exeHKLM-Run-Remote Control Server - (no file)MSConfigStartUp-DAEMON Tools - c:\programy\DAEMON Tools\daemon.exeMSConfigStartUp-Expressivo - c:\programy\Expressivo\expressivo.exeMSConfigStartUp-Fraps - c:\documents and settings\MARO\PULPIT\FRAPS\FRAPS.EXEMSConfigStartUp-Steam - c:\program files\Steam\Steam.exeMSConfigStartUp-Vidalia - c:\programy\Vidalia Bundle\Vidalia\vidalia.exeMSConfigStartUp-WinampAgent - c:\programy\Winamp\winampa.exeMSConfigStartUp-ZoneAlarm Client - c:\programy\ZoneAlarm\zlclient.exe.------- Skan uzupełniający -------.uStart Page = hxxp://wp.pl/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Wyślij do interfejsu &Bluetooth - c:\programy\Oprogramowanie interfejsu Bluetooth\btsendto_ie_ctx.htmFF - ProfilePath - c:\documents and settings\MARO\Dane aplikacji\Mozilla\Firefox\Profiles\b14ke87f.default\FF - user.js: network.proxy.type - 0FF - user.js: network.proxy.http - FF - user.js: network.proxy.http_port - 0FF - user.js: network.proxy.ssl - FF - user.js: network.proxy.ssl_port - 0FF - user.js: network.proxy.ftp - FF - user.js: network.proxy.ftp_port - 0FF - user.js: network.proxy.gopher - FF - user.js: network.proxy.gopher_port - 0FF - user.js: network.proxy.socks_version - 5FF - user.js: network.proxy.socks - FF - user.js: network.proxy.socks_port - 0FF - prefs.js: browser.startup.homepage - www.wp.plFF - plugin: c:\programy\Mozilla Firefox\plugins\npganymedenet.dllFF - plugin: c:\programy\Opera\program\plugins\npdsplay.dllFF - plugin: c:\programy\Opera\program\plugins\npganymedenet.dllFF - plugin: c:\programy\Opera\program\plugins\nppl3260.dllFF - plugin: c:\programy\Opera\program\plugins\nprpjplug.dllFF - plugin: c:\programy\Opera\program\plugins\NPSWF32.dllFF - plugin: c:\programy\Opera\program\plugins\npwmsdrm.dllFF - plugin: c:\programy\Real Alternative\browser\plugins\nppl3260.dllFF - plugin: c:\programy\Real Alternative\browser\plugins\nprpjplug.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-15 23:41:41Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\huadio1]"ImagePath"="\??\c:\huadio.tmp"[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]"ImagePath"="".Czas ukończenia: 2008-12-15 23:42:28ComboFix-quarantined-files.txt 2008-12-15 22:42:14Przed: 16 798 613 504 bajtów wolnychPo: 16,798,543,872 bajtów wolnych311 --- E O F --- 2008-12-11 17:44:09 Z góry dzięki za pomoc
Gość komentarz 16 grudnia 2008 komentarz 16 grudnia 2008 Wklej do Notatnika: Driver::zlportioRegistry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f27e213c-ae4a-11dc-b5e3-001966057f3d}] >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox. Poza tym - czysto. O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\Visio 2003 PL\OFFICE11\REFIEBAR.DLL (file missing) Fix.
Marooooo komentarz 16 grudnia 2008 Autor komentarz 16 grudnia 2008 Oto log po wykonaniu tej operacji: ComboFix 08-12-15.01 - MARO 2008-12-16 15:30:19.2 - NTFSx86Microsoft Windows XP Home Edition 5.1.2600.2.1250.48.1045.18.2047.1433 [GMT 1:00]Uruchomiony z: c:\documents and settings\MARO\Pulpit\ComboFix.exeUżyto następujących komend :: c:\documents and settings\MARO\Pulpit\CFScript.txt * Utworzono nowy punkt przywracania[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))..((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_ZLPORTIO-------\Service_zlportio((((((((((((((((((((((((( Pliki utworzone od 2008-11-16 do 2008-12-16 ))))))))))))))))))))))))))))))).2008-12-14 17:36 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll2008-12-14 17:36 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll2008-12-14 17:36 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll2008-12-14 17:36 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll2008-12-14 17:36 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll2008-12-14 17:36 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll2008-12-14 17:36 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll2008-12-14 16:48 . 2008-12-14 16:48 1,700,352 --a------ c:\windows\system32\gdiplus.dll2008-12-10 13:45 . 2008-10-03 11:17 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll2008-12-06 14:53 . 2008-12-06 14:53 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE2008-12-04 17:46 . 2008-11-10 05:43 410,984 --a------ c:\windows\system32\deploytk.dll2008-11-29 16:29 . 2008-11-29 16:29 <DIR> d-------- c:\program files\Windows Media Connect 22008-11-29 16:29 . 2006-10-04 15:06 1,197,294 -----c--- c:\windows\system32\dllcache\sysmain.sdb2008-11-29 16:29 . 2006-10-04 15:06 764,868 -----c--- c:\windows\system32\dllcache\apph_sp.sdb2008-11-29 16:29 . 2006-10-04 15:06 217,118 -----c--- c:\windows\system32\dllcache\apphelp.sdb2008-11-29 16:28 . 2008-11-29 16:29 <DIR> d-------- c:\windows\system32\drivers\UMDF2008-11-23 18:57 . 2008-11-23 18:57 <DIR> d-------- c:\windows\NV9803532.TMP2008-11-23 18:57 . 2006-07-11 14:38 1,160,448 -ra------ c:\windows\system32\drivers\nvnrm.sys2008-11-23 18:57 . 2006-07-11 14:37 261,632 -ra------ c:\windows\system32\drivers\nvsnpu.sys2008-11-23 18:57 . 2006-06-29 08:40 208,896 --a------ c:\windows\system32\nvunrm.exe2008-11-23 18:57 . 2006-07-11 14:36 201,728 -ra------ c:\windows\system32\fdco1.dll2008-11-23 18:57 . 2006-07-11 14:38 110,592 -ra------ c:\windows\system32\drivers\nvtcp.sys2008-11-23 18:57 . 2006-07-11 14:38 57,856 -ra------ c:\windows\system32\drivers\NVENETFD.sys2008-11-23 18:57 . 2006-06-29 08:40 35,840 -ra------ c:\windows\system32\nvconrm.dll2008-11-23 18:57 . 2006-07-11 14:38 20,480 -ra------ c:\windows\system32\drivers\nvnetbus.sys2008-11-23 18:57 . 2006-07-11 14:36 11,264 -ra------ c:\windows\system32\bdco1.dll2008-11-23 18:57 . 2006-06-01 08:32 3,903 --a------ c:\windows\system32\nvnrm.nvu2008-11-23 18:45 . 2008-11-23 18:45 <DIR> d-------- c:\windows\nview2008-11-23 18:45 . 2008-11-12 14:54 453,152 --a------ c:\windows\system32\nvudisp.exe2008-11-23 18:45 . 2008-12-15 23:14 203,188 --a------ c:\windows\system32\nvapps.xml2008-11-23 18:45 . 2008-11-12 14:54 18,537 --a------ c:\windows\system32\nvdisp.nvu2008-11-23 18:44 . 2008-11-12 13:45 453,152 --a------ c:\windows\system32\NVUNINST.EXE2008-11-22 23:41 . 1999-04-23 22:22 151,552 --a------ c:\windows\system32\MSOSS.DLL2008-11-19 19:05 . 2008-11-19 19:05 <DIR> d-------- c:\program files\Common Files\Skype2008-11-19 19:05 . 2008-12-10 21:09 <DIR> d-------- c:\documents and settings\MARO\Dane aplikacji\skypePM2008-11-19 19:05 . 2008-11-19 19:05 56 --ah----- c:\windows\system32\ezsidmv.dat2008-11-17 16:09 . 2008-11-17 17:17 <DIR> d-------- c:\documents and settings\MARO\Dane aplikacji\Sports Interactive2008-11-17 15:57 . 2008-11-17 16:01 <DIR> d--h----- c:\program files\Zero G Registry2008-11-17 06:17 . 2008-11-17 06:17 <DIR> d--h----- c:\documents and settings\MARO\InstallAnywhere.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-12-16 14:27 --------- d-----w c:\program files\Lx_cats2008-12-16 00:49 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy2008-12-15 19:00 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys2008-12-15 14:09 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP2008-12-11 21:41 --------- d-----w c:\documents and settings\MARO\Dane aplikacji\GanymedeNet2008-12-11 16:09 --------- d-----w c:\program files\Java2008-12-10 20:48 --------- d-----w c:\documents and settings\MARO\Dane aplikacji\Skype2008-12-08 21:48 --------- d-----w c:\program files\Common Files\Wise Installation Wizard2008-12-08 12:05 --------- d--h--w c:\program files\InstallShield Installation Information2008-11-30 18:34 --------- d-----w c:\documents and settings\MARO\Dane aplikacji\uTorrent2008-11-23 17:46 --------- d-----w c:\program files\AGEIA Technologies2008-11-19 18:05 --------- d-----w c:\program files\Skype2008-11-19 18:04 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype2008-11-13 15:19 --------- d-----w c:\documents and settings\MARO\Dane aplikacji\temp2008-11-13 11:59 --------- d-----w c:\documents and settings\MARO\Dane aplikacji\BlackBean2008-11-12 13:54 6,188,320 ----a-w c:\windows\system32\drivers\nv4_mini.sys2008-11-08 21:00 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\KONAMI2008-11-04 13:31 --------- d-----w c:\documents and settings\MARO\Dane aplikacji\MargonemMapki2008-11-03 15:07 --------- d-----w c:\documents and settings\MARO\Dane aplikacji\Hamachi2008-11-02 10:41 279,712 ----a-w c:\windows\system32\drivers\atksgt.sys2008-11-02 10:41 25,888 ----a-w c:\windows\system32\drivers\lirsgt.sys2008-10-31 21:25 --------- d-----w c:\program files\MSXML 6.02008-10-30 15:32 --------- d-----w c:\program files\MSBuild2008-10-30 15:29 --------- d-----w c:\program files\Reference Assemblies2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys2008-10-04 12:34 22,328 ----a-w c:\documents and settings\MARO\Dane aplikacji\PnkBstrK.sys2008-09-20 20:01 48,397 ----a-w c:\windows\UninstVeetleTVPlayer.exe1999-05-17 11:58 99,840 ----a-w c:\program files\Common Files\IRAABOUT.DLL1998-12-09 00:53 70,144 ----a-w c:\program files\Common Files\IRAMDMTR.DLL1998-12-09 00:53 48,640 ----a-w c:\program files\Common Files\IRALPTTR.DLL1998-12-09 00:53 31,744 ----a-w c:\program files\Common Files\IRAWEBTR.DLL1998-12-09 00:53 186,368 ----a-w c:\program files\Common Files\IRAREG.DLL1998-12-09 00:53 17,920 ----a-w c:\program files\Common Files\IRASRIAL.DLL2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DAEMON Tools Pro Agent"="c:\programy\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]"SpybotSD TeaTimer"="c:\programy\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"avast!"="c:\programy\Avast4\ashDisp.exe" [2008-11-26 81000]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]"Nokia.PCSync"="c:\programy\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]c:\documents and settings\MARO\Menu Start\Programy\Autostart\Skr˘t do konnekt.lnk - c:\programy\Konnekt\konnekt.exe [2005-05-24 503808]Skr˘t do PWRISOVM.lnk - c:\programy\PowerISO\PWRISOVM.EXE [2006-03-18 184320][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.I420"= i420vfw.dll"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\BTTray.lnkbackup=c:\windows\pss\BTTray.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Privoxy.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Privoxy.lnkbackup=c:\windows\pss\Privoxy.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^MARO^Menu Start^Programy^Autostart^RocketDock.lnk]path=c:\documents and settings\MARO\Menu Start\Programy\Autostart\RocketDock.lnkbackup=c:\windows\pss\RocketDock.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^MARO^Menu Start^Programy^Autostart^Skrót do PWRISOVM.lnk]path=c:\documents and settings\MARO\Menu Start\Programy\Autostart\Skrót do PWRISOVM.lnkbackup=c:\windows\pss\Skrót do PWRISOVM.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^MARO^Menu Start^Programy^Autostart^UberIcon.lnk]path=c:\documents and settings\MARO\Menu Start\Programy\Autostart\UberIcon.lnkbackup=c:\windows\pss\UberIcon.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]c:\windows\system32\dumprep 0 -k [X][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer]--a------ 2005-12-06 12:08 20480 c:\windows\CameraFixer.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]--a------ 2006-03-02 13:00 15360 c:\windows\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]--a------ 2003-03-24 17:38 1443328 c:\programy\EdHTMLv5.0\EdHTML.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]--a------ 2005-05-24 22:41 503808 c:\programy\Konnekt\konnekt.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]--a------ 2007-03-06 17:48 488984 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]--a------ 2007-03-06 17:58 1060376 c:\programy\WebCam10\WebCam10.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]--a------ 2008-11-12 14:54 13672448 c:\windows\system32\nvcpl.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]--a------ 2008-11-12 14:54 86016 c:\windows\system32\nvmctray.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]--a------ 2007-06-18 15:10 271360 c:\programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2007-09-25 18:33 98304 c:\program files\QuickTime\qttask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]--a------ 2005-10-11 12:54 339968 c:\windows\vsnpstd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]-rahs---- 2008-09-16 11:16 1833296 c:\programy\Spybot - Search & Destroy\TeaTimer.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]--a------ 2008-11-12 14:54 1630208 c:\windows\system32\nwiz.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]-r------- 2006-06-01 09:48 16208384 c:\windows\RTHDCPL.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\WINDOWS\\system32\\sessmgr.exe"="c:\\Programy\\Gadu-Gadu\\gg.exe"="c:\\Programy\\NAPI-PROJEKT\\napisy.exe"="c:\\Programy\\Konnekt\\konnekt.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Programy\\BearShare\\BearShare.exe"="d:\\GRY\\Counter-Strike Source\\hl2.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="d:\\GRY\\TrackMania Nations ESWC\\TmNationsESWC.exe"="d:\\GRY\\TOCA 2 Touring Car\\Game\\TC2.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\WINDOWS\\system32\\dpnsvr.exe"="c:\\usr\\apache\\Apache.exe"="c:\\usr\\SMTP Server\\localsrv.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Programy\\MoorHunt\\MoorHunt.exe"="c:\\Programy\\Ygoow\\Ygoow.exe"="c:\\Programy\\SopCast\\SopCast.exe"="c:\\Programy\\SopCast\\adv\\SopAdver.exe"="c:\\Programy\\Mozilla Firefox\\firefox.exe"="c:\\xampp\\apache\\bin\\apache.exe"="d:\\GRY\\UT\\System\\UnrealTournament.exe"="d:\\GRY\\rFactor\\rFactor.exe"="c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"="c:\\WINDOWS\\system32\\java.exe"="d:\\GRY\\PES 09\\pes2009.exe"="d:\\GRY\\DiRT\\DiRT.exe"="d:\\GRY\\RGSC\\Rockstar Games Social Club\\RGSCLauncher.exe"="d:\\GRY\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="d:\\GRY\\Crysis\\Bin32\\Crysis.exe"="d:\\GRY\\LFS net\\LFS.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3478:UDP"= 3478:UDP:stun"3479:UDP"= 3479:UDP:stun 2"6112:UDP"= 6112:UDP:stun 3"5730:UDP"= 5730:UDP:game"5739:UDP"= 5739:UDP:game 1"9001:TCP"= 9001:TCP:game 2"11881:TCP"= 11881:TCP:game 3R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]R2 Apache2.2;Apache2.2;"c:\xampp\apache\bin\apache.exe" -k runservice [2008-06-14 17408]R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560]R2 ETDrv;ETDrv;c:\windows\system32\drivers\ETDrv.sys [2007-09-02 39880]S2 ODSP Host;ODSP Host Service;c:\programy\ODSP\ODSPHost_NT.exe []S3 huadio1;huadio1;\??\c:\huadio.tmp []S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2008-09-20 29184]S3 RT2400PCI;802.11b WLAN PCI;c:\windows\system32\DRIVERS\RT2400.sys [2007-08-20 61056].- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe.------- Skan uzupełniający -------.uStart Page = hxxp://wp.pl/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Wyślij do interfejsu &Bluetooth - c:\programy\Oprogramowanie interfejsu Bluetooth\btsendto_ie_ctx.htmFF - ProfilePath - c:\documents and settings\MARO\Dane aplikacji\Mozilla\Firefox\Profiles\b14ke87f.default\FF - user.js: network.proxy.type - 0FF - user.js: network.proxy.http - FF - user.js: network.proxy.http_port - 0FF - user.js: network.proxy.ssl - FF - user.js: network.proxy.ssl_port - 0FF - user.js: network.proxy.ftp - FF - user.js: network.proxy.ftp_port - 0FF - user.js: network.proxy.gopher - FF - user.js: network.proxy.gopher_port - 0FF - user.js: network.proxy.socks_version - 5FF - user.js: network.proxy.socks - FF - user.js: network.proxy.socks_port - 0FF - prefs.js: browser.startup.homepage - www.wp.plFF - plugin: c:\programy\Mozilla Firefox\plugins\npganymedenet.dllFF - plugin: c:\programy\Opera\program\plugins\npdsplay.dllFF - plugin: c:\programy\Opera\program\plugins\npganymedenet.dllFF - plugin: c:\programy\Opera\program\plugins\nppl3260.dllFF - plugin: c:\programy\Opera\program\plugins\nprpjplug.dllFF - plugin: c:\programy\Opera\program\plugins\NPSWF32.dllFF - plugin: c:\programy\Opera\program\plugins\npwmsdrm.dllFF - plugin: c:\programy\Real Alternative\browser\plugins\nppl3260.dllFF - plugin: c:\programy\Real Alternative\browser\plugins\nprpjplug.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-16 15:34:01Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\huadio1]"ImagePath"="\??\c:\huadio.tmp"[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]"ImagePath"="".------------------------ Pozostałe uruchomione procesy ------------------------.c:\programy\Avast4\aswUpdSv.exec:\programy\Avast4\ashServ.exec:\windows\system32\rundll32.exec:\program files\Bonjour\mDNSResponder.exec:\programy\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exec:\program files\Java\jre6\bin\jqs.exec:\xampp\mysql\bin\mysqld-nt.exec:\windows\system32\nvsvc32.exec:\windows\system32\PnkBstrA.exec:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exec:\programy\Avast4\ashMaiSv.exec:\programy\Avast4\ashWebSv.exe.**************************************************************************.Czas ukończenia: 2008-12-16 15:36:09 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2008-12-16 14:36:06Przed: 16 779 317 248 bajtów wolnychPo: 16,680,267,776 bajtów wolnych292 --- E O F --- 2008-12-11 17:44:09
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.