x-kom hosting

Dla pewności

Marooooo
utworzono
utworzono

Witam.

Chciałbym aby ktoś z Was sprawdził czy u mnie na kompie nie znajduje się jakiś wirus.

Program antywirusowy, który mam to Avast Home Edition 4.8

Dzisiaj włączyłem kompa i Avast wyktył mi niby jakiegoś rootkita, od razu go usunąłem.

Po ponownym uruchomieniu wyskoczyło mi jakieś okienko, coś na temat, że może być problem z Win XP SP 2 (bo takiego posiadam). Było coś napisane, że chce płyte Windowsa, a ja dałem na NIE.

Zapomniałem zrobić screena ;/. Ale po ponownym uruchomieniu już było wszystko ok. Żadnych dziwnych komunikatów.

Postępuję według tych tematów:

http://www.forumpc.pl/index.php?showtopic=11018

http://www.forumpc.pl/index.php?showtopic=11017

Proszę o sprawdzenie następujących logów:

HijackThis

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 23:28:12, on 2008-12-15Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Programy\Avast4\aswUpdSv.exeC:\Programy\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Programy\Avast4\ashDisp.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Java\jre6\bin\jusched.exeC:\Programy\DAEMON Tools Pro\DTProAgent.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\VDOTool\TBPanel.exeC:\Programy\Konnekt\konnekt.exeC:\Programy\PowerISO\PWRISOVM.EXEC:\xampp\apache\bin\apache.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Programy\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\xampp\mysql\bin\mysqld-nt.exeC:\WINDOWS\system32\nvsvc32.exeC:\xampp\apache\bin\apache.exeC:\Programy\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Programy\Avast4\ashMaiSv.exeC:\Programy\Avast4\ashWebSv.exeC:\Programy\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wp.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programy\SPYBOT~1\SDHelper.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programy\PowerISO\1\PWRISOVM.EXEO4 - HKLM\..\Run: [avast!] C:\Programy\Avast4\ashDisp.exeO4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [ODSPConfig] C:\Programy\ODSP\ODSPConfig.exeO4 - HKLM\..\Run: [iSUSPM] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -schedulerO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Programy\DAEMON Tools Pro\DTProAgent.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [TBPanel] C:\Program Files\VDOTool\TBPanel.exe /AO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Skrót do konnekt.lnk = C:\Programy\Konnekt\konnekt.exeO4 - Startup: Skrót do PWRISOVM.lnk = C:\Programy\PowerISO\PWRISOVM.EXEO8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Programy\Oprogramowanie interfejsu Bluetooth\btsendto_ie_ctx.htmO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\Visio 2003 PL\OFFICE11\REFIEBAR.DLL (file missing)O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programy\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programy\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htmO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programy\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\apache\bin\apache.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programy\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Programy\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programy\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Programy\Avast4\ashWebSv.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programy\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exeO23 - Service: lxcg_device -   - C:\WINDOWS\system32\lxcgcoms.exeO23 - Service: mysql - Unknown owner - C:\xampp\mysql\bin\mysqld-nt.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: ODSP Host Service (ODSP Host) - Unknown owner - C:\Programy\ODSP\ODSPHost_NT.exe (file missing)O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe--End of file - 7641 bytes

ComboFix

ComboFix 08-12-15.01 - MARO 2008-12-15 23:40:09.1 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.2047.1533 [GMT 1:00]Uruchomiony z: c:\documents and settings\MARO\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].[i] ADS - system32: deleted 13485019 bytes in 1 streams. [/i](((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\mdm.exe.(((((((((((((((((((((((((   Pliki utworzone od 2008-11-15 do 2008-12-15  ))))))))))))))))))))))))))))))).2008-12-14 17:36 . 2008-10-10 04:52	4,379,984	--a------	c:\windows\system32\D3DX9_40.dll2008-12-14 17:36 . 2008-10-10 04:52	2,036,576	--a------	c:\windows\system32\D3DCompiler_40.dll2008-12-14 17:36 . 2008-10-27 10:04	514,384	--a------	c:\windows\system32\XAudio2_3.dll2008-12-14 17:36 . 2008-10-10 04:52	452,440	--a------	c:\windows\system32\d3dx10_40.dll2008-12-14 17:36 . 2008-10-27 10:04	235,856	--a------	c:\windows\system32\xactengine3_3.dll2008-12-14 17:36 . 2008-10-27 10:04	70,992	--a------	c:\windows\system32\XAPOFX1_2.dll2008-12-14 17:36 . 2008-10-27 10:04	23,376	--a------	c:\windows\system32\X3DAudio1_5.dll2008-12-14 16:48 . 2008-12-14 16:48	1,700,352	--a------	c:\windows\system32\gdiplus.dll2008-12-10 13:45 . 2008-10-03 11:17	247,326	-----c---	c:\windows\system32\dllcache\strmdll.dll2008-12-06 14:53 . 2008-12-06 14:53	<DIR>	d--------	c:\program files\Microsoft Games for Windows - LIVE2008-12-04 17:46 . 2008-11-10 05:43	410,984	--a------	c:\windows\system32\deploytk.dll2008-11-29 16:29 . 2008-11-29 16:29	<DIR>	d--------	c:\program files\Windows Media Connect 22008-11-29 16:29 . 2006-10-04 15:06	1,197,294	-----c---	c:\windows\system32\dllcache\sysmain.sdb2008-11-29 16:29 . 2006-10-04 15:06	764,868	-----c---	c:\windows\system32\dllcache\apph_sp.sdb2008-11-29 16:29 . 2006-10-04 15:06	217,118	-----c---	c:\windows\system32\dllcache\apphelp.sdb2008-11-29 16:28 . 2008-11-29 16:29	<DIR>	d--------	c:\windows\system32\drivers\UMDF2008-11-23 18:57 . 2008-11-23 18:57	<DIR>	d--------	c:\windows\NV9803532.TMP2008-11-23 18:57 . 2006-07-11 14:38	1,160,448	-ra------	c:\windows\system32\drivers\nvnrm.sys2008-11-23 18:57 . 2006-07-11 14:37	261,632	-ra------	c:\windows\system32\drivers\nvsnpu.sys2008-11-23 18:57 . 2006-06-29 08:40	208,896	--a------	c:\windows\system32\nvunrm.exe2008-11-23 18:57 . 2006-07-11 14:36	201,728	-ra------	c:\windows\system32\fdco1.dll2008-11-23 18:57 . 2006-07-11 14:38	110,592	-ra------	c:\windows\system32\drivers\nvtcp.sys2008-11-23 18:57 . 2006-07-11 14:38	57,856	-ra------	c:\windows\system32\drivers\NVENETFD.sys2008-11-23 18:57 . 2006-06-29 08:40	35,840	-ra------	c:\windows\system32\nvconrm.dll2008-11-23 18:57 . 2006-07-11 14:38	20,480	-ra------	c:\windows\system32\drivers\nvnetbus.sys2008-11-23 18:57 . 2006-07-11 14:36	11,264	-ra------	c:\windows\system32\bdco1.dll2008-11-23 18:57 . 2006-06-01 08:32	3,903	--a------	c:\windows\system32\nvnrm.nvu2008-11-23 18:45 . 2008-11-23 18:45	<DIR>	d--------	c:\windows\nview2008-11-23 18:45 . 2008-11-12 14:54	453,152	--a------	c:\windows\system32\nvudisp.exe2008-11-23 18:45 . 2008-12-15 23:14	203,188	--a------	c:\windows\system32\nvapps.xml2008-11-23 18:45 . 2008-11-12 14:54	18,537	--a------	c:\windows\system32\nvdisp.nvu2008-11-23 18:44 . 2008-11-12 13:45	453,152	--a------	c:\windows\system32\NVUNINST.EXE2008-11-22 23:41 . 1999-04-23 22:22	151,552	--a------	c:\windows\system32\MSOSS.DLL2008-11-19 19:05 . 2008-11-19 19:05	<DIR>	d--------	c:\program files\Common Files\Skype2008-11-19 19:05 . 2008-12-10 21:09	<DIR>	d--------	c:\documents and settings\MARO\Dane aplikacji\skypePM2008-11-19 19:05 . 2008-11-19 19:05	56	--ah-----	c:\windows\system32\ezsidmv.dat2008-11-17 16:09 . 2008-11-17 17:17	<DIR>	d--------	c:\documents and settings\MARO\Dane aplikacji\Sports Interactive2008-11-17 15:57 . 2008-11-17 16:01	<DIR>	d--h-----	c:\program files\Zero G Registry2008-11-17 06:17 . 2008-11-17 06:17	<DIR>	d--h-----	c:\documents and settings\MARO\InstallAnywhere.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-12-15 19:00	183,112	----a-w	c:\windows\system32\PnkBstrB.exe2008-12-15 19:00	138,184	----a-w	c:\windows\system32\drivers\PnkBstrK.sys2008-12-15 16:05	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy2008-12-15 14:09	---------	d---a-w	c:\documents and settings\All Users\Dane aplikacji\TEMP2008-12-11 21:41	---------	d-----w	c:\documents and settings\MARO\Dane aplikacji\GanymedeNet2008-12-11 16:09	---------	d-----w	c:\program files\Java2008-12-10 20:48	---------	d-----w	c:\documents and settings\MARO\Dane aplikacji\Skype2008-12-08 21:48	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard2008-12-08 12:05	---------	d--h--w	c:\program files\InstallShield Installation Information2008-12-06 13:56	107,888	----a-w	c:\windows\system32\CmdLineExt.dll2008-11-30 18:34	---------	d-----w	c:\documents and settings\MARO\Dane aplikacji\uTorrent2008-11-25 12:20	---------	d-----w	c:\program files\Lx_cats2008-11-23 17:46	---------	d-----w	c:\program files\AGEIA Technologies2008-11-22 19:59	66,872	----a-w	c:\windows\system32\PnkBstrA.exe2008-11-19 18:05	---------	d-----w	c:\program files\Skype2008-11-19 18:04	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Skype2008-11-13 15:19	---------	d-----w	c:\documents and settings\MARO\Dane aplikacji\temp2008-11-13 11:59	---------	d-----w	c:\documents and settings\MARO\Dane aplikacji\BlackBean2008-11-08 21:00	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\KONAMI2008-11-04 13:31	---------	d-----w	c:\documents and settings\MARO\Dane aplikacji\MargonemMapki2008-11-03 15:07	---------	d-----w	c:\documents and settings\MARO\Dane aplikacji\Hamachi2008-11-02 10:41	279,712	----a-w	c:\windows\system32\drivers\atksgt.sys2008-11-02 10:41	25,888	----a-w	c:\windows\system32\drivers\lirsgt.sys2008-10-31 21:25	---------	d-----w	c:\program files\MSXML 6.02008-10-30 15:32	---------	d-----w	c:\program files\MSBuild2008-10-30 15:29	---------	d-----w	c:\program files\Reference Assemblies2008-10-24 11:10	453,632	----a-w	c:\windows\system32\drivers\mrxsmb.sys2008-10-23 13:01	283,648	----a-w	c:\windows\system32\gdi32.dll2008-10-22 04:29	14,303,392	----a-w	c:\windows\system32\xlive.dll2008-10-22 04:29	13,643,936	----a-w	c:\windows\system32\xlivefnt.dll2008-10-16 20:33	826,368	----a-w	c:\windows\system32\wininet.dll2008-10-16 13:13	202,776	----a-w	c:\windows\system32\wuweb.dll2008-10-16 13:13	1,809,944	----a-w	c:\windows\system32\wuaueng.dll2008-10-16 13:12	561,688	----a-w	c:\windows\system32\wuapi.dll2008-10-16 13:12	323,608	----a-w	c:\windows\system32\wucltui.dll2008-10-16 13:09	92,696	----a-w	c:\windows\system32\cdm.dll2008-10-16 13:09	51,224	----a-w	c:\windows\system32\wuauclt.exe2008-10-16 13:09	43,544	----a-w	c:\windows\system32\wups2.dll2008-10-16 13:08	34,328	----a-w	c:\windows\system32\wups.dll2008-10-16 13:06	268,648	----a-w	c:\windows\system32\mucltui.dll2008-10-16 13:06	208,744	----a-w	c:\windows\system32\muweb.dll2008-10-13 08:56	70,936	----a-w	c:\windows\system32\PhysXLoader.dll2008-10-04 12:34	669,184	----a-w	c:\windows\system32\pbsvc.exe2008-10-04 12:34	22,328	----a-w	c:\documents and settings\MARO\Dane aplikacji\PnkBstrK.sys2008-10-03 10:17	247,326	----a-w	c:\windows\system32\strmdll.dll2008-09-30 15:43	1,286,152	----a-w	c:\windows\system32\msxml4.dll2008-09-20 20:01	48,397	----a-w	c:\windows\UninstVeetleTVPlayer.exe2008-09-15 15:40	1,846,272	----a-w	c:\windows\system32\win32k.sys1999-05-17 11:58	99,840	----a-w	c:\program files\Common Files\IRAABOUT.DLL1998-12-09 00:53	70,144	----a-w	c:\program files\Common Files\IRAMDMTR.DLL1998-12-09 00:53	48,640	----a-w	c:\program files\Common Files\IRALPTTR.DLL1998-12-09 00:53	31,744	----a-w	c:\program files\Common Files\IRAWEBTR.DLL1998-12-09 00:53	186,368	----a-w	c:\program files\Common Files\IRAREG.DLL1998-12-09 00:53	17,920	----a-w	c:\program files\Common Files\IRASRIAL.DLL2006-05-03 09:06	163,328	--sh--r	c:\windows\system32\flvDX.dll2007-02-21 10:47	31,232	--sh--r	c:\windows\system32\msfDX.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DAEMON Tools Pro Agent"="c:\programy\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]"TBPanel"="c:\program files\VDOTool\TBPanel.exe" [2008-07-03 2157096][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"avast!"="c:\programy\Avast4\ashDisp.exe" [2008-11-26 81000]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]"nwiz"="nwiz.exe" [2008-11-12 c:\windows\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]"Nokia.PCSync"="c:\programy\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]c:\documents and settings\MARO\Menu Start\Programy\Autostart\Skr˘t do konnekt.lnk - c:\programy\Konnekt\konnekt.exe [2005-05-24 503808]Skr˘t do PWRISOVM.lnk - c:\programy\PowerISO\PWRISOVM.EXE [2006-03-18 184320][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.I420"= i420vfw.dll"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\BTTray.lnkbackup=c:\windows\pss\BTTray.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Privoxy.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Privoxy.lnkbackup=c:\windows\pss\Privoxy.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^MARO^Menu Start^Programy^Autostart^RocketDock.lnk]path=c:\documents and settings\MARO\Menu Start\Programy\Autostart\RocketDock.lnkbackup=c:\windows\pss\RocketDock.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^MARO^Menu Start^Programy^Autostart^Skrót do PWRISOVM.lnk]path=c:\documents and settings\MARO\Menu Start\Programy\Autostart\Skrót do PWRISOVM.lnkbackup=c:\windows\pss\Skrót do PWRISOVM.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^MARO^Menu Start^Programy^Autostart^UberIcon.lnk]path=c:\documents and settings\MARO\Menu Start\Programy\Autostart\UberIcon.lnkbackup=c:\windows\pss\UberIcon.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]c:\windows\system32\dumprep 0 -k [X][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer]--a------ 2005-12-06 12:08 20480 c:\windows\CameraFixer.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]--a------ 2006-03-02 13:00 15360 c:\windows\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]--a------ 2003-03-24 17:38 1443328 c:\programy\EdHTMLv5.0\EdHTML.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]--a------ 2005-05-24 22:41 503808 c:\programy\Konnekt\konnekt.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]--a------ 2007-03-06 17:48 488984 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]--a------ 2007-03-06 17:58 1060376 c:\programy\WebCam10\WebCam10.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]--a------ 2008-11-12 14:54 13672448 c:\windows\system32\nvcpl.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]--a------ 2008-11-12 14:54 86016 c:\windows\system32\nvmctray.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]--a------ 2007-06-18 15:10 271360 c:\programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2007-09-25 18:33 98304 c:\program files\QuickTime\qttask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]--a------ 2005-10-11 12:54 339968 c:\windows\vsnpstd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]-rahs---- 2008-09-16 11:16 1833296 c:\programy\Spybot - Search & Destroy\TeaTimer.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]--a------ 2008-11-12 14:54 1630208 c:\windows\system32\nwiz.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]-r------- 2006-06-01 09:48 16208384 c:\windows\RTHDCPL.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\WINDOWS\\system32\\sessmgr.exe"="c:\\Programy\\Gadu-Gadu\\gg.exe"="c:\\Programy\\NAPI-PROJEKT\\napisy.exe"="c:\\Programy\\Konnekt\\konnekt.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Programy\\BearShare\\BearShare.exe"="d:\\GRY\\Counter-Strike Source\\hl2.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="d:\\GRY\\TrackMania Nations ESWC\\TmNationsESWC.exe"="d:\\GRY\\TOCA 2 Touring Car\\Game\\TC2.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\WINDOWS\\system32\\dpnsvr.exe"="c:\\usr\\apache\\Apache.exe"="c:\\usr\\SMTP Server\\localsrv.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Programy\\MoorHunt\\MoorHunt.exe"="c:\\Programy\\Ygoow\\Ygoow.exe"="c:\\Programy\\SopCast\\SopCast.exe"="c:\\Programy\\SopCast\\adv\\SopAdver.exe"="c:\\Programy\\Mozilla Firefox\\firefox.exe"="c:\\xampp\\apache\\bin\\apache.exe"="d:\\GRY\\UT\\System\\UnrealTournament.exe"="d:\\GRY\\rFactor\\rFactor.exe"="c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"="c:\\WINDOWS\\system32\\java.exe"="d:\\GRY\\PES 09\\pes2009.exe"="d:\\GRY\\DiRT\\DiRT.exe"="d:\\GRY\\RGSC\\Rockstar Games Social Club\\RGSCLauncher.exe"="d:\\GRY\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="d:\\GRY\\Crysis\\Bin32\\Crysis.exe"="d:\\GRY\\LFS net\\LFS.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3478:UDP"= 3478:UDP:stun"3479:UDP"= 3479:UDP:stun 2"6112:UDP"= 6112:UDP:stun 3"5730:UDP"= 5730:UDP:game"5739:UDP"= 5739:UDP:game 1"9001:TCP"= 9001:TCP:game 2"11881:TCP"= 11881:TCP:game 3R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]R2 Apache2.2;Apache2.2;"c:\xampp\apache\bin\apache.exe" -k runservice [2008-06-14 17408]R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560]R2 ETDrv;ETDrv;c:\windows\system32\drivers\ETDrv.sys [2007-09-02 39880]S2 ODSP Host;ODSP Host Service;c:\programy\ODSP\ODSPHost_NT.exe []S3 huadio1;huadio1;\??\c:\huadio.tmp []S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2008-09-20 29184]S3 RT2400PCI;802.11b WLAN PCI;c:\windows\system32\DRIVERS\RT2400.sys [2007-08-20 61056]S3 zlportio;zlportio;\??\c:\windows\Temp\tmp000031820\zlportio.sys [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f27e213c-ae4a-11dc-b5e3-001966057f3d}]\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe\Shell\Open(&0)\command - Recycled\ctfmon.exe*Newly Created Service* - PROCEXP90.- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-PWRISOVM.EXE - c:\programy\PowerISO\1\PWRISOVM.EXEHKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exeHKLM-Run-ODSPConfig - c:\programy\ODSP\ODSPConfig.exeHKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exeHKLM-Run-Remote Control Server - (no file)MSConfigStartUp-DAEMON Tools - c:\programy\DAEMON Tools\daemon.exeMSConfigStartUp-Expressivo - c:\programy\Expressivo\expressivo.exeMSConfigStartUp-Fraps - c:\documents and settings\MARO\PULPIT\FRAPS\FRAPS.EXEMSConfigStartUp-Steam - c:\program files\Steam\Steam.exeMSConfigStartUp-Vidalia - c:\programy\Vidalia Bundle\Vidalia\vidalia.exeMSConfigStartUp-WinampAgent - c:\programy\Winamp\winampa.exeMSConfigStartUp-ZoneAlarm Client - c:\programy\ZoneAlarm\zlclient.exe.------- Skan uzupełniający -------.uStart Page = hxxp://wp.pl/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Wyślij do interfejsu &Bluetooth - c:\programy\Oprogramowanie interfejsu Bluetooth\btsendto_ie_ctx.htmFF - ProfilePath - c:\documents and settings\MARO\Dane aplikacji\Mozilla\Firefox\Profiles\b14ke87f.default\FF - user.js: network.proxy.type - 0FF - user.js: network.proxy.http - FF - user.js: network.proxy.http_port - 0FF - user.js: network.proxy.ssl - FF - user.js: network.proxy.ssl_port - 0FF - user.js: network.proxy.ftp - FF - user.js: network.proxy.ftp_port - 0FF - user.js: network.proxy.gopher - FF - user.js: network.proxy.gopher_port - 0FF - user.js: network.proxy.socks_version - 5FF - user.js: network.proxy.socks - FF - user.js: network.proxy.socks_port - 0FF - prefs.js: browser.startup.homepage - www.wp.plFF - plugin: c:\programy\Mozilla Firefox\plugins\npganymedenet.dllFF - plugin: c:\programy\Opera\program\plugins\npdsplay.dllFF - plugin: c:\programy\Opera\program\plugins\npganymedenet.dllFF - plugin: c:\programy\Opera\program\plugins\nppl3260.dllFF - plugin: c:\programy\Opera\program\plugins\nprpjplug.dllFF - plugin: c:\programy\Opera\program\plugins\NPSWF32.dllFF - plugin: c:\programy\Opera\program\plugins\npwmsdrm.dllFF - plugin: c:\programy\Real Alternative\browser\plugins\nppl3260.dllFF - plugin: c:\programy\Real Alternative\browser\plugins\nprpjplug.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-15 23:41:41Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...HKLM\Software\Microsoft\Windows\CurrentVersion\Run  LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\huadio1]"ImagePath"="\??\c:\huadio.tmp"[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]"ImagePath"="".Czas ukończenia: 2008-12-15 23:42:28ComboFix-quarantined-files.txt  2008-12-15 22:42:14Przed: 16 798 613 504 bajtów wolnychPo: 16,798,543,872 bajtów wolnych311	--- E O F ---	2008-12-11 17:44:09

Z góry dzięki za pomoc :)

Gość
komentarz
komentarz

Wklej do Notatnika:

Driver::zlportioRegistry::[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f27e213c-ae4a-11dc-b5e3-001966057f3d}]

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

Poza tym - czysto. :)

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programy\Visio 2003 PL\OFFICE11\REFIEBAR.DLL (file missing)

Fix.

Marooooo
komentarz
komentarz

Oto log po wykonaniu tej operacji:

ComboFix 08-12-15.01 - MARO 2008-12-16 15:30:19.2 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.2.1250.48.1045.18.2047.1433 [GMT 1:00]Uruchomiony z: c:\documents and settings\MARO\Pulpit\ComboFix.exeUżyto następujących komend :: c:\documents and settings\MARO\Pulpit\CFScript.txt * Utworzono nowy punkt przywracania[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))..(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_ZLPORTIO-------\Service_zlportio(((((((((((((((((((((((((   Pliki utworzone od 2008-11-16 do 2008-12-16  ))))))))))))))))))))))))))))))).2008-12-14 17:36 . 2008-10-10 04:52	4,379,984	--a------	c:\windows\system32\D3DX9_40.dll2008-12-14 17:36 . 2008-10-10 04:52	2,036,576	--a------	c:\windows\system32\D3DCompiler_40.dll2008-12-14 17:36 . 2008-10-27 10:04	514,384	--a------	c:\windows\system32\XAudio2_3.dll2008-12-14 17:36 . 2008-10-10 04:52	452,440	--a------	c:\windows\system32\d3dx10_40.dll2008-12-14 17:36 . 2008-10-27 10:04	235,856	--a------	c:\windows\system32\xactengine3_3.dll2008-12-14 17:36 . 2008-10-27 10:04	70,992	--a------	c:\windows\system32\XAPOFX1_2.dll2008-12-14 17:36 . 2008-10-27 10:04	23,376	--a------	c:\windows\system32\X3DAudio1_5.dll2008-12-14 16:48 . 2008-12-14 16:48	1,700,352	--a------	c:\windows\system32\gdiplus.dll2008-12-10 13:45 . 2008-10-03 11:17	247,326	-----c---	c:\windows\system32\dllcache\strmdll.dll2008-12-06 14:53 . 2008-12-06 14:53	<DIR>	d--------	c:\program files\Microsoft Games for Windows - LIVE2008-12-04 17:46 . 2008-11-10 05:43	410,984	--a------	c:\windows\system32\deploytk.dll2008-11-29 16:29 . 2008-11-29 16:29	<DIR>	d--------	c:\program files\Windows Media Connect 22008-11-29 16:29 . 2006-10-04 15:06	1,197,294	-----c---	c:\windows\system32\dllcache\sysmain.sdb2008-11-29 16:29 . 2006-10-04 15:06	764,868	-----c---	c:\windows\system32\dllcache\apph_sp.sdb2008-11-29 16:29 . 2006-10-04 15:06	217,118	-----c---	c:\windows\system32\dllcache\apphelp.sdb2008-11-29 16:28 . 2008-11-29 16:29	<DIR>	d--------	c:\windows\system32\drivers\UMDF2008-11-23 18:57 . 2008-11-23 18:57	<DIR>	d--------	c:\windows\NV9803532.TMP2008-11-23 18:57 . 2006-07-11 14:38	1,160,448	-ra------	c:\windows\system32\drivers\nvnrm.sys2008-11-23 18:57 . 2006-07-11 14:37	261,632	-ra------	c:\windows\system32\drivers\nvsnpu.sys2008-11-23 18:57 . 2006-06-29 08:40	208,896	--a------	c:\windows\system32\nvunrm.exe2008-11-23 18:57 . 2006-07-11 14:36	201,728	-ra------	c:\windows\system32\fdco1.dll2008-11-23 18:57 . 2006-07-11 14:38	110,592	-ra------	c:\windows\system32\drivers\nvtcp.sys2008-11-23 18:57 . 2006-07-11 14:38	57,856	-ra------	c:\windows\system32\drivers\NVENETFD.sys2008-11-23 18:57 . 2006-06-29 08:40	35,840	-ra------	c:\windows\system32\nvconrm.dll2008-11-23 18:57 . 2006-07-11 14:38	20,480	-ra------	c:\windows\system32\drivers\nvnetbus.sys2008-11-23 18:57 . 2006-07-11 14:36	11,264	-ra------	c:\windows\system32\bdco1.dll2008-11-23 18:57 . 2006-06-01 08:32	3,903	--a------	c:\windows\system32\nvnrm.nvu2008-11-23 18:45 . 2008-11-23 18:45	<DIR>	d--------	c:\windows\nview2008-11-23 18:45 . 2008-11-12 14:54	453,152	--a------	c:\windows\system32\nvudisp.exe2008-11-23 18:45 . 2008-12-15 23:14	203,188	--a------	c:\windows\system32\nvapps.xml2008-11-23 18:45 . 2008-11-12 14:54	18,537	--a------	c:\windows\system32\nvdisp.nvu2008-11-23 18:44 . 2008-11-12 13:45	453,152	--a------	c:\windows\system32\NVUNINST.EXE2008-11-22 23:41 . 1999-04-23 22:22	151,552	--a------	c:\windows\system32\MSOSS.DLL2008-11-19 19:05 . 2008-11-19 19:05	<DIR>	d--------	c:\program files\Common Files\Skype2008-11-19 19:05 . 2008-12-10 21:09	<DIR>	d--------	c:\documents and settings\MARO\Dane aplikacji\skypePM2008-11-19 19:05 . 2008-11-19 19:05	56	--ah-----	c:\windows\system32\ezsidmv.dat2008-11-17 16:09 . 2008-11-17 17:17	<DIR>	d--------	c:\documents and settings\MARO\Dane aplikacji\Sports Interactive2008-11-17 15:57 . 2008-11-17 16:01	<DIR>	d--h-----	c:\program files\Zero G Registry2008-11-17 06:17 . 2008-11-17 06:17	<DIR>	d--h-----	c:\documents and settings\MARO\InstallAnywhere.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-12-16 14:27	---------	d-----w	c:\program files\Lx_cats2008-12-16 00:49	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy2008-12-15 19:00	138,184	----a-w	c:\windows\system32\drivers\PnkBstrK.sys2008-12-15 14:09	---------	d---a-w	c:\documents and settings\All Users\Dane aplikacji\TEMP2008-12-11 21:41	---------	d-----w	c:\documents and settings\MARO\Dane aplikacji\GanymedeNet2008-12-11 16:09	---------	d-----w	c:\program files\Java2008-12-10 20:48	---------	d-----w	c:\documents and settings\MARO\Dane aplikacji\Skype2008-12-08 21:48	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard2008-12-08 12:05	---------	d--h--w	c:\program files\InstallShield Installation Information2008-11-30 18:34	---------	d-----w	c:\documents and settings\MARO\Dane aplikacji\uTorrent2008-11-23 17:46	---------	d-----w	c:\program files\AGEIA Technologies2008-11-19 18:05	---------	d-----w	c:\program files\Skype2008-11-19 18:04	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Skype2008-11-13 15:19	---------	d-----w	c:\documents and settings\MARO\Dane aplikacji\temp2008-11-13 11:59	---------	d-----w	c:\documents and settings\MARO\Dane aplikacji\BlackBean2008-11-12 13:54	6,188,320	----a-w	c:\windows\system32\drivers\nv4_mini.sys2008-11-08 21:00	---------	d-----w	c:\documents and settings\All Users\Dane aplikacji\KONAMI2008-11-04 13:31	---------	d-----w	c:\documents and settings\MARO\Dane aplikacji\MargonemMapki2008-11-03 15:07	---------	d-----w	c:\documents and settings\MARO\Dane aplikacji\Hamachi2008-11-02 10:41	279,712	----a-w	c:\windows\system32\drivers\atksgt.sys2008-11-02 10:41	25,888	----a-w	c:\windows\system32\drivers\lirsgt.sys2008-10-31 21:25	---------	d-----w	c:\program files\MSXML 6.02008-10-30 15:32	---------	d-----w	c:\program files\MSBuild2008-10-30 15:29	---------	d-----w	c:\program files\Reference Assemblies2008-10-24 11:10	453,632	----a-w	c:\windows\system32\drivers\mrxsmb.sys2008-10-04 12:34	22,328	----a-w	c:\documents and settings\MARO\Dane aplikacji\PnkBstrK.sys2008-09-20 20:01	48,397	----a-w	c:\windows\UninstVeetleTVPlayer.exe1999-05-17 11:58	99,840	----a-w	c:\program files\Common Files\IRAABOUT.DLL1998-12-09 00:53	70,144	----a-w	c:\program files\Common Files\IRAMDMTR.DLL1998-12-09 00:53	48,640	----a-w	c:\program files\Common Files\IRALPTTR.DLL1998-12-09 00:53	31,744	----a-w	c:\program files\Common Files\IRAWEBTR.DLL1998-12-09 00:53	186,368	----a-w	c:\program files\Common Files\IRAREG.DLL1998-12-09 00:53	17,920	----a-w	c:\program files\Common Files\IRASRIAL.DLL2006-05-03 09:06	163,328	--sh--r	c:\windows\system32\flvDX.dll2007-02-21 10:47	31,232	--sh--r	c:\windows\system32\msfDX.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DAEMON Tools Pro Agent"="c:\programy\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]"SpybotSD TeaTimer"="c:\programy\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"avast!"="c:\programy\Avast4\ashDisp.exe" [2008-11-26 81000]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-05-16 86960]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]"Nokia.PCSync"="c:\programy\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]c:\documents and settings\MARO\Menu Start\Programy\Autostart\Skr˘t do konnekt.lnk - c:\programy\Konnekt\konnekt.exe [2005-05-24 503808]Skr˘t do PWRISOVM.lnk - c:\programy\PowerISO\PWRISOVM.EXE [2006-03-18 184320][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.I420"= i420vfw.dll"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BTTray.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\BTTray.lnkbackup=c:\windows\pss\BTTray.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Privoxy.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Privoxy.lnkbackup=c:\windows\pss\Privoxy.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^MARO^Menu Start^Programy^Autostart^RocketDock.lnk]path=c:\documents and settings\MARO\Menu Start\Programy\Autostart\RocketDock.lnkbackup=c:\windows\pss\RocketDock.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^MARO^Menu Start^Programy^Autostart^Skrót do PWRISOVM.lnk]path=c:\documents and settings\MARO\Menu Start\Programy\Autostart\Skrót do PWRISOVM.lnkbackup=c:\windows\pss\Skrót do PWRISOVM.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^MARO^Menu Start^Programy^Autostart^UberIcon.lnk]path=c:\documents and settings\MARO\Menu Start\Programy\Autostart\UberIcon.lnkbackup=c:\windows\pss\UberIcon.lnkStartup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]c:\windows\system32\dumprep 0 -k [X][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer]--a------ 2005-12-06 12:08 20480 c:\windows\CameraFixer.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]--a------ 2006-03-02 13:00 15360 c:\windows\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]--a------ 2003-03-24 17:38 1443328 c:\programy\EdHTMLv5.0\EdHTML.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]--a------ 2005-05-24 22:41 503808 c:\programy\Konnekt\konnekt.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]--a------ 2007-03-06 17:48 488984 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]--a------ 2007-03-06 17:58 1060376 c:\programy\WebCam10\WebCam10.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]--a------ 2008-11-12 14:54 13672448 c:\windows\system32\nvcpl.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]--a------ 2008-11-12 14:54 86016 c:\windows\system32\nvmctray.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]--a------ 2007-06-18 15:10 271360 c:\programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]--a------ 2007-09-25 18:33 98304 c:\program files\QuickTime\qttask.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]--a------ 2005-10-11 12:54 339968 c:\windows\vsnpstd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]-rahs---- 2008-09-16 11:16 1833296 c:\programy\Spybot - Search & Destroy\TeaTimer.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2007-09-25 01:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]--a------ 2008-11-12 14:54 1630208 c:\windows\system32\nwiz.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]-r------- 2006-06-01 09:48 16208384 c:\windows\RTHDCPL.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]-r------- 2006-05-16 11:04 2879488 c:\windows\SkyTel.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\WINDOWS\\system32\\sessmgr.exe"="c:\\Programy\\Gadu-Gadu\\gg.exe"="c:\\Programy\\NAPI-PROJEKT\\napisy.exe"="c:\\Programy\\Konnekt\\konnekt.exe"="c:\\Program Files\\uTorrent\\uTorrent.exe"="c:\\Programy\\BearShare\\BearShare.exe"="d:\\GRY\\Counter-Strike Source\\hl2.exe"="c:\\WINDOWS\\system32\\PnkBstrA.exe"="c:\\WINDOWS\\system32\\PnkBstrB.exe"="d:\\GRY\\TrackMania Nations ESWC\\TmNationsESWC.exe"="d:\\GRY\\TOCA 2 Touring Car\\Game\\TC2.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\WINDOWS\\system32\\dpnsvr.exe"="c:\\usr\\apache\\Apache.exe"="c:\\usr\\SMTP Server\\localsrv.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Programy\\MoorHunt\\MoorHunt.exe"="c:\\Programy\\Ygoow\\Ygoow.exe"="c:\\Programy\\SopCast\\SopCast.exe"="c:\\Programy\\SopCast\\adv\\SopAdver.exe"="c:\\Programy\\Mozilla Firefox\\firefox.exe"="c:\\xampp\\apache\\bin\\apache.exe"="d:\\GRY\\UT\\System\\UnrealTournament.exe"="d:\\GRY\\rFactor\\rFactor.exe"="c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"="c:\\WINDOWS\\system32\\java.exe"="d:\\GRY\\PES 09\\pes2009.exe"="d:\\GRY\\DiRT\\DiRT.exe"="d:\\GRY\\RGSC\\Rockstar Games Social Club\\RGSCLauncher.exe"="d:\\GRY\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="d:\\GRY\\Crysis\\Bin32\\Crysis.exe"="d:\\GRY\\LFS net\\LFS.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3478:UDP"= 3478:UDP:stun"3479:UDP"= 3479:UDP:stun 2"6112:UDP"= 6112:UDP:stun 3"5730:UDP"= 5730:UDP:game"5739:UDP"= 5739:UDP:game 1"9001:TCP"= 9001:TCP:game 2"11881:TCP"= 11881:TCP:game 3R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-03-31 111184]R2 Apache2.2;Apache2.2;"c:\xampp\apache\bin\apache.exe" -k runservice [2008-06-14 17408]R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-03-31 20560]R2 ETDrv;ETDrv;c:\windows\system32\drivers\ETDrv.sys [2007-09-02 39880]S2 ODSP Host;ODSP Host Service;c:\programy\ODSP\ODSPHost_NT.exe []S3 huadio1;huadio1;\??\c:\huadio.tmp []S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\DRIVERS\libusb0.sys [2008-09-20 29184]S3 RT2400PCI;802.11b WLAN PCI;c:\windows\system32\DRIVERS\RT2400.sys [2007-08-20 61056].- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe.------- Skan uzupełniający -------.uStart Page = hxxp://wp.pl/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: Wyślij do interfejsu &Bluetooth - c:\programy\Oprogramowanie interfejsu Bluetooth\btsendto_ie_ctx.htmFF - ProfilePath - c:\documents and settings\MARO\Dane aplikacji\Mozilla\Firefox\Profiles\b14ke87f.default\FF - user.js: network.proxy.type - 0FF - user.js: network.proxy.http - FF - user.js: network.proxy.http_port - 0FF - user.js: network.proxy.ssl - FF - user.js: network.proxy.ssl_port - 0FF - user.js: network.proxy.ftp - FF - user.js: network.proxy.ftp_port - 0FF - user.js: network.proxy.gopher - FF - user.js: network.proxy.gopher_port - 0FF - user.js: network.proxy.socks_version - 5FF - user.js: network.proxy.socks - FF - user.js: network.proxy.socks_port - 0FF - prefs.js: browser.startup.homepage - www.wp.plFF - plugin: c:\programy\Mozilla Firefox\plugins\npganymedenet.dllFF - plugin: c:\programy\Opera\program\plugins\npdsplay.dllFF - plugin: c:\programy\Opera\program\plugins\npganymedenet.dllFF - plugin: c:\programy\Opera\program\plugins\nppl3260.dllFF - plugin: c:\programy\Opera\program\plugins\nprpjplug.dllFF - plugin: c:\programy\Opera\program\plugins\NPSWF32.dllFF - plugin: c:\programy\Opera\program\plugins\npwmsdrm.dllFF - plugin: c:\programy\Real Alternative\browser\plugins\nppl3260.dllFF - plugin: c:\programy\Real Alternative\browser\plugins\nprpjplug.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-12-16 15:34:01Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...HKLM\Software\Microsoft\Windows\CurrentVersion\Run  LXCGCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\huadio1]"ImagePath"="\??\c:\huadio.tmp"[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]"ImagePath"="".------------------------ Pozostałe uruchomione procesy ------------------------.c:\programy\Avast4\aswUpdSv.exec:\programy\Avast4\ashServ.exec:\windows\system32\rundll32.exec:\program files\Bonjour\mDNSResponder.exec:\programy\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exec:\program files\Java\jre6\bin\jqs.exec:\xampp\mysql\bin\mysqld-nt.exec:\windows\system32\nvsvc32.exec:\windows\system32\PnkBstrA.exec:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exec:\programy\Avast4\ashMaiSv.exec:\programy\Avast4\ashWebSv.exe.**************************************************************************.Czas ukończenia: 2008-12-16 15:36:09 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt  2008-12-16 14:36:06Przed: 16 779 317 248 bajtów wolnychPo: 16,680,267,776 bajtów wolnych292	--- E O F ---	2008-12-11 17:44:09
Mateusz J.
komentarz
komentarz

Log czysty.

Marooooo
komentarz
komentarz

Ok.

Wielkie dzięki :)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.