syf na kompie- proszę o sprawdzenie loga

[Robert]

Syf na kompie- Proszę o sprawdzenie loga
antywirus jak i ewido zatrzymują się po zeskanowaniu dysku C a ja mam 4partycje
wyskakują powiadomienia o trojanach od AVG IS
w WWDC wszsytko jest na zielono
Log z combofix bo HJ się zacina i nie da się go wyłącz\yć tylko restart pomaga:

Kod: Zaznacz wszystko

"Robert" - 2007-06-27 20:34:59 - ComboFix 07-06-27.7 - Dodatek Service Pack 2  NTFS 


((((((((((((((((((((((((((((((((((((((((((((   V Log   )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\winxtx32.dll
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\iifdday.dll


* * *  POST RUN FILES/FOLDERS  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\3_exception.nls
C:\WINDOWS\system32\xpdx.sys


(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\asc3550u
-------\DomainService
-------\runtime


(((((((((((((((((((((((((   Files Created from 2007-05-27 to 2007-06-27  )))))))))))))))))))))))))))))))


2007-06-27 20:34   49,152   --a------   C:\WINDOWS\nircmd.exe
2007-06-27 20:33   33,536   --a------   C:\WINDOWS\system32\drivers\runtime2.sys
2007-06-27 08:44   128,576   --a------   C:\WINDOWS\system32\ckootvne.dll
2007-06-27 08:38   66,112   --a------   C:\WINDOWS\system32\wqsfjltf.dll
2007-06-26 19:07   19,968   --a------   C:\qcwrp.exe
2007-06-26 19:07   1,536   --a------   C:\bwarny.exe
2007-06-26 15:54   <DIR>   d--hs----   C:\WINDOWS\ftpcache
2007-06-24 21:18   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\Command & Conquer 3 Tiberium Wars
2007-06-24 14:33   6,928   --a------   C:\WINDOWS\system32\d3d9caps.dat
2007-06-24 14:13   86,016   --a------   C:\WINDOWS\system32\OpenAL32.dll
2007-06-24 14:13   5,632   --a------   C:\WINDOWS\system32\drivers\Entech64.sys
2007-06-24 14:13   3,972   --a------   C:\WINDOWS\system32\drivers\PciBus.sys
2007-06-24 14:13   262,144   --a------   C:\WINDOWS\system32\wrap_oal.dll
2007-06-24 14:13   21,664   --a------   C:\WINDOWS\system32\drivers\Entech.sys
2007-06-24 14:13   <DIR>   d--------   C:\WINDOWS\system32\Futuremark
2007-06-24 14:12   <DIR>   d--------   C:\Program Files\Futuremark
2007-06-24 14:11   604,908,520   --a------   C:\3DMark06_v102_installer.exe
2007-06-24 12:41   8,704   --a------   C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-06-24 12:41   4,608   --a------   C:\WINDOWS\system32\nmwcdlog.dll
2007-06-24 12:41   30,720   --a------   C:\WINDOWS\system32\nmwcdcocls.dll
2007-06-24 12:41   13,312   --a------   C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-06-24 12:41   13,312   --a------   C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-06-24 12:41   127,488   --a------   C:\WINDOWS\system32\drivers\nmwcd.sys
2007-06-24 12:41   <DIR>   d--------   C:\Program Files\Nokia
2007-06-24 12:41   <DIR>   d--------   C:\Program Files\Common Files\PCSuite
2007-06-24 12:41   <DIR>   d--------   C:\Program Files\Common Files\Nokia
2007-06-23 15:14   831,048   --a------   C:\WINDOWS\system32\WudfUpdate_01005.dll
2007-06-23 15:13   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Installations
2007-06-22 22:53   <DIR>   d--------   C:\Program Files\Last.fm
2007-06-22 15:55   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\Skype
2007-06-22 15:48   <DIR>   d--------   C:\Program Files\Skype
2007-06-22 15:48   <DIR>   d--------   C:\Program Files\Common Files\Skype
2007-06-22 15:48   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Skype
2007-06-21 20:28   5,632   --a------   C:\WINDOWS\system32\ptpusb.dll
2007-06-21 20:28   159,232   --a------   C:\WINDOWS\system32\ptpusd.dll
2007-06-21 20:28   15,104   --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2007-06-21 19:22   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\FLEXnet
2007-06-21 19:19   <DIR>   d--------   C:\Program Files\Bonjour
2007-06-21 19:12   <DIR>   d--------   C:\Program Files\Common Files\Macrovision Shared
2007-06-20 17:40   <DIR>   d--------   C:\Program Files\eMule
2007-06-19 21:33   <DIR>   d-a------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\TEMP
2007-06-19 21:33   <DIR>   d--------   C:\Fraps
2007-06-19 17:39   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\Ahead
2007-06-19 17:37   <DIR>   d--------   C:\Program Files\Nero
2007-06-19 17:37   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2007-06-18 18:07   <DIR>   d--------   C:\Program Files\FLVPlayer
2007-06-18 18:06   <DIR>   d--------   C:\Downloads
2007-06-18 18:06   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\GetRightToGo
2007-06-18 16:22   135,168   --a------   C:\WINDOWS\system32\DSKernel2.dll
2007-06-18 16:22   1,936,528   --a------   C:\WINDOWS\system32\ltmm15.dll
2007-06-18 16:21   737,280   --a------   C:\WINDOWS\iun6002.exe
2007-06-18 16:21   <DIR>   d--------   C:\Program Files\Replay Converter
2007-06-17 16:06   14,848   --a------   C:\WINDOWS\system32\drivers\kbdhid.sys
2007-06-17 16:06   12,160   --a------   C:\WINDOWS\system32\drivers\mouhid.sys
2007-06-17 16:05   <DIR>   d--------   C:\Program Files\Logitech
2007-06-17 16:05   <DIR>   d--------   C:\Program Files\Common Files\Logitech
2007-06-17 15:11   <DIR>   d--------   C:\Program Files\DAEMON Tools
2007-06-16 14:09   81,768   --a------   C:\WINDOWS\system32\xinput1_3.dll
2007-06-16 14:09   443,752   --a------   C:\WINDOWS\system32\d3dx10_33.dll
2007-06-16 14:09   3,495,784   --a------   C:\WINDOWS\system32\d3dx9_33.dll
2007-06-16 14:09   3,426,072   --a------   C:\WINDOWS\system32\d3dx9_32.dll
2007-06-16 14:09   261,480   --a------   C:\WINDOWS\system32\xactengine2_7.dll
2007-06-16 14:09   255,848   --a------   C:\WINDOWS\system32\xactengine2_6.dll
2007-06-16 14:09   251,672   --a------   C:\WINDOWS\system32\xactengine2_5.dll
2007-06-16 14:09   237,848   --a------   C:\WINDOWS\system32\xactengine2_4.dll
2007-06-16 14:09   15,128   --a------   C:\WINDOWS\system32\x3daudio1_1.dll
2007-06-16 14:09   1,123,696   --a------   C:\WINDOWS\system32\D3DCompiler_33.dll
2007-06-16 14:08   62,744   --a------   C:\WINDOWS\system32\xinput1_2.dll
2007-06-16 14:08   236,824   --a------   C:\WINDOWS\system32\xactengine2_3.dll
2007-06-16 14:08   2,414,360   --a------   C:\WINDOWS\system32\d3dx9_31.dll
2007-06-15 23:18   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-06-15 23:18   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\Apple Computer
2007-06-15 23:18   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple
2007-06-15 21:54   <DIR>   d--------   C:\Program Files\FreshDevices
2007-06-14 21:09   23,936   --a------   C:\WINDOWS\system32\drivers\Dot4usb.sys
2007-06-14 21:09   207,360   --a------   C:\WINDOWS\system32\drivers\Dot4.sys
2007-06-14 21:09   12,928   --a------   C:\WINDOWS\system32\drivers\Dot4Prt.sys
2007-06-14 09:31   <DIR>   d--------   C:\DOCUME~1\Robert\Phone Browser
2007-06-14 09:31   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\Datalayer
2007-06-14 09:29   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\Nokia
2007-06-14 09:28   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2007-06-14 09:28   <DIR>   d--------   C:\Program Files\DIFX
2007-06-14 09:28   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\PC Suite
2007-06-14 09:28   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\PC Suite
2007-06-14 09:27   50,688   --a------   C:\WINDOWS\system32\nmwcdcls.dll
2007-06-14 09:27   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Downloaded Installations
2007-06-14 09:24   <DIR>   d--------   C:\Program Files\Lonely Cat Games
2007-06-14 09:24   <DIR>   d--------   C:\divx
2007-06-13 21:10   <DIR>   d--------   C:\Recovered Files
2007-06-13 19:33   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\OpenOffice.org2
2007-06-13 19:19   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\Azureus
2007-06-13 19:15   <DIR>   d--------   C:\Program Files\Azureus
2007-06-13 16:28   2,297,552   --a------   C:\WINDOWS\system32\d3dx9_26.dll
2007-06-13 14:55   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\DivX
2007-06-13 14:15   36,624   ---------   C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-06-13 14:15   2,560   ---------   C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-06-13 14:15   2,432   ---------   C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-13 14:15   129,784   ---------   C:\WINDOWS\system32\pxafs.dll
2007-06-13 14:15   118,520   ---------   C:\WINDOWS\system32\pxinsi64.exe
2007-06-13 14:15   116,472   ---------   C:\WINDOWS\system32\pxcpyi64.exe


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-13 11:02:18   49,712   ----a-w   C:\WINDOWS\system32\perfc015.dat
2007-06-13 11:02:18   355,830   ----a-w   C:\WINDOWS\system32\perfh015.dat
2007-06-12 19:35:51   --------   d-----w   C:\Program Files\Usługi online
2007-04-25 14:23:30   144,896   ----a-w   C:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29   3,596,288   ----a-w   C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18   200,704   ----a-w   C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18   1,044,480   ----a-w   C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34   73,728   ----a-w   C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34   196,608   ----a-w   C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33   53,248   ----a-w   C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31   593,920   ----a-w   C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31   57,344   ----a-w   C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31   344,064   ----a-w   C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31   294,912   ----a-w   C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31   294,912   ----a-w   C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47   12,288   ----a-w   C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46   124,472   ----a-w   C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-19 11:26:00   888,832   ----a-w   C:\WINDOWS\system32\nvmobls.dll
2007-04-19 11:26:00   794,624   ----a-w   C:\WINDOWS\system32\nvcplui.exe
2007-04-19 11:26:00   5,619,712   ----a-w   C:\WINDOWS\system32\nvdisps.dll
2007-04-19 11:26:00   5,255,168   ----a-w   C:\WINDOWS\system32\nvdispsr.dll
2007-04-19 11:26:00   458,752   ----a-w   C:\WINDOWS\system32\nvmccssr.dll
2007-04-19 11:26:00   45,056   ----a-w   C:\WINDOWS\system32\nvmccsrs.dll
2007-04-19 11:26:00   323,584   ----a-w   C:\WINDOWS\system32\nvwrspt.dll
2007-04-19 11:26:00   323,584   ----a-w   C:\WINDOWS\system32\nvwrsit.dll
2007-04-19 11:26:00   319,488   ----a-w   C:\WINDOWS\system32\nvwrsptb.dll
2007-04-19 11:26:00   319,488   ----a-w   C:\WINDOWS\system32\nvwrsnl.dll
2007-04-19 11:26:00   315,392   ----a-w   C:\WINDOWS\system32\nvwrsru.dll
2007-04-19 11:26:00   315,392   ----a-w   C:\WINDOWS\system32\nvwrshu.dll
2007-04-19 11:26:00   311,296   ----a-w   C:\WINDOWS\system32\nvexpbar.dll
2007-04-19 11:26:00   303,104   ----a-w   C:\WINDOWS\system32\nvwrstr.dll
2007-04-19 11:26:00   303,104   ----a-w   C:\WINDOWS\system32\nvwrssl.dll
2007-04-19 11:26:00   3,203,072   ----a-w   C:\WINDOWS\system32\nvgamesr.dll
2007-04-19 11:26:00   3,035,136   ----a-w   C:\WINDOWS\system32\nvgames.dll
2007-04-19 11:26:00   299,008   ----a-w   C:\WINDOWS\system32\nvwrssk.dll
2007-04-19 11:26:00   299,008   ----a-w   C:\WINDOWS\system32\nvwrsno.dll
2007-04-19 11:26:00   294,912   ----a-w   C:\WINDOWS\system32\nvwrssv.dll
2007-04-19 11:26:00   294,912   ----a-w   C:\WINDOWS\system32\nvwrspl.dll
2007-04-19 11:26:00   274,432   ----a-w   C:\WINDOWS\system32\nvrsit.dll
2007-04-19 11:26:00   266,240   ----a-w   C:\WINDOWS\system32\nvrspt.dll
2007-04-19 11:26:00   266,240   ----a-w   C:\WINDOWS\system32\nvrsnl.dll
2007-04-19 11:26:00   262,144   ----a-w   C:\WINDOWS\system32\nvrsru.dll
2007-04-19 11:26:00   262,144   ----a-w   C:\WINDOWS\system32\nvrsptb.dll
2007-04-19 11:26:00   262,144   ----a-w   C:\WINDOWS\system32\nvrsja.dll
2007-04-19 11:26:00   258,048   ----a-w   C:\WINDOWS\system32\nvrsko.dll
2007-04-19 11:26:00   253,952   ----a-w   C:\WINDOWS\system32\nvrshu.dll
2007-04-19 11:26:00   249,856   ----a-w   C:\WINDOWS\system32\nvrstr.dll
2007-04-19 11:26:00   249,856   ----a-w   C:\WINDOWS\system32\nvrssl.dll
2007-04-19 11:26:00   249,856   ----a-w   C:\WINDOWS\system32\nvrssk.dll
2007-04-19 11:26:00   249,856   ----a-w   C:\WINDOWS\system32\nvrspl.dll
2007-04-19 11:26:00   249,856   ----a-w   C:\WINDOWS\system32\nvrsno.dll
2007-04-19 11:26:00   245,760   ----a-w   C:\WINDOWS\system32\nvrssv.dll
2007-04-19 11:26:00   229,376   ----a-w   C:\WINDOWS\system32\nvmccs.dll
2007-04-19 11:26:00   221,184   ----a-w   C:\WINDOWS\system32\nvrszhc.dll
2007-04-19 11:26:00   212,992   ----a-w   C:\WINDOWS\system32\nvwrsja.dll
2007-04-19 11:26:00   212,992   ----a-w   C:\WINDOWS\system32\nvapi.dll
2007-04-19 11:26:00   2,973,696   ----a-w   C:\WINDOWS\system32\nvvitvsr.dll
2007-04-19 11:26:00   2,924,544   ----a-w   C:\WINDOWS\system32\nvvitvs.dll
2007-04-19 11:26:00   2,859,008   ----a-w   C:\WINDOWS\system32\nvmoblsr.dll
2007-04-19 11:26:00   196,608   ----a-w   C:\WINDOWS\system32\nvwrsko.dll
2007-04-19 11:26:00   188,416   ----a-w   C:\WINDOWS\system32\nvmccss.dll
2007-04-19 11:26:00   167,936   ----a-w   C:\WINDOWS\system32\nvwrszht.dll
2007-04-19 11:26:00   163,840   ----a-w   C:\WINDOWS\system32\nvwrszhc.dll
2007-04-19 11:26:00   118,784   ----a-w   C:\WINDOWS\system32\nvrszht.dll
2007-04-19 11:26:00   1,732,608   ----a-w   C:\WINDOWS\system32\nvwssr.dll
2007-04-19 11:26:00   1,236,992   ----a-w   C:\WINDOWS\system32\nvwss.dll
2007-04-19 11:26:00   1,011,712   ----a-w   C:\WINDOWS\system32\nvcpluir.dll
2007-04-18 16:14:32   2,854,400   ----a-w   C:\WINDOWS\system32\msi.dll
2007-04-16 20:45:28   92,504   ----a-w   C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20   43,352   ----a-w   C:\WINDOWS\system32\wups2.dll


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"Skrót do strony właściwości High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-24 04:27 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-25 02:20 C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [2004-09-24 06:44 C:\WINDOWS\ALCMTR.EXE]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 19:07]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-12 22:23]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NWEReboot"="" []
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"NvMediaCenter"="NvMCTray.dll" [2007-04-19 13:26 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"Start WingMan Profiler"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 11:06]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-06-08 15:18]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll


Contents of the 'Scheduled Tasks' folder
2007-06-27 08:20:07  C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-27 20:40:16
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"Skrót do strony wlasciwosci High Definition Audio"="HDAudPropShortcut.exe"

Completion time: 2007-06-27 20:41:25 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-27 20:41

   --- E O F ---



dodam jeszcze że przy zamykaniu windowsa wysakkuje an chwile jakiś błąd i pozostaje on na tki krótki czas że nie jestem w stanie go przeczytac ;/

[wojtas]

Pobierz i uruchom narzędzie : The Avenger
http://swandog46.geekstogo.com/avenger.zip
Zaznacz opcję Input script manually i kliknij na Lupkę z prawej strony. W okienku, które się otworzy wklejasz:

Files to delete:

C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\ckootvne.dll
C:\WINDOWS\system32\wqsfjltf.dll
C:\qcwrp.exe
C:\bwarny.exe
C:\WINDOWS\system32\winxtx32.dll
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.bak2
C:\WINDOWS\system32\efhkj.ini
C:\WINDOWS\system32\jkhfe.dll
C:\WINDOWS\system32\iifdday.dll


Registry keys to delete:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf

Klikasz Done, a następnie zielone światełko i zgadzasz się na restart klikając OK.
Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt + log z combofixa + silenta

[Robert]

Avenger

Kod: Zaznacz wszystko

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\yfjblswq

*******************

Script file located at: \??\C:\WINDOWS\lnhxirdm.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\drivers\runtime2.sys deleted successfully.
File C:\WINDOWS\system32\ckootvne.dll deleted successfully.
File C:\WINDOWS\system32\wqsfjltf.dll deleted successfully.


File C:\qcwrp.exe not found!
Deletion of file C:\qcwrp.exe failed!

Could not process line:
C:\qcwrp.exe
Status: 0xc0000034

File C:\bwarny.exe deleted successfully.


File C:\WINDOWS\system32\winxtx32.dll not found!
Deletion of file C:\WINDOWS\system32\winxtx32.dll failed!

Could not process line:
C:\WINDOWS\system32\winxtx32.dll
Status: 0xc0000034



File C:\WINDOWS\system32\efhkj.bak1 not found!
Deletion of file C:\WINDOWS\system32\efhkj.bak1 failed!

Could not process line:
C:\WINDOWS\system32\efhkj.bak1
Status: 0xc0000034



File C:\WINDOWS\system32\efhkj.bak2 not found!
Deletion of file C:\WINDOWS\system32\efhkj.bak2 failed!

Could not process line:
C:\WINDOWS\system32\efhkj.bak2
Status: 0xc0000034



File C:\WINDOWS\system32\efhkj.ini not found!
Deletion of file C:\WINDOWS\system32\efhkj.ini failed!

Could not process line:
C:\WINDOWS\system32\efhkj.ini
Status: 0xc0000034



File C:\WINDOWS\system32\jkhfe.dll not found!
Deletion of file C:\WINDOWS\system32\jkhfe.dll failed!

Could not process line:
C:\WINDOWS\system32\jkhfe.dll
Status: 0xc0000034



File C:\WINDOWS\system32\iifdday.dll not found!
Deletion of file C:\WINDOWS\system32\iifdday.dll failed!

Could not process line:
C:\WINDOWS\system32\iifdday.dll
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.

Comfofix:

Kod: Zaznacz wszystko

"Robert" - 2007-06-27 22:06:13 - ComboFix 07-06-27.7 - Dodatek Service Pack 2  NTFS 


(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\0_exception.nls


(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_RUNTIME
-------\LEGACY_RUNTIME2
-------\runtime


(((((((((((((((((((((((((   Files Created from 2007-05-27 to 2007-06-27  )))))))))))))))))))))))))))))))


2007-06-27 22:06   33,536   --a------   C:\WINDOWS\system32\drivers\runtime2.sys
2007-06-27 20:42   29,056   --a------   C:\WINDOWS\system32\drivers\ip6fw.sys
2007-06-27 20:34   49,152   --a------   C:\WINDOWS\nircmd.exe
2007-06-26 15:54   <DIR>   d--hs----   C:\WINDOWS\ftpcache
2007-06-24 21:18   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\Command & Conquer 3 Tiberium Wars
2007-06-24 14:33   6,928   --a------   C:\WINDOWS\system32\d3d9caps.dat
2007-06-24 14:13   86,016   --a------   C:\WINDOWS\system32\OpenAL32.dll
2007-06-24 14:13   5,632   --a------   C:\WINDOWS\system32\drivers\Entech64.sys
2007-06-24 14:13   3,972   --a------   C:\WINDOWS\system32\drivers\PciBus.sys
2007-06-24 14:13   262,144   --a------   C:\WINDOWS\system32\wrap_oal.dll
2007-06-24 14:13   21,664   --a------   C:\WINDOWS\system32\drivers\Entech.sys
2007-06-24 14:13   <DIR>   d--------   C:\WINDOWS\system32\Futuremark
2007-06-24 14:12   <DIR>   d--------   C:\Program Files\Futuremark
2007-06-24 14:11   604,908,520   --a------   C:\3DMark06_v102_installer.exe
2007-06-24 12:41   8,704   --a------   C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-06-24 12:41   4,608   --a------   C:\WINDOWS\system32\nmwcdlog.dll
2007-06-24 12:41   30,720   --a------   C:\WINDOWS\system32\nmwcdcocls.dll
2007-06-24 12:41   13,312   --a------   C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-06-24 12:41   13,312   --a------   C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-06-24 12:41   127,488   --a------   C:\WINDOWS\system32\drivers\nmwcd.sys
2007-06-24 12:41   <DIR>   d--------   C:\Program Files\Nokia
2007-06-24 12:41   <DIR>   d--------   C:\Program Files\Common Files\PCSuite
2007-06-24 12:41   <DIR>   d--------   C:\Program Files\Common Files\Nokia
2007-06-23 15:14   831,048   --a------   C:\WINDOWS\system32\WudfUpdate_01005.dll
2007-06-23 15:13   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Installations
2007-06-22 22:53   <DIR>   d--------   C:\Program Files\Last.fm
2007-06-22 15:55   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\Skype
2007-06-22 15:48   <DIR>   d--------   C:\Program Files\Skype
2007-06-22 15:48   <DIR>   d--------   C:\Program Files\Common Files\Skype
2007-06-22 15:48   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Skype
2007-06-21 20:28   5,632   --a------   C:\WINDOWS\system32\ptpusb.dll
2007-06-21 20:28   159,232   --a------   C:\WINDOWS\system32\ptpusd.dll
2007-06-21 20:28   15,104   --a------   C:\WINDOWS\system32\drivers\usbscan.sys
2007-06-21 19:22   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\FLEXnet
2007-06-21 19:19   <DIR>   d--------   C:\Program Files\Bonjour
2007-06-21 19:12   <DIR>   d--------   C:\Program Files\Common Files\Macrovision Shared
2007-06-20 17:40   <DIR>   d--------   C:\Program Files\eMule
2007-06-19 21:33   <DIR>   d-a------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\TEMP
2007-06-19 21:33   <DIR>   d--------   C:\Fraps
2007-06-19 17:39   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\Ahead
2007-06-19 17:37   <DIR>   d--------   C:\Program Files\Nero
2007-06-19 17:37   <DIR>   d--------   C:\Program Files\Common Files\Ahead
2007-06-18 18:07   <DIR>   d--------   C:\Program Files\FLVPlayer
2007-06-18 18:06   <DIR>   d--------   C:\Downloads
2007-06-18 18:06   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\GetRightToGo
2007-06-18 16:22   135,168   --a------   C:\WINDOWS\system32\DSKernel2.dll
2007-06-18 16:22   1,936,528   --a------   C:\WINDOWS\system32\ltmm15.dll
2007-06-18 16:21   737,280   --a------   C:\WINDOWS\iun6002.exe
2007-06-18 16:21   <DIR>   d--------   C:\Program Files\Replay Converter
2007-06-17 16:06   14,848   --a------   C:\WINDOWS\system32\drivers\kbdhid.sys
2007-06-17 16:06   12,160   --a------   C:\WINDOWS\system32\drivers\mouhid.sys
2007-06-17 16:05   <DIR>   d--------   C:\Program Files\Logitech
2007-06-17 16:05   <DIR>   d--------   C:\Program Files\Common Files\Logitech
2007-06-17 15:11   <DIR>   d--------   C:\Program Files\DAEMON Tools
2007-06-16 14:09   81,768   --a------   C:\WINDOWS\system32\xinput1_3.dll
2007-06-16 14:09   443,752   --a------   C:\WINDOWS\system32\d3dx10_33.dll
2007-06-16 14:09   3,495,784   --a------   C:\WINDOWS\system32\d3dx9_33.dll
2007-06-16 14:09   3,426,072   --a------   C:\WINDOWS\system32\d3dx9_32.dll
2007-06-16 14:09   261,480   --a------   C:\WINDOWS\system32\xactengine2_7.dll
2007-06-16 14:09   255,848   --a------   C:\WINDOWS\system32\xactengine2_6.dll
2007-06-16 14:09   251,672   --a------   C:\WINDOWS\system32\xactengine2_5.dll
2007-06-16 14:09   237,848   --a------   C:\WINDOWS\system32\xactengine2_4.dll
2007-06-16 14:09   15,128   --a------   C:\WINDOWS\system32\x3daudio1_1.dll
2007-06-16 14:09   1,123,696   --a------   C:\WINDOWS\system32\D3DCompiler_33.dll
2007-06-16 14:08   62,744   --a------   C:\WINDOWS\system32\xinput1_2.dll
2007-06-16 14:08   236,824   --a------   C:\WINDOWS\system32\xactengine2_3.dll
2007-06-16 14:08   2,414,360   --a------   C:\WINDOWS\system32\d3dx9_31.dll
2007-06-15 23:18   <DIR>   d--------   C:\Program Files\Apple Software Update
2007-06-15 23:18   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\Apple Computer
2007-06-15 23:18   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple
2007-06-15 21:54   <DIR>   d--------   C:\Program Files\FreshDevices
2007-06-14 21:09   23,936   --a------   C:\WINDOWS\system32\drivers\Dot4usb.sys
2007-06-14 21:09   207,360   --a------   C:\WINDOWS\system32\drivers\Dot4.sys
2007-06-14 21:09   12,928   --a------   C:\WINDOWS\system32\drivers\Dot4Prt.sys
2007-06-14 09:31   <DIR>   d--------   C:\DOCUME~1\Robert\Phone Browser
2007-06-14 09:31   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\Datalayer
2007-06-14 09:29   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\Nokia
2007-06-14 09:28   <DIR>   d----c---   C:\WINDOWS\system32\DRVSTORE
2007-06-14 09:28   <DIR>   d--------   C:\Program Files\DIFX
2007-06-14 09:28   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\PC Suite
2007-06-14 09:28   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\PC Suite
2007-06-14 09:27   50,688   --a------   C:\WINDOWS\system32\nmwcdcls.dll
2007-06-14 09:27   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\DANEAP~1\Downloaded Installations
2007-06-14 09:24   <DIR>   d--------   C:\Program Files\Lonely Cat Games
2007-06-14 09:24   <DIR>   d--------   C:\divx
2007-06-13 21:10   <DIR>   d--------   C:\Recovered Files
2007-06-13 19:33   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\OpenOffice.org2
2007-06-13 19:19   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\Azureus
2007-06-13 19:15   <DIR>   d--------   C:\Program Files\Azureus
2007-06-13 16:28   2,297,552   --a------   C:\WINDOWS\system32\d3dx9_26.dll
2007-06-13 14:55   <DIR>   d--------   C:\DOCUME~1\Robert\DANEAP~1\DivX
2007-06-13 14:15   36,624   ---------   C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-06-13 14:15   2,560   ---------   C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-06-13 14:15   2,432   ---------   C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-06-13 14:15   129,784   ---------   C:\WINDOWS\system32\pxafs.dll
2007-06-13 14:15   118,520   ---------   C:\WINDOWS\system32\pxinsi64.exe
2007-06-13 14:15   116,472   ---------   C:\WINDOWS\system32\pxcpyi64.exe
2007-06-13 14:15   <DIR>   d--------   C:\Program Files\DivX
2007-06-13 14:04   682,232   --a------   C:\WINDOWS\system32\drivers\sptd.sys
2007-06-13 14:00   <DIR>   d--------   C:\Program Files\OpenOffice.org 2.0.3


((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-13 11:02:18   49,712   ----a-w   C:\WINDOWS\system32\perfc015.dat
2007-06-13 11:02:18   355,830   ----a-w   C:\WINDOWS\system32\perfh015.dat
2007-06-12 19:35:51   --------   d-----w   C:\Program Files\Usługi online
2007-04-25 14:23:30   144,896   ----a-w   C:\WINDOWS\system32\schannel.dll
2007-04-23 00:15:29   3,596,288   ----a-w   C:\WINDOWS\system32\qt-dx331.dll
2007-04-23 00:15:18   200,704   ----a-w   C:\WINDOWS\system32\ssldivx.dll
2007-04-23 00:15:18   1,044,480   ----a-w   C:\WINDOWS\system32\libdivx.dll
2007-04-23 00:02:34   73,728   ----a-w   C:\WINDOWS\system32\dpl100.dll
2007-04-23 00:02:34   196,608   ----a-w   C:\WINDOWS\system32\dtu100.dll
2007-04-23 00:02:33   53,248   ----a-w   C:\WINDOWS\system32\dpuGUI10.dll
2007-04-23 00:02:31   593,920   ----a-w   C:\WINDOWS\system32\dpuGUI11.dll
2007-04-23 00:02:31   57,344   ----a-w   C:\WINDOWS\system32\dpv11.dll
2007-04-23 00:02:31   344,064   ----a-w   C:\WINDOWS\system32\dpus11.dll
2007-04-23 00:02:31   294,912   ----a-w   C:\WINDOWS\system32\dpu11.dll
2007-04-23 00:02:31   294,912   ----a-w   C:\WINDOWS\system32\dpu10.dll
2007-04-23 00:01:47   12,288   ----a-w   C:\WINDOWS\system32\DivXWMPExtType.dll
2007-04-23 00:01:46   124,472   ----a-w   C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-04-19 11:26:00   888,832   ----a-w   C:\WINDOWS\system32\nvmobls.dll
2007-04-19 11:26:00   794,624   ----a-w   C:\WINDOWS\system32\nvcplui.exe
2007-04-19 11:26:00   5,619,712   ----a-w   C:\WINDOWS\system32\nvdisps.dll
2007-04-19 11:26:00   5,255,168   ----a-w   C:\WINDOWS\system32\nvdispsr.dll
2007-04-19 11:26:00   458,752   ----a-w   C:\WINDOWS\system32\nvmccssr.dll
2007-04-19 11:26:00   45,056   ----a-w   C:\WINDOWS\system32\nvmccsrs.dll
2007-04-19 11:26:00   323,584   ----a-w   C:\WINDOWS\system32\nvwrspt.dll
2007-04-19 11:26:00   323,584   ----a-w   C:\WINDOWS\system32\nvwrsit.dll
2007-04-19 11:26:00   319,488   ----a-w   C:\WINDOWS\system32\nvwrsptb.dll
2007-04-19 11:26:00   319,488   ----a-w   C:\WINDOWS\system32\nvwrsnl.dll
2007-04-19 11:26:00   315,392   ----a-w   C:\WINDOWS\system32\nvwrsru.dll
2007-04-19 11:26:00   315,392   ----a-w   C:\WINDOWS\system32\nvwrshu.dll
2007-04-19 11:26:00   311,296   ----a-w   C:\WINDOWS\system32\nvexpbar.dll
2007-04-19 11:26:00   303,104   ----a-w   C:\WINDOWS\system32\nvwrstr.dll
2007-04-19 11:26:00   303,104   ----a-w   C:\WINDOWS\system32\nvwrssl.dll
2007-04-19 11:26:00   3,203,072   ----a-w   C:\WINDOWS\system32\nvgamesr.dll
2007-04-19 11:26:00   3,035,136   ----a-w   C:\WINDOWS\system32\nvgames.dll
2007-04-19 11:26:00   299,008   ----a-w   C:\WINDOWS\system32\nvwrssk.dll
2007-04-19 11:26:00   299,008   ----a-w   C:\WINDOWS\system32\nvwrsno.dll
2007-04-19 11:26:00   294,912   ----a-w   C:\WINDOWS\system32\nvwrssv.dll
2007-04-19 11:26:00   294,912   ----a-w   C:\WINDOWS\system32\nvwrspl.dll
2007-04-19 11:26:00   274,432   ----a-w   C:\WINDOWS\system32\nvrsit.dll
2007-04-19 11:26:00   266,240   ----a-w   C:\WINDOWS\system32\nvrspt.dll
2007-04-19 11:26:00   266,240   ----a-w   C:\WINDOWS\system32\nvrsnl.dll
2007-04-19 11:26:00   262,144   ----a-w   C:\WINDOWS\system32\nvrsru.dll
2007-04-19 11:26:00   262,144   ----a-w   C:\WINDOWS\system32\nvrsptb.dll
2007-04-19 11:26:00   262,144   ----a-w   C:\WINDOWS\system32\nvrsja.dll
2007-04-19 11:26:00   258,048   ----a-w   C:\WINDOWS\system32\nvrsko.dll
2007-04-19 11:26:00   253,952   ----a-w   C:\WINDOWS\system32\nvrshu.dll
2007-04-19 11:26:00   249,856   ----a-w   C:\WINDOWS\system32\nvrstr.dll
2007-04-19 11:26:00   249,856   ----a-w   C:\WINDOWS\system32\nvrssl.dll
2007-04-19 11:26:00   249,856   ----a-w   C:\WINDOWS\system32\nvrssk.dll
2007-04-19 11:26:00   249,856   ----a-w   C:\WINDOWS\system32\nvrspl.dll
2007-04-19 11:26:00   249,856   ----a-w   C:\WINDOWS\system32\nvrsno.dll
2007-04-19 11:26:00   245,760   ----a-w   C:\WINDOWS\system32\nvrssv.dll
2007-04-19 11:26:00   229,376   ----a-w   C:\WINDOWS\system32\nvmccs.dll
2007-04-19 11:26:00   221,184   ----a-w   C:\WINDOWS\system32\nvrszhc.dll
2007-04-19 11:26:00   212,992   ----a-w   C:\WINDOWS\system32\nvwrsja.dll
2007-04-19 11:26:00   212,992   ----a-w   C:\WINDOWS\system32\nvapi.dll
2007-04-19 11:26:00   2,973,696   ----a-w   C:\WINDOWS\system32\nvvitvsr.dll
2007-04-19 11:26:00   2,924,544   ----a-w   C:\WINDOWS\system32\nvvitvs.dll
2007-04-19 11:26:00   2,859,008   ----a-w   C:\WINDOWS\system32\nvmoblsr.dll
2007-04-19 11:26:00   196,608   ----a-w   C:\WINDOWS\system32\nvwrsko.dll
2007-04-19 11:26:00   188,416   ----a-w   C:\WINDOWS\system32\nvmccss.dll
2007-04-19 11:26:00   167,936   ----a-w   C:\WINDOWS\system32\nvwrszht.dll
2007-04-19 11:26:00   163,840   ----a-w   C:\WINDOWS\system32\nvwrszhc.dll
2007-04-19 11:26:00   118,784   ----a-w   C:\WINDOWS\system32\nvrszht.dll
2007-04-19 11:26:00   1,732,608   ----a-w   C:\WINDOWS\system32\nvwssr.dll
2007-04-19 11:26:00   1,236,992   ----a-w   C:\WINDOWS\system32\nvwss.dll
2007-04-19 11:26:00   1,011,712   ----a-w   C:\WINDOWS\system32\nvcpluir.dll
2007-04-18 16:14:32   2,854,400   ----a-w   C:\WINDOWS\system32\msi.dll
2007-04-16 20:45:28   92,504   ----a-w   C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20   43,352   ----a-w   C:\WINDOWS\system32\wups2.dll


(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 01:56]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe]
"Skrót do strony właściwości High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-24 04:27 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-25 02:20 C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [2004-09-24 06:44 C:\WINDOWS\ALCMTR.EXE]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 19:07]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-12 22:23]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"NWEReboot"="" []
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"NvMediaCenter"="NvMCTray.dll" [2007-04-19 13:26 C:\WINDOWS\system32\nvmctray.dll]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 16:36]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-04 00:29]
"Start WingMan Profiler"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-08 11:06]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-06-08 15:18]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog


Contents of the 'Scheduled Tasks' folder
2007-06-27 08:20:07  C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-27 22:09:47
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"Skrót do strony wlasciwosci High Definition Audio"="HDAudPropShortcut.exe"

Completion time: 2007-06-27 22:11:03 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-27 22:10
C:\ComboFix2.txt ... 2007-06-27 20:41

   --- E O F ---


SR

Kod: Zaznacz wszystko

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"AutoConnect" = "C:\Program Files\AutoConnect\AutoConnect.exe" ["http://autoconnect.prv.pl"]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"Start WingMan Profiler" = "(empty string)" [file not found]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"" ["Nero AG"]
"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]
"PcSync" = "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog" ["Time Information Services Ltd."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"Skrót do strony właściwości High Definition Audio" = "HDAudPropShortcut.exe" ["Windows (R) Server 2003 DDK provider"]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"AlcWzrd" = "ALCWZRD.EXE" ["RealTek Semicoductor Corp."]
"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]
"WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string]
"WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"]
"WOOTASKBARICON" = "C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" ["France Télécom R&D"]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"NWEReboot" = "(empty string)" [file not found]
"PCSuiteTrayApplication" = "C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup" ["Nokia"]
"NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "AcroIEHlprObj Class"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
  -> {HKLM...CLSID} = "IE Microsoft AutoComplete"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
  -> {HKLM...CLSID} = "History Band"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
  -> {HKLM...CLSID} = "AVG7 Find Extension Class"
                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
  -> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
  -> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
  -> {HKLM...CLSID} = "Nokia Phone Browser"
                   \InProcServer32\(Default) = "C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  -> {HKLM...CLSID} = "WPDShServiceObj Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
  -> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = ""C:\Program Files\OpenOffice.org 2.0.3\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
                   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Robert\Dane aplikacji\Mozilla\Firefox\Tapeta pulpitu.bmp"


Startup items in "Robert" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"DSLMON" -> shortcut to: "C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W" [empty string]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "C:\Program Files\Bonjour\mdnsNSP.dll" ["Apple Computer, Inc."]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\avgfwafu.dll ["GRISOFT, s.r.o."], 01 - 05
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 22
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided)
  -> {HKLM...CLSID} = "Search Class"
                   \InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, ""C:\Program Files\Bonjour\mDNSResponder.exe"" ["Apple Computer, Inc."]
AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVG7\avgemc.exe" ["GRISOFT, s.r.o."]
AVG Firewall, AVGFwSrv, "C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe /srvfsys" ["GRISOFT, s.r.o."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Resident Shield Service, AvgCoreSvc, "C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
ServiceLayer, ServiceLayer, ""C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"" ["Nokia."]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}


----------
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 33 seconds, including 3 seconds for message boxes)



[wojtas]

sciagnij killbox`a:

http://www.wiruskill.pl/forum/viewtopic.php?t=58

Odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżkę :

C:\WINDOWS\system32\drivers\runtime2.sys

i nacisnij x
Program będzie pytał o restart (oczywiście zgadzasz się)

[Robert]

wojtas19162
okej zrobione jeszcze logi jakieś dać?

[wojtas]

nie musisz sadze ze bedzie ok

[Robert]

wojtas19162
ok dzięki jakby coś się urodziło napisze..
i Co ja bym bez ciebie zrobił