System wiesza sie nod nie wykazuje wirusow

**Posty:** 4 · przez **grzesznik** 24 Kwi 2009, 20:21

Witam,
System wiesza się bez przyczyny, obciążenie procesora nie wykazuje zużycia Nod żadnego wirusa nie widzi.
Nie ważne czy dopiero włączyłem laptopa czy już chodzi od jakiegoś czasu
Np mogę kliknąć start na klawiaturze ale na coś kliknąć już nie tak samo start+r(uruchom) ale wpisać już nie mogę komendy

Kod: Zaznacz wszystko: [b]SDFix: Version 1.240 [/b] Run by Administrator on 2009-04-24 at 20:02 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\WINDOWS\system32\patch.exe - Deleted Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-24 20:06:07 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="D:\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:9b,f7,79,be,ee,a0,27,38,a3,b1,cb,7f,08,2b,5e,a1,1e,5a,95,b4,df,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,38,d2,a2,9a,b8,c9,29,80,78,52,24,ac,7c,99,da,4f,1e,.. "khjeh"=hex:09,95,8b,84,42,84,b2,32,5d,4c,e2,19,20,83,18,14,83,e3,40,5b,6f,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:a3,29,9d,18,aa,93,71,9c,2d,e3,c3,15,1d,16,81,30,b1,1d,45,0e,a1,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="D:\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:9b,f7,79,be,ee,a0,27,38,a3,b1,cb,7f,08,2b,5e,a1,1e,5a,95,b4,df,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,38,d2,a2,9a,b8,c9,29,80,78,52,24,ac,7c,99,da,4f,1e,.. "khjeh"=hex:09,95,8b,84,42,84,b2,32,5d,4c,e2,19,20,83,18,14,83,e3,40,5b,6f,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:a3,29,9d,18,aa,93,71,9c,2d,e3,c3,15,1d,16,81,30,b1,1d,45,0e,a1,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System] "OODEFRAG10.00.00.01WORKSTATION"="7196AB8F3380B80E4795022B483E5CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D679404F6A0891772831D8A6EF4F769A94B17EBA9BC4A8F747D6ABD2DBB60077C33962986A21670D4547FB7F221197EAA88926C18445636850274AB489E77FD100C4970D9C56683FDF3035A0F23ED64F4BA4702880AE0B58B9ADD22CFA758D15CDCB713ECC1F7F41E7AFD0F8B3C4DB6561634CC347D3BC0973AEF698D966D65CEF4941DB93EEC80A2B4AA47B623332360043E45D983D5197B08D61BD21A43351ED8746DC1DB8BF4C22426C6E205BCEFE823AA333EF34A184EDDA126F1580ACB40BE51B78AAA3DB1777B7526647EAEF18C44A6B4261BD4AAEBC9C64EC36A974B729408051C3211B0FEA57E5395A3ED15A5EC40BADB39D44FF38F9C2924DCE3E9B477D9AF036B377A57BC0A0ED3FB07D75A576C8D2F014F9C48A461A171310DEECBBB6DE7CF44862CC892476C0102A7CF0DEF01C4729B6AB890B3B4760F5C52BABE694A31179F79F9DAAAC8560224A3226BD83A4FFBA5F361B71C1B3C67479A3BD9BADEE472532CA9DB3F0687C147F10BE0E7B66EA72D59666DEF7C5662CEEDF72F217D2DFCA862155BBBD6132E402D59A025FA3852B7312CA4F4A403F2C3788990BE590A58DE812B2F40FADB37DA14F02151ED16DF3EB02A1426C54F8AEB0C1D96EA0DCFA92712ECF1A2969BD35688499CD9DAC536A9B6ED38B2749D21001D731EB217269827C371FD6AAC5F7CE593EB9067F0D8C0DC4117CE7CA625B32DC463C654D709D1F9E763F7D3AA0630B0DFF9BF5245366D2A74D9DB1BBA714194BFD4F5C39347872C740142D05D476FD1BAA630A7CC172F5B987DA5D670E04C4AEE4551A875066B42839C0605F729C0579737AA2A63097D2B99E03831EBA55DD757C547DD0ABBB92FD19AB1480F0AACC48D89BF4EC9ECD14986F1E1D937C681BAA2FC077343B32C5FC277F6A71F9AC211D80CBFBE23F9ABD9143736393C1F45E39C2205ACF51084305B4249E4865E9328D5C04257753B8C761AC68D69CD5DBFB7B5057981DBC308734599E2F28630346709409FAA2E0A7CA914CC01B71E0506100505E01D1215FE6E4F37BF7BC53B3F2399B5767F9A9C8474A28BEFA8476C34394197F9DF9A21355CEB64A25A4F01D1A252DF2B4CEF7735C889D5007044BDEA74C8C5C95CD9D77B6B2F7E902091D50E202012E141C4722011301594FCF6F8CDF71CAE99D91A7CA8BB53F85190DD63984A98B4043E943D5CA923C4DCE8A36F83EA5F01F25489A592E53859F1266BA41C4571C1C15ABDD9035F11F4C38971C8B8EA5B0428FB374217F2DD3A468B55EBC6A606C88C5E851DB5794F4980646DFE1C0A7E90CC33990F" "OODEFRAG11.00.00.01WORKSTATION"="3CA43E8B5890A61B727C58A5F9E5CD2606A072DC7CC4ED4FA6312310D9EF1B4A7BF25D96F97752191112347EE3A0C238CF31A12A7D9B249D0ACC6A2D60911A0292658A86BEF7B1006A86359FCF3BDF80FB16E0A557B61CF360F0E9AAB6808962405FBA9B0DFA25C839D391056F4416C05CFBC82724E9FD0335A1B9DA7CF4DE2BE7D8A8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D6794A6A0AC4980AC7933C817C23EC6233A847FA81918B53116A43E67690F7A4518B0E8E06195C91FE3A5DEFD2A00BE21BE635E5A6C6E24EB441E3D212C428F8AE45EE881EE25532C328B3CB2B71CB6E9070CA3854D33012C73F415855030DB877E46CE2C275AF945B43E7027385197E00CAFDCA36CF344AA1279EF360CD481F06A7C824DE643AC38A632BFAFCA5F4089DCC5C9134FC2D8C6A142A93C69B4191D40579D345BF4D277D29FA186620B810F9B045E964DB41D84BAAAD5834656AE082D726E96070642151C0241C8491D23BFFDEAC3D414E3648909CF3AD954C4C1D170AC780B4112CACCF61AFEF798E1DD8C4EB957D7A46D76224B144DF2990DC7BF5EA87110B5B92DF86CEC6DF841AADF8C6CF4A80ED3F30D3B541EBFE6EE42A7385FCD440561209C9C9BC0541607CA4C78C867FC4B4A9B58E98CD7F13182FB3DC770C88FAE986CC3DBB323AE7D019C382F6A1E4B43830FFAE36EEE79B05654599D2187A5B381CA3FFEFA632D3E9CFA2DB16B69C191D2FC8B0489559F2840E9BF8E163C8C2317EA20F3CA16B2CF9748AA2779DE4136DA94954901C162406960289107DFFEEB27806BC91013568907E8A158D8D6DB90158D97578B2FF104515C3FC341ACECE2D64399B74BF6E42B5144F7B2DD6FDBE94EA085F376D936E3C70A246424A1F6401A6E18161422DCD3354888C97389BE6AA68B458A9EC5C6B0F297EA5724027521BDC048E19138710B40642152184AB222948FB3A97837F2A3CDB71DA4C9D5F0845F00FE3A02210C39D58E8227DC9B9D035F731E058B3A3A57242234F730672A4FF1F206E5358946AAAE3EE3C46AA9976324004772F19C53CC1A8F232189C5114BBDE418CC9361EF135671EF4EF8E46EFC540367EEDC6FA665A340CB941A444E235B2668FC135C8C06AB27C309578421EE33CE29968D0953E88B75076938F9BBE6BA091C26C3F3D4FDE4E5F160687F64BB5B38AB2F5C052A84EEF6A0DB5042E68D9EE6C91EC462B3588735FE5F2295A049B819819CB43F3046408E584C653D946D9C9A01DCCAA9485670A166B90EC5F3E18B4F32EB95DC20A0440C633F89CB39C2A183C280220EE59CCEBC17454C55ACB4E93CB8CA924165EC96C0E85AE417002FEA8681C8A59595B42799717C8C4ED153BB4583" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\\Gadu-Gadu\\gg.exe"="D:\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program główny" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "E:\\eMule\\emule.exe"="E:\\eMule\\emule.exe:*:Enabled:eMule" "D:\\uTorrent\\uTorrent.exe"="D:\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent" "C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Disabled:EA Download Manager" "D:\\WebServ\\mysql\\bin\\WebServ(mysqld).exe"="D:\\WebServ\\mysql\\bin\\WebServ(mysqld).exe:*:Enabled:WebServ(mysqld)" "D:\\WebServ\\apache2\\bin\\WebServ(apache).exe"="D:\\WebServ\\apache2\\bin\\WebServ(apache).exe:*:Enabled:Apache HTTP Server" "D:\\konnekt\\Konnekt\\konnekt.exe"="D:\\konnekt\\Konnekt\\konnekt.exe:*:Enabled:Konnekt - Core" "D:\\Miranda IM\\miranda32.exe"="D:\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM" "C:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"="C:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe:*:Enabled:VMware Authd" "E:\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"="E:\\Mirror's Edge\\Binaries\\MirrorsEdge.exe:*:Enabled:Mirror's Edge™" "D:\\Orbitdownloader\\orbitdm.exe"="D:\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit" "D:\\Orbitdownloader\\orbitnet.exe"="D:\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit" "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB" "E:\\Tom Clancy's H.A.W.X\\HAWX.exe"="E:\\Tom Clancy's H.A.W.X\\HAWX.exe:*:Enabled:Tom Clancy's H.A.W.X" "E:\\Tom Clancy's EndWar\\Binaries\\EndWar.exe"="E:\\Tom Clancy's EndWar\\Binaries\\EndWar.exe:*:Enabled:Tom Clancy's EndWar" "E:\\Tom Clancy's EndWar\\Tom Clancy's EndWar Launcher.exe"="E:\\Tom Clancy's EndWar\\Tom Clancy's EndWar Launcher.exe:*:Enabled:Tom Clancy's EndWar Launcher" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Thu 7 Aug 2008 1,024 A..H. --- "C:\RECYCLER\S-1-5-21-854245398-1767777339-682003330-1003\Dc12.sys" Mon 12 Jan 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" [b]Finished![/b]

Kod: Zaznacz wszystko: ComboFix 09-04-25.01 - Administrator 2009-04-24 19:30.4 - NTFSx86 MINIMAL Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.3070.2805 [GMT 2:00] Uruchomiony z: c:\documents and settings\KamilS\Pulpit\ComboFix.exe AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) FW: Zapora osobista *enabled* . ((((((((((((((((((((((((( Pliki utworzone od 2009-05-24 do 2009-4-24 ))))))))))))))))))))))))))))))) . 2009-04-24 16:06 . 2006-09-13 16:19 11775 -c--a-w c:\windows\system32\dllcache\wadv05nt.sys 2009-04-24 16:05 . 2006-09-13 16:18 7552 -c--a-w c:\windows\system32\dllcache\sonyait.sys 2009-04-24 16:04 . 2006-09-13 16:17 715146 -c--a-w c:\windows\system32\dllcache\r2mdmkxx.sys 2009-04-24 16:03 . 2006-09-13 16:17 7168 -c--a-w c:\windows\system32\dllcache\mxport.dll 2009-04-24 16:02 . 2006-09-13 16:16 26624 -c--a-w c:\windows\system32\dllcache\irstusb.sys 2009-04-24 16:01 . 2004-08-04 11:00 72192 -c--a-w c:\windows\system32\dllcache\fxscom.dll 2009-04-24 16:00 . 2006-09-13 16:15 256512 -c--a-w c:\windows\system32\dllcache\devcon32.dll 2009-04-24 15:59 . 2006-09-13 16:15 3968 -c--a-w c:\windows\system32\dllcache\brfiltup.sys 2009-04-24 15:58 . 2004-08-04 11:00 7168 -c--a-w c:\windows\system32\dllcache\wamregps.dll 2009-04-24 15:32 . 2008-10-16 12:09 43544 ----a-w c:\windows\system32\wups2.dll 2009-04-24 15:32 . 2008-10-16 12:08 35864 ----a-w c:\windows\system32\wucltui.dll.mui 2009-04-24 15:32 . 2008-10-16 12:07 19480 ----a-w c:\windows\system32\wuaueng.dll.mui 2009-04-24 15:32 . 2008-10-16 12:08 27672 ----a-w c:\windows\system32\wuaucpl.cpl.mui 2009-04-24 15:32 . 2008-10-16 12:08 27672 ----a-w c:\windows\system32\wuapi.dll.mui 2009-04-24 15:26 . 2009-04-24 15:30 1529241 ----a-w C:\SDFix.exe 2009-04-24 15:09 . 2009-04-24 15:09 -------- d-s---w c:\documents and settings\KamilS\UserData 2009-04-23 05:37 . 2009-04-23 06:27 3577 ----a-w C:\patch 2009-04-23 05:36 . 2009-04-24 17:25 25496 ----a-w c:\windows\system32\patch 2009-04-23 05:35 . 2009-04-23 15:30 92200 ----a-w c:\windows\system32\patch.exe 2009-04-22 18:55 . 2009-04-22 18:55 -------- d-----w c:\documents and settings\KamilS\Dane aplikacji\Cream Software 2009-04-21 16:37 . 2009-04-21 16:37 -------- d-----w c:\documents and settings\KamilS\Ustawienia lokalne\Dane aplikacji\Real 2009-04-17 07:15 . 2009-04-17 07:15 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\id Software 2009-04-11 12:26 . 2009-04-22 20:13 -------- d-----w C:\LAP 2009-04-10 18:59 . 2009-04-10 18:59 -------- d-----w c:\documents and settings\KamilS\Ustawienia lokalne\Dane aplikacji\Opera 2009-04-10 09:15 . 2009-04-10 09:15 277461 ---h--w C:\treeinfo.wc 2009-04-10 08:32 . 2009-03-09 00:53 73728 ----a-w c:\windows\system32\javacpl.cpl 2009-04-09 12:53 . 2007-11-20 16:35 49792 ------w c:\windows\system32\drivers\ser2pl.sys 2009-04-09 10:34 . 2004-12-07 08:46 425984 ----a-w c:\windows\system32\hpqPres.dll 2009-04-09 10:34 . 2004-12-07 08:45 65536 ----a-w c:\windows\system32\hpqactn.dll 2009-04-09 10:34 . 2004-12-01 10:46 32768 ----a-w c:\windows\system32\eabhbrn8.dll 2009-04-09 10:34 . 2004-12-01 10:45 225280 ----a-w c:\windows\system32\cpqinfo.dll 2009-04-09 10:33 . 2004-04-14 05:36 7432 ----a-w c:\windows\system32\drivers\eabfiltr.sys 2009-04-09 10:33 . 2003-06-06 09:46 5220 ----a-w c:\windows\system32\drivers\EabUsb.sys 2009-04-01 08:33 . 2009-04-01 08:33 -------- d-----w c:\documents and settings\KamilS\Dane aplikacji\MathWorks 2009-04-01 08:31 . 2004-03-01 21:05 407104 ----a-w c:\windows\system32\MSHFLXGD.OCX 2009-04-01 08:31 . 2004-02-11 13:37 203976 ----a-w c:\windows\system32\RICHTX32.OCX 2009-04-01 08:31 . 2009-04-01 08:31 645120 ----a-w c:\windows\system32\config.gms 2009-03-26 17:25 . 2009-03-26 17:25 -------- d-----w c:\documents and settings\KamilS\workspace . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-24 17:31 . 2001-10-26 17:15 85198 ----a-w c:\windows\system32\perfc015.dat 2009-04-24 17:31 . 2001-10-26 17:15 493492 ----a-w c:\windows\system32\perfh015.dat 2009-04-24 17:29 . 2008-03-28 21:30 -------- d-sh--w d:\\RECYCLER 2009-04-24 17:19 . 2009-01-21 19:55 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\VMware 2009-04-24 16:50 . 2009-01-21 19:56 -------- d-----w c:\documents and settings\LocalService\Dane aplikacji\VMware 2009-04-24 16:42 . 2009-01-03 15:20 -------- d-----w c:\documents and settings\KamilS\Dane aplikacji\foobar2000 2009-04-24 15:31 . 2009-03-06 20:19 -------- d-----w c:\documents and settings\KamilS\Dane aplikacji\Orbit 2009-04-24 15:06 . 2009-03-06 20:19 -------- d-----w d:\\Orbitdownloader 2009-04-24 14:54 . 2009-01-03 19:49 -------- d-----w c:\documents and settings\KamilS\Dane aplikacji\Skype 2009-04-24 14:53 . 2009-01-03 19:54 -------- d-----w c:\documents and settings\KamilS\Dane aplikacji\skypePM 2009-04-24 06:36 . 2009-01-31 18:01 -------- d-----w d:\\Nowe Gadu-Gadu 2009-04-23 16:53 . 2009-01-27 19:30 -------- d-----w d:\\ESET 2009-04-23 16:46 . 2009-04-23 16:46 -------- d-sh--w d:\\Config.Msi 2009-04-23 16:14 . 2008-10-08 06:06 -------- d-----w d:\\MP 3 2009-04-23 05:41 . 2009-01-11 21:54 -------- d-----w d:\\LESZek 2009-04-22 21:35 . 2009-03-07 13:31 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2009-04-22 21:35 . 2009-03-07 13:30 189784 ----a-w c:\windows\system32\PnkBstrB.exe 2009-04-22 18:55 . 2009-04-22 18:55 -------- d-----w d:\\Cream Software 2009-04-22 14:01 . 2009-04-01 08:06 -------- d-----w d:\\Matlab 2009-04-21 16:37 . 2009-04-21 16:37 -------- d-----w d:\\Real Alternative 2009-04-21 11:19 . 2009-01-24 15:21 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-04-19 21:23 . 2009-03-06 20:19 -------- d-----w d:\\Downloads 2009-04-17 17:03 . 2009-03-07 13:30 75064 ----a-w c:\windows\system32\PnkBstrA.exe 2009-04-17 08:27 . 2009-04-17 08:27 3552 ----a-w C:\FR czsowniki.txt 2009-04-17 07:15 . 2009-03-07 13:31 22328 ----a-w c:\documents and settings\KamilS\Dane aplikacji\PnkBstrK.sys 2009-04-17 07:15 . 2009-03-07 13:30 2246144 ----a-w c:\windows\system32\pbsvc.exe 2009-04-16 18:08 . 2009-01-21 20:00 -------- d-----w c:\documents and settings\KamilS\Dane aplikacji\VMware 2009-04-10 18:59 . 2009-04-10 18:59 -------- d-----w d:\\Opera 2009-04-10 08:57 . 2009-04-10 08:31 -------- d-----w d:\\Java 2009-04-10 08:32 . 2009-04-10 08:32 -------- d-----w d:\\Sun 2009-04-09 12:53 . 2009-02-15 07:10 -------- d--h--w d:\\InstallShield Installation Information 2009-04-09 10:33 . 2009-04-09 10:33 -------- d-----w d:\\HPQ 2009-04-07 17:30 . 2009-01-07 12:03 -------- d-----w c:\documents and settings\KamilS\Dane aplikacji\FileZilla 2009-04-07 06:26 . 2009-04-07 06:25 -------- d-----w d:\\StarUML 2009-04-03 18:46 . 2009-02-15 07:12 -------- d-----w c:\documents and settings\KamilS\Dane aplikacji\Microsoft Games 2009-03-31 14:38 . 2009-03-28 20:33 -------- d-----w d:\\WFlip050 2009-03-24 20:50 . 2009-01-04 11:54 -------- d-----w c:\documents and settings\KamilS\Dane aplikacji\uTorrent 2009-03-19 09:45 . 2009-03-19 09:45 55768 ----a-w c:\windows\system32\drivers\epfwtdi.sys 2009-03-19 09:45 . 2009-03-19 09:45 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys 2009-03-19 09:45 . 2009-03-19 09:45 131976 ----a-w c:\windows\system32\drivers\epfw.sys 2009-03-19 09:44 . 2009-03-19 09:44 107256 ----a-w c:\windows\system32\drivers\ehdrv.sys 2009-03-19 09:41 . 2009-03-19 09:41 113960 ----a-w c:\windows\system32\drivers\eamon.sys 2009-03-17 08:40 . 2009-03-04 17:22 -------- d-----w d:\\Microsoft Visual Studio 9.0 2009-03-17 08:40 . 2009-03-17 08:40 -------- d-----w d:\\Reference Assemblies 2009-03-12 20:14 . 2009-01-08 20:13 -------- d-----w d:\\Notepad++ 2009-03-10 10:33 . 2009-03-06 20:19 -------- d-----w c:\documents and settings\KamilS\Dane aplikacji\GrabPro 2009-03-09 03:19 . 2009-01-08 13:57 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-08 18:49 . 2009-03-08 18:48 -------- d-----w d:\\eclipse 2009-03-07 17:07 . 2009-03-04 18:40 -------- d-----w d:\\Google 2009-03-07 15:16 . 2008-12-31 20:58 -------- d-----w d:\\!! STARE 2009-03-07 13:37 . 2009-03-07 13:37 -------- d-----w c:\documents and settings\KamilS\Dane aplikacji\id Software 2009-03-06 05:59 . 2008-12-31 08:43 44144 ----a-w c:\documents and settings\KamilS\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-03-04 18:47 . 2009-03-04 18:47 -------- d-----w d:\\Intel 2009-03-04 18:47 . 2009-03-04 18:47 -------- d-----w c:\documents and settings\KamilS\Dane aplikacji\Intel 2009-03-04 17:24 . 2009-03-04 17:24 -------- d-----w d:\\Microsoft Synchronization Services 2009-03-04 17:24 . 2009-03-04 17:24 -------- d-----w d:\\Microsoft SQL Server Compact Edition 2009-03-04 17:22 . 2009-03-04 17:22 -------- d-----w d:\\Microsoft SDKs 2009-02-26 20:09 . 2009-02-26 20:09 -------- d-----w d:\\OO Software 2009-02-14 07:03 . 2009-02-14 07:03 1085 ----a-w C:\ip.txt 2009-02-12 20:27 . 2009-02-12 19:27 15176 ----a-w C:\mksbasel.cpp.log 2009-02-10 21:57 . 2009-01-21 20:08 80357 ----a-w d:\\vmware-2.log 2009-01-27 22:54 . 2009-01-02 18:55 33784 ---ha-w c:\windows\system32\mlfcache.dat 2009-01-24 23:08 . 2009-01-24 15:21 75632 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat 2008-09-24 11:50 . 2009-01-21 19:48 582315928 ----a-w d:\\VMware-workstation-6.5.0-118166.exe . ((((((((((((((((((((((((((((( SnapShot@2009-04-24_16.50.24 ))))))))))))))))))))))))))))))))))))))))) . + 2001-08-17 22:30 . 2009-04-24 17:31 68770 c:\windows\system32\perfc009.dat - 2001-08-17 22:30 . 2009-04-24 16:48 68770 c:\windows\system32\perfc009.dat + 2001-08-17 22:30 . 2009-04-24 17:31 435540 c:\windows\system32\perfh009.dat - 2001-08-17 22:30 . 2009-04-24 16:48 435540 c:\windows\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-11-18 11:58 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2004-08-03 100864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-23 8478720] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-29 638976] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2008-09-18 84528] "OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 2540800] "Google Desktop Search"="d:\\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-04 30192] "eabconfg.cpl"="d:\\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816] "SunJavaUpdateSched"="d:\java\jre6\bin\jusched.exe" [2009-03-09 148888] "wmp"="c:\windows\system32\patch.exe" [2009-04-23 92200] "egui"="d:\eset\ESET Smart Security\egui.exe" [2009-03-19 2029640] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-23 81920] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-18 1626112] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-11-30 16858624] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2004-08-03 100864] HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 "wave"= serwvdrv.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]OODBS [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "e:\\eMule\\emule.exe"= "d:\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "d:\\WebServ\\mysql\\bin\\WebServ(mysqld).exe"= "d:\\WebServ\\apache2\\bin\\WebServ(apache).exe"= "d:\\konnekt\\Konnekt\\konnekt.exe"= "d:\\Miranda IM\\miranda32.exe"= "c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"= "e:\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"= "d:\\Orbitdownloader\\orbitdm.exe"= "d:\\Orbitdownloader\\orbitnet.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "e:\\Tom Clancy's H.A.W.X\\HAWX.exe"= "e:\\Tom Clancy's EndWar\\Binaries\\EndWar.exe"= "e:\\Tom Clancy's EndWar\\Tom Clancy's EndWar Launcher.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-03-19 107256] R2 DUMeterSvc;DU Meter Service;d:\du meter\DUMeterSvc.exe [2008-06-10 1386008] R2 ekrn;ESET Service;d:\eset\ESET Smart Security\ekrn.exe [2009-03-19 731840] R2 gupdate1c99f471bf7f860;Google Update Service (gupdate1c99f471bf7f860);d:\google\Update\GoogleUpdate.exe [2009-03-07 133104] R2 HDD & SSD access service;HDD & SSD access service; [x] R2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-09-18 54960] R3 GoogleDesktopManager-092308-165331;Menedżer Google Desktop 5.8.809.23506;d:\\Google\Google Desktop Search\GoogleDesktop.exe [2009-03-04 30192] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0FAD3184-5012-4D27-5BBC-22850469D194}] c:\windows\system32\patch.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Zawartość folderu 'Zaplanowane zadania' 2009-04-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job - d:\google\Update\GoogleUpdate.exe [2009-03-07 17:06] . . ------- Skan uzupełniający ------- . LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab FF - ProfilePath - . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-24 19:33 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run wmp = c:\windows\system32\patch.exe????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? skanowanie ukrytych plików ... ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DUMeterSvc] "ImagePath"="d:\du meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="7196AB8F3380B80E4795022B483E5CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D679404F6A0891772831D8A6EF4F769A94B17EBA9BC4A8F747D6ABD2DBB60077C33962986A21670D4547FB7F221197EAA88926C18445636850274AB489E77FD100C4970D9C56683FDF3035A0F23ED64F4BA4702880AE0B58B9ADD22CFA758D15CDCB713ECC1F7F41E7AFD0F8B3C4DB6561634CC347D3BC0973AEF698D966D65CEF4941DB93EEC80A2B4AA47B623332360043E45D983D5197B08D61BD21A43351ED8746DC1DB8BF4C22426C6E205BCEFE823AA333EF34A184EDDA126F1580ACB40BE51B78AAA3DB1777B7526647EAEF18C44A6B4261BD4AAEBC9C64EC36A974B729408051C3211B0FEA57E5395A3ED15A5EC40BADB39D44FF38F9C2924DCE3E9B477D9AF036B377A57BC0A0ED3FB07D75A576C8D2F014F9C48A461A171310DEECBBB6DE7CF44862CC892476C0102A7CF0DEF01C4729B6AB890B3B4760F5C52BABE694A31179F79F9DAAAC8560224A3226BD83A4FFBA5F361B71C1B3C67479A3BD9BADEE472532CA9DB3F0687C147F10BE0E7B66EA72D59666DEF7C5662CEEDF72F217D2DFCA862155BBBD6132E402D59A025FA3852B7312CA4F4A403F2C3788990BE590A58DE812B2F40FADB37DA14F02151ED16DF3EB02A1426C54F8AEB0C1D96EA0DCFA92712ECF1A2969BD35688499CD9DAC536A9B6ED38B2749D21001D731EB217269827C371FD6AAC5F7CE593EB9067F0D8C0DC4117CE7CA625B32DC463C654D709D1F9E763F7D3AA0630B0DFF9BF5245366D2A74D9DB1BBA714194BFD4F5C39347872C740142D05D476FD1BAA630A7CC172F5B987DA5D670E04C4AEE4551A875066B42839C0605F729C0579737AA2A63097D2B99E03831EBA55DD757C547DD0ABBB92FD19AB1480F0AACC48D89BF4EC9ECD14986F1E1D937C681BAA2FC077343B32C5FC277F6A71F9AC211D80CBFBE23F9ABD9143736393C1F45E39C2205ACF51084305B4249E4865E9328D5C04257753B8C761AC68D69CD5DBFB7B5057981DBC308734599E2F28630346709409FAA2E0A7CA914CC01B71E0506100505E01D1215FE6E4F37BF7BC53B3F2399B5767F9A9C8474A28BEFA8476C34394197F9DF9A21355CEB64A25A4F01D1A252DF2B4CEF7735C889D5007044BDEA74C8C5C95CD9D77B6B2F7E902091D50E202012E141C4722011301594FCF6F8CDF71CAE99D91A7CA8BB53F85190DD63984A98B4043E943D5CA923C4DCE8A36F83EA5F01F25489A592E53859F1266BA41C4571C1C15ABDD9035F11F4C38971C8B8EA5B0428FB374217F2DD3A468B55EBC6A606C88C5E851DB5794F4980646DFE1C0A7E90CC33990F" "OODEFRAG11.00.00.01WORKSTATION"="3CA43E8B5890A61B727C58A5F9E5CD2606A072DC7CC4ED4FA6312310D9EF1B4A7BF25D96F97752191112347EE3A0C238CF31A12A7D9B249D0ACC6A2D60911A0292658A86BEF7B1006A86359FCF3BDF80FB16E0A557B61CF360F0E9AAB6808962405FBA9B0DFA25C839D391056F4416C05CFBC82724E9FD0335A1B9DA7CF4DE2BE7D8A8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79335D575E7D6A3B9808BA7FD869164D6794A6A0AC4980AC7933C817C23EC6233A847FA81918B53116A43E67690F7A4518B0E8E06195C91FE3A5DEFD2A00BE21BE635E5A6C6E24EB441E3D212C428F8AE45EE881EE25532C328B3CB2B71CB6E9070CA3854D33012C73F415855030DB877E46CE2C275AF945B43E7027385197E00CAFDCA36CF344AA1279EF360CD481F06A7C824DE643AC38A632BFAFCA5F4089DCC5C9134FC2D8C6A142A93C69B4191D40579D345BF4D277D29FA186620B810F9B045E964DB41D84BAAAD5834656AE082D726E96070642151C0241C8491D23BFFDEAC3D414E3648909CF3AD954C4C1D170AC780B4112CACCF61AFEF798E1DD8C4EB957D7A46D76224B144DF2990DC7BF5EA87110B5B92DF86CEC6DF841AADF8C6CF4A80ED3F30D3B541EBFE6EE42A7385FCD440561209C9C9BC0541607CA4C78C867FC4B4A9B58E98CD7F13182FB3DC770C88FAE986CC3DBB323AE7D019C382F6A1E4B43830FFAE36EEE79B05654599D2187A5B381CA3FFEFA632D3E9CFA2DB16B69C191D2FC8B0489559F2840E9BF8E163C8C2317EA20F3CA16B2CF9748AA2779DE4136DA94954901C162406960289107DFFEEB27806BC91013568907E8A158D8D6DB90158D97578B2FF104515C3FC341ACECE2D64399B74BF6E42B5144F7B2DD6FDBE94EA085F376D936E3C70A246424A1F6401A6E18161422DCD3354888C97389BE6AA68B458A9EC5C6B0F297EA5724027521BDC048E19138710B40642152184AB222948FB3A97837F2A3CDB71DA4C9D5F0845F00FE3A02210C39D58E8227DC9B9D035F731E058B3A3A57242234F730672A4FF1F206E5358946AAAE3EE3C46AA9976324004772F19C53CC1A8F232189C5114BBDE418CC9361EF135671EF4EF8E46EFC540367EEDC6FA665A340CB941A444E235B2668FC135C8C06AB27C309578421EE33CE29968D0953E88B75076938F9BBE6BA091C26C3F3D4FDE4E5F160687F64BB5B38AB2F5C052A84EEF6A0DB5042E68D9EE6C91EC462B3588735FE5F2295A049B819819CB43F3046408E584C653D946D9C9A01DCCAA9485670A166B90EC5F3E18B4F32EB95DC20A0440C633F89CB39C2A183C280220EE59CCEBC17454C55ACB4E93CB8CA924165EC96C0E85AE417002FEA8681C8A59595B42799717C8C4ED153BB4583" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(328) c:\windows\system32\ac3acm.acm c:\windows\system32\lameACM.acm . Czas ukończenia: 2009-04-24 19:35 ComboFix-quarantined-files.txt 2009-04-24 17:34 ComboFix2.txt 2009-04-24 16:53 ComboFix3.txt 2009-02-15 18:28 Przed: 2 018 377 728 bajtów wolnych Po: 2 006 044 672 bajtów wolnych 230

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:46:12, on 2009-04-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE D:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbitdownloader\orbitcth.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - D:\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [Google Desktop Search] "D:\\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [eabconfg.cpl] D:\\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [wmp] C:\WINDOWS\system32\patch.exe O4 - HKLM\..\Run: [egui] "D:\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll O9 - Extra 'Tools' menuitem: Ustawienia wtyczki &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - D:\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.2.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1240587024421 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - D:\DU Meter\DUMeterSvc.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - D:\ESET\ESET Smart Security\ekrn.exe O23 - Service: Menedżer Google Desktop 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - D:\\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c99f471bf7f860) (gupdate1c99f471bf7f860) - Google Inc. - D:\Google\Update\GoogleUpdate.exe O23 - Service: HDD & SSD access service - Unknown owner - C:\Program Files\Common Files\BinarySense\disksvc.exe (file missing) O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - D:\HPQ\SHARED\HPQWMI.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe -- End of file - 6711 bytes

**Posty:** 18165 · przez **wojtas** 25 Kwi 2009, 13:50

w dodaj usun odinstaluj AskBarDis

skasuj w hijacku:

O4 - HKLM\..\Run: [wmp] C:\WINDOWS\system32\patch.exe

Otworz notatnik i wklej w nim to:

File::
C:\RECYCLER\S-1-5-21-854245398-1767777339-682003330-1003\Dc12.sys
c:\windows\system32\patch
C:\patch

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.