Bluescreeny, jakies pliki bat

[Pokahontaz]

Od pewnego czasu mam problem z pc co pewien czas wywala mi blue screena i komp jest jakis nie taki. Avast caly czas na nowo znajduje i usowa pliczek bat z dysku C i jakos mu to nie idzie oto logi:

hijack:

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:41, on 2008-11-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\WZCBDL Service\WZCBDLS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Konnekt\konnekt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Documents and Settings\Pucek\Pulpit\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe

--
End of file - 6596 bytes


Kod: Zaznacz wszystko

ComboFix 08-11-26.03 - Pucek 2008-11-26 22:57:43.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1618 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Pucek\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania

[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Pucek\Ustawienia lokalne\Temporary Internet Files\ijjistarter_verinfo.dat
C:\ij.bat
c:\windows\system32\gasretyw0.dll
c:\windows\system32\kamsoft.exe

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-10-26 do 2008-11-26  )))))))))))))))))))))))))))))))
.

2008-11-24 20:42 . 2008-11-24 20:42   <DIR>   d--------   c:\program files\Alwil Software
2008-11-24 00:39 . 2008-11-24 00:39   <DIR>   d--------   c:\documents and settings\All Users\Dane aplikacji\IJJIGame
2008-11-20 10:06 . 2008-11-26 16:13   85,504   -r-hs----   c:\windows\system32\gasretyw1.dll
2008-11-19 20:55 . 2008-11-19 20:55   <DIR>   d--------   c:\documents and settings\Pucek\Dane aplikacji\NPLUTO Corporation
2008-11-19 20:18 . 2008-11-19 20:18   <DIR>   d--------   C:\ijji
2008-11-19 20:18 . 2008-11-24 01:38   <DIR>   d--h-----   c:\documents and settings\Pucek\Dane aplikacji\ijjigame
2008-11-19 20:17 . 2008-11-19 20:17   <DIR>   d--------   c:\program files\NHN USA
2008-11-19 20:17 . 2008-06-17 19:28   710,064   --a------   c:\windows\system32\ijjiSetup.exe
2008-11-19 20:17 . 2008-04-23 14:02   157,152   --a------   c:\windows\system32\PubPlugin.dll
2008-11-19 20:17 . 2008-06-11 23:01   58,800   --a------   c:\windows\system32\ijjiPlugin2.dll
2008-11-19 13:23 . 2008-11-22 19:11   <DIR>   d--------   c:\program files\DriftCity
2008-11-16 20:08 . 2008-11-16 20:14   <DIR>   d--------   C:\cda
2008-11-10 17:16 . 2008-11-11 08:34   <DIR>   d--------   c:\documents and settings\Pucek\Dane aplikacji\Red Alert 3
2008-11-09 09:38 . 2008-11-09 09:38   151   --a------   c:\windows\PhotoSnapViewer.INI
2008-11-01 16:46 . 2008-11-03 22:11   <DIR>   d--------   c:\program files\Fallout 3

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-26 19:00   202,040   ----a-w   c:\windows\system32\PnkBstrB.exe
2008-11-26 19:00   137,688   ----a-w   c:\windows\system32\drivers\PnkBstrK.sys
2008-11-26 06:44   ---------   d-----w   c:\documents and settings\Pucek\Dane aplikacji\uTorrent
2008-11-24 23:50   ---------   d-----w   c:\program files\MU
2008-11-24 19:21   22,328   ----a-w   c:\documents and settings\Pucek\Dane aplikacji\PnkBstrK.sys
2008-11-24 19:20   682,280   ----a-w   c:\windows\system32\pbsvc.exe
2008-11-24 19:20   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-11-24 19:19   ---------   d-----w   c:\program files\Activision
2008-11-23 00:34   66,872   ----a-w   c:\windows\system32\PnkBstrA.exe
2008-11-22 19:12   ---------   d-----w   c:\program files\Ultra MP4 Video Converter
2008-11-22 12:41   ---------   d-----w   c:\program files\EA Games
2008-11-21 23:44   ---------   d-----w   c:\program files\World of Warcraft
2008-11-19 19:17   ---------   d-----w   c:\program files\FlashGet
2008-11-15 17:17   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Codemasters
2008-11-10 16:01   ---------   d-----w   c:\program files\Electronic Arts
2008-11-10 15:14   ---------   d-----w   c:\program files\Microsoft Games
2008-11-10 15:14   ---------   d-----w   c:\documents and settings\Pucek\Dane aplikacji\Microsoft Games
2008-11-01 23:34   ---------   d-----w   c:\program files\Crysis WARHEAD
2008-11-01 22:18   ---------   d-----w   c:\program files\CapCom
2008-11-01 22:17   ---------   d-----w   c:\program files\Ubisoft
2008-10-24 20:51   ---------   d-----w   c:\documents and settings\Pucek\Dane aplikacji\Disney Interactive Studios
2008-10-24 20:49   ---------   d-----w   c:\program files\DAEMON Tools Lite
2008-10-24 20:48   717,296   ----a-w   c:\windows\system32\drivers\sptd.sys
2008-10-22 18:35   ---------   d-----w   c:\documents and settings\Pucek\Dane aplikacji\TMNT
2008-10-22 18:01   ---------   d-----w   c:\program files\Happy Tree Friends - False Alarm
2008-10-22 18:01   ---------   d-----w   c:\documents and settings\All Users\Dane aplikacji\Trymedia
2008-10-22 17:38   ---------   d-----w   c:\program files\S.T.A.L.K.E.R. - Clear Sky
2008-10-17 10:05   ---------   d-----w   c:\program files\WarCraft III LAN
2008-10-08 19:45   ---------   d-----w   c:\program files\USB Vibration
2008-10-04 00:19   ---------   d-----w   c:\program files\Gpotato
2008-10-03 20:39   ---------   d-----w   c:\program files\Rayman Raving Rabbids
2008-10-03 20:05   ---------   d-----w   c:\program files\Splinter Cell PL
2008-10-03 19:35   ---------   d-----w   c:\program files\Common Files\Adobe
2008-10-02 16:00   ---------   d-----w   c:\program files\Atari
2008-10-02 14:49   ---------   d-----w   c:\program files\PANZERS - Faza 2
2008-09-22 16:37   304,528   ----a-w   c:\windows\system32\appdrvrem01.exe
2008-09-06 21:21   107,888   ----a-w   c:\windows\system32\CmdLineExt.dll
2006-05-03 09:06   163,328   --sh--r   c:\windows\system32\flvDX.dll
2007-02-21 10:47   31,232   --sh--r   c:\windows\system32\msfDX.dll
2008-03-16 12:30   216,064   --sh--r   c:\windows\system32\nbDX.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"D-Link Air Utility"="c:\program files\D-Link\Air Utility\AirCFG.exe" [2003-06-26 2695168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-31 385024]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-18 81000]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 15:03 36864 c:\program files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
--a------ 2005-05-24 22:41 503808 c:\program files\Konnekt\konnekt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2006-11-06 09:27 200704 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Konnekt\\konnekt.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TDU\\TestDriveUnlimited.exe"=
"c:\\Program Files\\Puzzle Quest\\Puzzle Quest.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.3.3.7799-to-2.4.0.8089-enUS-downloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Metin2_PL\\metin2.bin"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"c:\\Program Files\\MAIET\\Gunz\\Gunz.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\RedFaction\\RedFaction.exe"=
"c:\\Program Files\\RedFaction\\rf.exe"=
"c:\\Program Files\\RedFaction\\PF.exe"=
"c:\\NeverwinterNights\\NWN\\nwmain.exe"=
"c:\\Program Files\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R?2 WZCBDLService;WZCBDL Service;"c:\program files\WZCBDL Service\WZCBDLS.exe" [2002-03-19 36864]
R1 appdrv01;Application Driver (01);c:\windows\system32\Drivers\appdrv01.sys [2008-09-22 2915944]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-24 110160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-24 20560]
R2 NIOC;NIOC Service;\??\c:\windows\system32\NIOC.SYS [2002-09-27 22912]
R3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;c:\windows\system32\DRIVERS\NETDLWL.SYS [2008-02-05 159104]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc []
S2 GAFilter;Double Vibration Controller 3;c:\windows\system32\DRIVERS\DV3.sys []
S3 jgameenp;jgameenp;\??\c:\docume~1\Pucek\USTAWI~1\Temp\jgameenp.sys []
S3 XDva120;XDva120;\??\c:\windows\system32\XDva120.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27efe6bf-f8d3-11dc-a3d8-00134629a2b1}]
\Shell\AutoRun\command - L:\1rfw8hjr.com
\Shell\explore\Command - L:\1rfw8hjr.com
\Shell\open\Command - L:\1rfw8hjr.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d11e91f-d4c5-11dc-a375-00134629a2b1}]
\Shell\AutoRun\command - L:\ij.bat
\Shell\explore\Command - L:\ij.bat
\Shell\open\Command - L:\ij.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{570c5b27-7373-11dd-a4fd-001a4d934824}]
\Shell\AutoRun\command - F:\launch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7302fef0-6b1e-11dd-a4e9-001a4d934824}]
\Shell\AutoRun\command - F:\1rfw8hjr.com
\Shell\explore\Command - F:\1rfw8hjr.com
\Shell\open\Command - F:\1rfw8hjr.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abbe5a28-8991-11dd-a52b-001a4d934824}]
\Shell\AutoRun\command - L:\1rfw8hjr.com
\Shell\explore\Command - L:\1rfw8hjr.com
\Shell\open\Command - L:\1rfw8hjr.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e38e0845-2a10-11dd-a440-00134629a2b1}]
\Shell\AutoRun\command - F:\6x8be16.cmd
\Shell\explore\Command - F:\6x8be16.cmd
\Shell\open\Command - F:\6x8be16.cmd
.
- - - - USUNIĘTO PUSTE WPISY - - - -

MSConfigStartUp-amva - c:\windows\system32\amvo.exe
MSConfigStartUp-osCheck - c:\program files\Norton AntiVirus\osCheck.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Skan uzupełniający -------
.
FireFox -: Profile - c:\documents and settings\Pucek\Dane aplikacji\Mozilla\Firefox\Profiles\auz9f8ub.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-26 23:00:14
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-11-26 23:01:35
ComboFix-quarantined-files.txt  2008-11-26 22:01:33
ComboFix2.txt  2008-06-25 15:28:31

Przed: 4 100 366 336 bajtów wolnych
Po: 4,292,468,736 bajtów wolnych

208   --- E O F ---   2008-06-20 20:34:42


[djarta]

Na początek Cię spytam czy znasz ten folder ---> C:\ijji.?

HJT - czysty.

Na początek używasz któryś z tych programów/rozwiązań:
Perlovga Removal Tool
Flash Disinfector
lub format.

Zrobię Ci małe porządki w 'msconfingu'.
Wklej do Notatnika:

Kod: Zaznacz wszystko

File::
c:\windows\system32\gasretyw1.dll

Driver::
jgameenp

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27efe6bf-f8d3-11dc-a3d8-00134629a2b1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d11e91f-d4c5-11dc-a375-00134629a2b1}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7302fef0-6b1e-11dd-a4e9-001a4d934824}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abbe5a28-8991-11dd-a52b-001a4d934824}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e38e0845-2a10-11dd-a440-00134629a2b1}]


>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.



==========================
K.