proszę o sprawdzenie loga / wirus

[dawid060]

Tak jak w temacie. Neta i kompa ostro muli. Gdyby nie WWDC to bym się wogóle nie zorientował

Your system seems to be infected by a virus, your SVCHOST visual memory use 25188Ko is s beyond usual values. It is strongly advised chek your system witch an AntyVirus up to date an AntiTrojans

HijackThis

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 05:53:39, on 2007-12-18
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Programy\Alwil Software\Avast4\aswUpdSv.exe
D:\Programy\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
D:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\PnkBstrB.exe
D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Programy\Alwil Software\Avast4\ashWebSv.exe
D:\Programy\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\ULI5289\JMAP5289.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
D:\Programy\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
E:\Nowy folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gg.hit.gemius.pl/hitredir/id=zNg70fBEnKx2VPzZ9N4_2MbfDfxw1WbXq6c2jbCt9Vf.t7/stparam=okprfvfgim/url=www.wyprzedaz.renault.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\programy\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programy\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\Programy\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Programy\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Programy\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Programy\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Programy\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programy\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programy\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programy\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Kod: Zaznacz wszystko

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"Gadu-Gadu" = ""D:\Programy\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ALi5289" = "C:\Program Files\ULI5289\ALi5289.exe" [empty string]
"JMAP5289" = "C:\Program Files\ULI5289\JMAP5289.exe" [null data]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]
"avast!" = "D:\Programy\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
{306D6C21-C1B6-4629-986C-E59E1875B8AF}\(Default) = (no title provided)
                                       \StubPath   = ""C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "AcroIEHlprObj Class"
                   \InProcServer32\(Default) = "d:\programy\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
  -> {HKLM...CLSID} = "BitComet Helper"
                   \InProcServer32\(Default) = "D:\Programy\BitComet\tools\BitCometBHO_1.1.8.30.dll" ["BitComet"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
                   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
  -> {HKLM...CLSID} = "Shell Extension for CDRW"
                   \InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software AG"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "D:\Programy\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
  -> {HKLM...CLSID} = "Portable Media Devices Menu"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
                   \InProcServer32\(Default) = "D:\Programy\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "D:\Programy\Microsoft Office\Office10\msohev.dll" [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "D:\Programy\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
  -> {HKLM...CLSID} = "avast"
                   \InProcServer32\(Default) = "D:\Programy\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoLowDiskSpaceChecks" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{E7A829CC-671F-4C3D-B590-8C0AEA72E6B2}\(Default) = "BitComet Button"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "D:\Programy\BitComet\tools\BitCometBHO_1.1.8.30.dll" ["BitComet"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{461CC20B-FB6E-4F16-8FE8-C29359DB100E}\
"ButtonText" = "BitComet Search"


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""D:\Programy\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""D:\Programy\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""D:\Programy\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""D:\Programy\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
BlueSoleil Hid Service, BlueSoleil Hid Service, "D:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe" [null data]
InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["Ahead Software AG"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
PnkBstrA, PnkBstrA, "C:\WINDOWS\System32\PnkBstrA.exe" [null data]
PnkBstrB, PnkBstrB, "C:\WINDOWS\System32\PnkBstrB.exe" [null data]
StarWind AE Service, StarWindServiceAE, "D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]


---------- (launch time: 2007-12-18 06:04:31)
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 98 seconds.
---------- (total run time: 278 seconds)


[wojtas]

Wykonaj to co jest podane w tym temacie


Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz z hijacka

[dawid060]

ComboFix

Kod: Zaznacz wszystko

ComboFix 07-12-19.2 - Administrator 2007-12-19  6:16:20.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.1.1250.1.1045.18.493 [GMT 1:00]
Running from: E:\bezpieczeństwo\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2007-11-19 to 2007-12-19  )))))))))))))))))))))))))))))))
.

2007-12-19 05:43 . 2007-12-19 05:43   <DIR>   d--------   C:\WINDOWS\ERUNT
2007-12-19 05:39 . 2005-04-28 20:35   1,190,400   --a------   C:\WINDOWS\system32\ole32.dll
2007-12-19 05:39 . 2004-03-06 03:21   535,552   --a------   C:\WINDOWS\system32\rpcrt4.dll
2007-12-19 05:39 . 2005-04-28 20:35   275,456   --a------   C:\WINDOWS\system32\rpcss.dll
2007-12-19 05:39 . 2005-04-28 20:35   69,120   --a------   C:\WINDOWS\system32\olecli32.dll
2007-12-18 10:24 . 2007-12-18 10:24   <DIR>   d--h-----   C:\WINDOWS\system32\GroupPolicy
2007-12-17 06:33 . 2007-12-17 06:33   <DIR>   d--------   C:\Program Files\Native Instruments
2007-12-17 06:11 . 2007-12-17 06:11   <DIR>   d--------   C:\Documents and Settings\Administrator.DOM-KW44RKBWBS6\Dane aplikacji\Cream Software
2007-12-17 05:34 . 2007-12-17 05:36   <DIR>   d--------   C:\Documents and Settings\Administrator.DOM-KW44RKBWBS6\Dane aplikacji\Skype
2007-12-03 21:04 . 2007-12-03 21:04   <DIR>   d--------   C:\Documents and Settings\Administrator.DOM-KW44RKBWBS6\Dane aplikacji\Ahead
2007-12-02 16:54 . 2007-12-02 16:54   <DIR>   d--------   C:\WINDOWS\AM
2007-11-30 13:54 . 2003-02-18 05:51   545   --a------   C:\WINDOWS\UC.PIF
2007-11-30 13:54 . 2003-02-18 05:51   545   --a------   C:\WINDOWS\RAR.PIF
2007-11-30 13:54 . 2003-02-18 05:51   545   --a------   C:\WINDOWS\PKZIP.PIF
2007-11-30 13:54 . 2003-02-18 05:51   545   --a------   C:\WINDOWS\PKUNZIP.PIF
2007-11-30 13:54 . 2003-02-18 05:51   545   --a------   C:\WINDOWS\NOCLOSE.PIF
2007-11-30 13:54 . 2003-02-18 05:51   545   --a------   C:\WINDOWS\LHA.PIF
2007-11-30 13:54 . 2003-02-18 05:51   545   --a------   C:\WINDOWS\ARJ.PIF
2007-11-27 09:59 . 2007-11-28 12:20   20,480   --a------   C:\WINDOWS\system32\H@tKeysH@@k.DLL
2007-11-27 08:56 . 2007-11-27 08:56   <DIR>   d--------   C:\Documents and Settings\Administrator.DOM-KW44RKBWBS6\SystemRequirementsLab
2007-11-26 11:39 . 2007-12-19 05:41   <DIR>   d--------   C:\Documents and Settings\Administrator.DOM-KW44RKBWBS6\Dane aplikacji\foobar2000
2007-11-26 10:33 . 2007-11-26 10:33   <DIR>   d--------   C:\Documents and Settings\Administrator.DOM-KW44RKBWBS6\Dane aplikacji\Gadu-Gadu
2007-11-26 10:32 . 2007-11-26 10:33   <DIR>   d--------   C:\Documents and Settings\Administrator.DOM-KW44RKBWBS6\Gadu-Gadu
2007-11-26 09:46 . 2007-11-26 09:46   <DIR>   d--------   C:\Documents and Settings\Administrator.DOM-KW44RKBWBS6\Dane aplikacji\CyberLink
2007-11-21 10:17 . 2007-12-19 05:55   <DIR>   d--h-----   C:\Documents and Settings\Administrator.DOM-KW44RKBWBS6\Ustawienia lokalne
2007-11-21 10:17 . 2007-11-26 09:44   <DIR>   dr-------   C:\Documents and Settings\Administrator.DOM-KW44RKBWBS6\Ulubione
2007-11-21 10:17 . 2007-12-17 05:38   <DIR>   d--h-----   C:\Documents and Settings\Administrator.DOM-KW44RKBWBS6\Szablony
2007-11-21 10:17 . 2007-12-19 06:12   <DIR>   d--------   C:\Documents and Settings\Administrator.DOM-KW44RKBWBS6\Pulpit
2007-11-21 10:17 . 2007-12-17 06:11   <DIR>   dr-------   C:\Documents and Settings\Administrator.DOM-KW44RKBWBS6\Moje dokumenty
2007-11-21 10:17 . 2007-09-26 16:47   <DIR>   dr-------   C:\Documents and Settings\Administrator.DOM-KW44RKBWBS6\Menu Start
2007-11-21 10:17 . 2007-12-17 06:11   <DIR>   dr-h-----   C:\Documents and Settings\Administrator.DOM-KW44RKBWBS6\Dane aplikacji
2007-11-20 21:24 . 2007-09-26 16:47   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2007-11-20 21:24 . 2007-09-26 16:47   <DIR>   d--------   C:\Documents and Settings\Administrator\Ulubione
2007-11-20 21:24 . 2007-09-26 15:53   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2007-11-20 21:24 . 2007-09-26 16:47   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2007-11-20 21:24 . 2007-09-26 16:47   <DIR>   d--------   C:\Documents and Settings\Administrator\Moje dokumenty
2007-11-20 21:24 . 2007-09-26 16:47   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2007-11-20 21:24 . 2007-09-26 16:47   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2007-11-19 19:53 . 2007-11-19 19:53   <DIR>   d--------   C:\Documents and Settings\Gość\Dane aplikacji\Gadu-Gadu
2007-11-19 19:43 . 2007-11-19 21:40   <DIR>   d--------   C:\Documents and Settings\Gość\Dane aplikacji\foobar2000
2007-11-19 17:35 . 2007-11-19 17:35   <DIR>   d--------   C:\Documents and Settings\Gość\Gadu-Gadu
2007-11-19 17:35 . 2007-11-19 17:35   <DIR>   d--------   C:\Documents and Settings\Gość\Gadu-Gadu
2007-11-19 17:28 . 2007-12-19 05:55   <DIR>   d--h-----   C:\Documents and Settings\Gość\Ustawienia lokalne
2007-11-19 17:28 . 2007-12-19 05:55   <DIR>   d--h-----   C:\Documents and Settings\Gość\Ustawienia lokalne
2007-11-19 17:28 . 2007-11-19 17:29   <DIR>   dr-------   C:\Documents and Settings\Gość\Ulubione
2007-11-19 17:28 . 2007-11-19 17:29   <DIR>   dr-------   C:\Documents and Settings\Gość\Ulubione
2007-11-19 17:28 . 2007-09-26 15:53   <DIR>   d--h-----   C:\Documents and Settings\Gość\Szablony
2007-11-19 17:28 . 2007-09-26 15:53   <DIR>   d--h-----   C:\Documents and Settings\Gość\Szablony
2007-11-19 17:28 . 2007-11-21 10:14   <DIR>   d--------   C:\Documents and Settings\Gość\Pulpit
2007-11-19 17:28 . 2007-11-21 10:14   <DIR>   d--------   C:\Documents and Settings\Gość\Pulpit
2007-11-19 17:28 . 2007-11-19 20:23   <DIR>   dr-------   C:\Documents and Settings\Gość\Moje dokumenty
2007-11-19 17:28 . 2007-11-19 20:23   <DIR>   dr-------   C:\Documents and Settings\Gość\Moje dokumenty
2007-11-19 17:28 . 2007-09-26 16:47   <DIR>   dr-------   C:\Documents and Settings\Gość\Menu Start
2007-11-19 17:28 . 2007-09-26 16:47   <DIR>   dr-------   C:\Documents and Settings\Gość\Menu Start
2007-11-19 17:28 . 2007-11-19 19:53   <DIR>   dr-h-----   C:\Documents and Settings\Gość\Dane aplikacji
2007-11-19 17:28 . 2007-11-19 19:53   <DIR>   dr-h-----   C:\Documents and Settings\Gość\Dane aplikacji

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 07:36   ---------   d-----w   C:\Program Files\Common Files\Adobe
2007-12-04 14:56   93,264   ----a-w   C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55   94,544   ----a-w   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53   23,152   ----a-w   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51   42,912   ----a-w   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49   26,624   ----a-w   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04   837,496   ----a-w   C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54   95,608   ----a-w   C:\WINDOWS\system32\AvastSS.scr
2007-12-02 16:44   22,328   ----a-w   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-02 16:44   107,832   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
2007-11-17 07:11   66,872   ----a-w   C:\WINDOWS\system32\PnkBstrA.exe
2007-11-17 06:59   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-11-14 12:48   ---------   d-----w   C:\Program Files\Yahoo!
2007-11-04 13:49   ---------   d-----w   C:\Program Files\Skype
2007-11-04 13:49   ---------   d-----w   C:\Program Files\Common Files\Skype
2007-11-04 13:49   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Skype
2007-11-02 14:09   ---------   d-----w   C:\Program Files\SystemRequirementsLab
2007-10-27 08:30   60,416   ----a-w   C:\WINDOWS\ALCFDRTM.EXE
2007-10-26 07:16   163,644   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-26 07:05   737,280   ----a-w   C:\WINDOWS\iun6002.exe
2007-10-22 13:27   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2007-10-20 11:58   ---------   d-----w   C:\Program Files\Java
2007-10-20 11:56   ---------   d-----w   C:\Program Files\Common Files\Java
2007-10-01 14:28   107,888   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2007-09-30 09:11   30   ----a-w   C:\Turbo Mahjonggpath.sys
2007-09-26 14:56   558,142   ----a-w   C:\WINDOWS\java\Packages\D3J9ZF5N.ZIP
2007-09-26 14:56   155,995   ----a-w   C:\WINDOWS\java\Packages\RF1R9FLB.ZIP
2004-03-11 11:27   40,960   ----a-w   C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((   snapshot@2007-12-19_ 5.55.30.34   )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-19 04:43:36   1,650,688   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2007-12-19 05:09:10   1,761,280   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
- 2007-12-19 04:43:36   147,456   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-12-19 05:09:10   147,456   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-12-19 05:11:14   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_62c.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05]
"Gadu-Gadu"="D:\Programy\Gadu-Gadu\gg.exe" [2007-07-09 08:39]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALi5289"="C:\Program Files\ULI5289\ALi5289.exe" [2004-07-24 10:13]
"JMAP5289"="C:\Program Files\ULI5289\JMAP5289.exe" [2004-07-19 08:37]
"SoundMan"="SOUNDMAN.EXE" [2004-07-23 09:27 C:\WINDOWS\SOUNDMAN.EXE]
"NvCplDaemon"="RUNDLL32.exe" [2001-10-26 18:30 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2004-05-14 06:41 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2001-10-26 18:30 C:\WINDOWS\system32\rundll32.exe]
"avast!"="D:\Programy\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 18:05]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
         D:\Programy\BitComet\BitComet.exe /tray
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
         D:\Programy\D-Tools\daemon.exe  -lang 1033
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
         D:\Programy\Gadu-Gadu\gg.exe /tray
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2004-04-06 18:36   1298542   ---------   C:\Program Files\Ahead\InCD\InCD.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-08-19 16:09   57344   --a--c---   C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
         C:\Program Files\Messenger\msmsgs.exe /background
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50   155648   --a------   C:\WINDOWS\system32\NeroCheck.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-12-08 16:35   32768   --a------   D:\Programy\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
         
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
         C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

R0 aliidex;aliidex;C:\WINDOWS\System32\drivers\aliidex.sys [2003-03-06 10:26]
R0 aliperf;aliperf;C:\WINDOWS\System32\drivers\aliperf.sys [2003-01-16 15:47]
R0 m5289;m5289;C:\WINDOWS\System32\DRIVERS\m5289.sys [2004-07-23 16:00]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\System32\DRIVERS\agpkx.sys [2004-07-08 14:58]
R3 DstAud;DstAud;C:\WINDOWS\System32\DRIVERS\DstAud.sys [2001-12-05 17:00]
R3 DstVid;DstVid;C:\WINDOWS\System32\DRIVERS\DstVid.sys [2001-12-05 17:00]
R3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\System32\DRIVERS\ULILAN.SYS [2004-07-26 19:19]
S3 JM5289;JM5289;C:\Documents and Settings\Dawid\JM5289.sys []

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 06:17:06
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-19  6:17:30
C:\ComboFix2.txt ... 2007-12-19 05:55
.
2007-09-27 11:29:34   --- E O F --- 



HijackThis

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 06:15:42, on 2007-12-19
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Programy\Alwil Software\Avast4\aswUpdSv.exe
D:\Programy\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
D:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\PnkBstrB.exe
D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
D:\Programy\Alwil Software\Avast4\ashMaiSv.exe
D:\Programy\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ULI5289\ALi5289.exe
C:\Program Files\ULI5289\JMAP5289.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
D:\Programy\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\ctfmon.exe
D:\Programy\Gadu-Gadu\gg.exe
E:\bezpieczeństwo\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gg.hit.gemius.pl/hitredir/id=zNg70fBEnKx2VPzZ9N4_2MbfDfxw1WbXq6c2jbCt9Vf.t7/stparam=okprfvfgim/url=www.wyprzedaz.renault.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\programy\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programy\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
O4 - HKLM\..\Run: [JMAP5289] C:\Program Files\ULI5289\JMAP5289.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\Programy\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Programy\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Programy\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Programy\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Programy\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programy\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programy\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programy\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programy\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Programy\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe





SDFix

Kod: Zaznacz wszystko


SDFix: Version 1.118

Run by Administrator on 2007-12-19 at 06:09

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



                                 Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-19 06:12:11
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\T\1\1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\T\1\1\DirectSound]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\T\1\1\DirectSound\Device Presence]
"VxD"=dword:00000001
"WDM"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Enum\T\1\1\DirectSound\Mixer Defaults]
"Acceleration"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,64,37,23,7b,55,59,b7,2e,74,12,fb,a5,94,38,03,06,03,..
"hj34z0"=hex:5c,42,8f,9c,cb,4e,ed,d1,e3,64,14,72,90,97,b7,df,38,60,3c,6b,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Programy\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:77,de,cb,57,ce,44,6d,85,b0,f1,b6,01,da,d8,22,45,32,92,b2,4f,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Enum\T\1\1]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Enum\T\1\1\DirectSound]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Enum\T\1\1\DirectSound\Device Presence]
"VxD"=dword:00000001
"WDM"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Hardware Profiles\0001\System\CurrentControlSet\Enum\T\1\1\DirectSound\Mixer Defaults]
"Acceleration"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="D:\Programy\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:77,de,cb,57,ce,44,6d,85,b0,f1,b6,01,da,d8,22,45,32,92,b2,4f,32,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Thu 27 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\03ddd87c1fa8f5b7c7a8520d3d9ebaa5\BIT1F.tmp"
Thu 27 Sep 2007     2,716,440 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\046744681e881fe3088bc51691467721\BIT25.tmp"
Thu 27 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\076f1aa5a201db5b428fbe164817aab2\BIT1B.tmp"
Thu 27 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0d73c5f11656cfb2872f8f4bb0b3a716\BIT23.tmp"
Thu 27 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0fffd07eaf930cc2973bc1444b13a2dd\BIT5.tmp"
Thu 27 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18f04ce5208bf85f21aa56793fc206ed\BIT11.tmp"
Thu 27 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\31383aab90693af2687520e301606b09\BITE.tmp"
Thu 27 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\470c50ee23affed25b509c745d0a64f5\BIT8.tmp"
Thu 27 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4efd47dbdb013fb13d7017ca33573d6d\BIT13.tmp"
Thu 27 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\55fe03e59c7b98ebc21dc3c36e54eaf0\BIT12.tmp"
Thu 27 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8024f4e99b89fb365c808f79d373434f\BIT19.tmp"
Thu 27 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\82b5806a949d94a191d0f138373e8ea4\BIT20.tmp"
Thu 27 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8aba0967f899f346d112e436c1f1b5c7\BIT21.tmp"
Thu 27 Sep 2007     1,074,912 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8c93e6303dd03d7ed0635a0a54064c4f\BIT1.tmp"
Thu 27 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a8a9893520d8acebfaa6c883d8588a95\BIT9.tmp"
Thu 27 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e8fc35c1be1293ddc83ec4f731e700a5\BIT1E.tmp"
Thu 27 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ec799b70d90cb0bf29b4da57cffabd91\BITA.tmp"
Thu 27 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f76c14caaf790363d31e9aef2a299489\BIT7.tmp"

Finished! 


[wojtas]

C:\Turbo Mahjonggpath.sys

znasz to?? jesli nie to skasuj plik od kosza

[dawid060]

Znam, to z gry jest

[wojtas]

to bedzie czysto juz