Sieć bezprzewodowa. Dostawca: Millenium. Używam routera TP-Link TL-WR543G.
Log z ComboFixa (jak by miało to jakiś wpływ, podczas skanowania tym programem miałem włączonego Avasta, tylko osłony powyłączane):
ComboFix 11-10-21.06 - RUMINKIEWICZ 2011-10-22 11:40:32.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1022.535 [GMT 2:00]
Uruchomiony z: d:\programy\ComboFix\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\RUMINKIEWICZ\Dane aplikacji\EurekaLog
c:\documents and settings\RUMINKIEWICZ\Dane aplikacji\EurekaLog\EurekaLog.ini
C:\install.exe
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Pliki utworzone od 2011-09-22 do 2011-10-22 )))))))))))))))))))))))))))))))
.
.
2011-09-29 13:30 . 2011-10-18 19:26 -------- d-----w- c:\documents and settings\RUMINKIEWICZ\Ustawienia lokalne\Dane aplikacji\dxhr
2011-09-29 13:29 . 2011-09-29 13:29 -------- d-----w- c:\documents and settings\RUMINKIEWICZ\Ustawienia lokalne\Dane aplikacji\28050
2011-09-26 20:30 . 2011-09-26 20:30 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Apple
2011-09-26 13:35 . 2011-09-26 13:35 -------- d-----w- c:\documents and settings\RUMINKIEWICZ\.swt
2011-09-26 11:09 . 2011-09-26 11:09 -------- d-----w- c:\documents and settings\RUMINKIEWICZ\Dane aplikacji\Apple Computer
2011-09-26 10:58 . 2011-09-26 10:58 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin7.dll
2011-09-26 10:58 . 2011-09-26 10:58 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin6.dll
2011-09-26 10:58 . 2011-09-26 10:58 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin5.dll
2011-09-26 10:58 . 2011-09-26 10:58 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin4.dll
2011-09-26 10:58 . 2011-09-26 10:58 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin3.dll
2011-09-26 10:58 . 2011-09-26 10:58 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin2.dll
2011-09-26 10:58 . 2011-09-26 10:58 159744 ----a-w- c:\program files\Internet Explorer\Wtyczki\npqtplugin.dll
2011-09-26 10:58 . 2011-09-26 10:58 -------- d-----w- c:\program files\QuickTime
2011-09-26 10:58 . 2011-09-26 10:58 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple Computer
2011-09-26 10:58 . 2011-09-26 10:58 -------- d-----w- c:\program files\Common Files\Apple
2011-09-26 10:57 . 2011-09-26 10:57 -------- d-----w- c:\documents and settings\RUMINKIEWICZ\Ustawienia lokalne\Dane aplikacji\Apple
2011-09-26 10:57 . 2011-09-26 10:57 -------- d-----w- c:\program files\Apple Software Update
2011-09-26 10:57 . 2011-09-26 10:57 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Apple
2011-09-26 10:57 . 2011-09-26 10:57 -------- d-----w- c:\documents and settings\RUMINKIEWICZ\Ustawienia lokalne\Dane aplikacji\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 11:07 . 2011-05-20 10:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2008-07-29 17:59 614400 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2006-03-02 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2006-03-02 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-09 09:12 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2006-03-02 12:00 1859200 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:40 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:40 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-08-22 23:40 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:58 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2006-03-02 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-26 18:39 . 2011-07-26 18:39 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-07-14 292208]
"RTHDCPL"="RTHDCPL.EXE" [2011-07-14 19557480]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"LXCCCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll" [2005-07-20 73728]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2010-12-17 262144]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Steam\\steamapps\\zone10000002\\team fortress 2\\hl2.exe"=
"e:\\Program Files\\WapSter\\WapSter AQQ\\AQQ.exe"=
"e:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"e:\\Program Files\\Steam\\steamapps\\zone10000002\\synergy dedicated server\\srcds.exe"=
"e:\\Program Files\\Steam\\steamapps\\zone10000002\\half-life deathmatch source\\hl2.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Program Files\\Postal 2 STP\\System\\Postal2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2011-07-26 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-06-29 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-09-21 309848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-09-21 19544]
R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-10 2214504]
R3 PAC207;Trust Webcam Live;c:\windows\system32\drivers\PFC027.SYS [2007-04-12 507264]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-07-14 1691480]
S3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys --> c:\windows\system32\drivers\Btcomm.sys [?]
S3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\DRIVERS\btkrnbdg.sys --> c:\windows\system32\DRIVERS\btkrnbdg.sys [?]
S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys --> c:\windows\system32\drivers\ewfiltertdidriver.sys [?]
S3 gupdatem;Usługa Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 vad_multi;Windigo Virtual Audio Device (WDM);c:\windows\system32\drivers\vadmulti.sys --> c:\windows\system32\drivers\vadmulti.sys [?]
.
Zawartość folderu 'Zaplanowane zadania'
.
2011-10-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-22 12:19]
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-22 12:19]
.
2011-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-2111687655-725345543-1004Core.job
- c:\documents and settings\RUMINKIEWICZ\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-08-18 12:45]
.
2011-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-2111687655-725345543-1004UA.job
- c:\documents and settings\RUMINKIEWICZ\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2011-08-18 12:45]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.spolszczenia.pl.prv.pl
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 194.204.159.1 194.204.152.34
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
HKCU-Run-ares - e:\program files\Ares\Ares.exe
HKCU-Run-Spol - http://www.toya.net.pl/~spol/site/index.htm
AddRemove-RD - e:\program files\VSTPlugins\DT\uninstall.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Dane aplikacji\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}\bm_installer.exe
AddRemove-Łatka polonizacyjna GTA IV v0.98 - e:\program files\Rockstar Games\Grand Theft Auto IV\Spolszczenie\Deinstalator.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-22 11:47
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCCCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1177238915-2111687655-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:fa,0d,8b,59,e0,80,f0,29,42,0c,59,f9,56,14,0c,65,1d,ad,ef,15,af,c0,84,
5d,b6,ef,a8,18,95,2e,88,b6,f5,0f,db,2b,44,11,8d,60,dd,0f,8d,55,31,1c,96,07,\
"??"=hex:cb,d1,2f,38,60,0f,c0,e0,9a,0c,03,aa,c1,47,8a,b1
.
[HKEY_USERS\S-1-5-21-1177238915-2111687655-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:f4,e6,56,f9,81,f6,75,ab,b4,85,56,6a,a5,b2,dc,22,ec,cd,f5,9b,f5,
4b,85,d6,dc,bf,41,10,da,19,c6,aa,1f,a2,c1,9f,6f,9c,91,cb,d9,2e,df,f5,12,a8,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
Czas ukończenia: 2011-10-22 11:49:43
ComboFix-quarantined-files.txt 2011-10-22 09:49
.
Przed: 74 936 590 336 bajtów wolnych
Po: 75 489 005 568 bajtów wolnych
.
WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 834F7C87AE56A4B03EC33ED2750A2E9A