Bardzo proszę o pomoc, taki sam problem, jestem na skraju załamania nerwowego…
Przepraszam za podpięcie sie pod inny temat …
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:58:48, on 2009-04-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: (no name) - {52D06F97-5511-43FA-8FDA-C481864FD26E} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmuhflh.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
--
End of file - 5216 bytes
ComboFix 09-04-13.A2 - Administrator 2009-04-13 15:05.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2046.1638 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((( Pliki utworzone od 2009-03-13 do 2009-04-13 )))))))))))))))))))))))))))))))
.
2009-04-13 10:42 . 2008-12-11 06:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-04-13 10:41 . 2009-03-06 14:45 130424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-04-13 10:41 . 2008-12-18 10:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-13 10:41 . 2008-12-10 10:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-04-13 10:41 . 2009-04-13 10:41 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Tools
2009-04-12 15:55 . 2009-04-12 15:58 9984 ----a-w c:\windows\system32\mmmuhflh.dll
2009-04-07 21:31 . 2009-04-07 21:31 189784 ----a-w c:\windows\system32\PnkBstrB.xtr
2009-04-07 20:58 . 2009-04-07 20:58 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\PunkBuster
2009-04-07 20:55 . 2009-04-07 20:55 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\id Software
2009-04-07 20:52 . 2009-04-07 20:52 2246144 ----a-w c:\windows\system32\pbsvc.exe
2009-04-07 20:52 . 2009-04-07 20:52 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\id Software
2009-04-07 18:49 . 2009-04-07 18:49 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Diskeeper Corporation
2009-04-07 07:20 . 2009-04-07 14:41 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Mount&Blade
2009-04-06 19:54 . 2009-04-06 20:12 -------- d-----w C:\Left 4 Dead
2009-03-25 10:04 . 2009-03-25 10:04 -------- d-----w c:\documents and settings\LocalService\Pulpit
2009-03-20 22:36 . 2004-08-18 08:34 442368 ----a-r c:\windows\system32\vp6vfw.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 12:45 . 2007-12-12 22:35 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2009-04-13 12:39 . 2001-10-26 16:15 82010 ----a-w c:\windows\system32\perfc015.dat
2009-04-13 12:39 . 2001-10-26 16:15 484634 ----a-w c:\windows\system32\perfh015.dat
2009-04-13 11:35 . 2009-04-13 11:35 -------- d-----w c:\program files\Alwil Software
2009-04-13 11:22 . 2007-12-04 13:11 -------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-04-13 11:19 . 2009-04-13 11:19 -------- d-----w c:\program files\Trend Micro
2009-04-13 10:43 . 2009-04-13 10:41 -------- d-----w c:\program files\Spyware Doctor
2009-04-13 10:42 . 2009-04-13 10:41 -------- d-----w c:\program files\Common Files\PC Tools
2009-04-12 11:24 . 2008-04-25 14:29 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Skype
2009-04-12 11:24 . 2007-11-28 18:43 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\skypePM
2009-04-12 07:04 . 2007-12-12 22:35 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-12 07:03 . 2009-03-24 21:48 -------- d-----w c:\program files\Lavasoft
2009-04-12 07:03 . 2008-11-13 22:27 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Lavasoft
2009-04-12 06:29 . 2009-03-26 07:35 4028 ----a-w C:\aaw7boot.log
2009-04-12 06:27 . 2008-09-10 08:28 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\uTorrent
2009-04-11 22:59 . 2009-01-19 16:30 -------- d-----w c:\program files\Lineage II
2009-04-11 22:24 . 2008-11-20 21:30 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Ventrilo
2009-04-11 18:21 . 2009-03-06 19:22 -------- d-----w c:\program files\Garena
2009-04-11 15:02 . 2008-10-15 13:29 -------- d-----w c:\program files\NAPI-PROJEKT
2009-04-10 17:07 . 2008-08-02 17:53 -------- d-----w c:\program files\Uniblue
2009-04-10 17:07 . 2008-08-02 17:14 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Uniblue
2009-04-10 12:34 . 2007-11-28 08:49 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 07:11 . 2007-12-30 23:54 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\foobar2000
2009-04-07 21:31 . 2008-02-18 14:31 138944 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-07 21:31 . 2008-02-18 14:31 189784 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-07 21:26 . 2008-02-18 14:30 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-07 20:52 . 2008-05-02 12:59 22328 ----a-w c:\documents and settings\Administrator\Dane aplikacji\PnkBstrK.sys
2009-04-07 19:45 . 2009-04-07 19:44 -------- d-----w c:\program files\Fallout 3
2009-04-07 19:40 . 2009-04-07 19:40 -------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-04-07 19:29 . 2009-04-07 19:29 -------- d-----w c:\program files\Bethesda Softworks
2009-04-07 19:28 . 2008-11-08 02:24 70776 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2009-04-07 19:14 . 2009-03-04 19:12 -------- d-----w c:\program files\Executive Software
2009-04-07 18:49 . 2009-04-07 18:49 -------- d-----w c:\program files\Diskeeper Corporation
2009-04-07 07:22 . 2009-04-07 07:19 -------- d-----w c:\program files\Mount&Blade
2009-04-03 13:58 . 2009-04-03 13:58 -------- d-----w c:\program files\Ventrilo
2009-04-03 13:58 . 2008-11-07 19:50 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-01 21:29 . 2007-12-11 08:57 -------- d-----w c:\program files\Warcraft III
2009-03-22 01:31 . 2008-07-09 00:09 87606 ----a-w c:\windows\War3Unin.dat
2009-03-20 22:36 . 2009-03-20 22:36 -------- d-----w c:\program files\EA GAMES
2009-03-14 01:38 . 2009-03-14 01:38 -------- d-----w c:\program files\Auto Combat Points
2009-03-10 20:58 . 2007-12-04 17:37 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\teamspeak2
2009-03-06 02:35 . 2008-02-12 17:14 -------- d-----w c:\program files\Valve
2009-03-01 17:40 . 2007-12-12 23:10 -------- d-----w c:\program files\SpeedFan
2009-02-25 11:20 . 2009-02-25 11:20 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\InstallShield Installation Information
2009-02-25 11:12 . 2009-02-25 11:12 -------- d-----w c:\program files\KOEI
2009-02-15 18:15 . 2008-08-09 19:17 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\BESTplayer
2009-02-13 13:55 . 2009-02-13 13:55 -------- d-----w c:\program files\Ubisoft
2009-01-19 18:20 . 2007-12-24 01:21 18864 ----a-w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-12-03 14:57 . 2008-12-03 14:57 47360 ----a-w c:\documents and settings\Administrator\Dane aplikacji\pcouffin.sys
2007-11-28 18:43 . 2007-11-28 18:43 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-04-13_13.32.18,18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-13 12:36 . 2009-04-13 12:36 16384 c:\windows\Temp\Perflib_Perfdata_5b0.dat
+ 2009-04-13 12:35 . 2009-04-13 12:35 16384 c:\windows\Temp\Perflib_Perfdata_1cc.dat
- 2001-10-26 16:15 . 2009-04-13 10:37 82010 c:\windows\system32\perfc015.dat
+ 2001-10-26 16:15 . 2009-04-13 12:39 82010 c:\windows\system32\perfc015.dat
+ 2001-08-17 21:30 . 2009-04-13 12:39 66376 c:\windows\system32\perfc009.dat
- 2001-08-17 21:30 . 2009-04-13 10:37 66376 c:\windows\system32\perfc009.dat
+ 2009-04-13 11:35 . 2009-02-05 20:06 51376 c:\windows\system32\drivers\aswTdi.sys
+ 2009-04-13 11:35 . 2009-02-05 20:06 23152 c:\windows\system32\drivers\aswRdr.sys
+ 2009-04-13 11:35 . 2009-02-05 20:08 94032 c:\windows\system32\drivers\aswmon2.sys
+ 2009-04-13 11:35 . 2009-02-05 20:08 93296 c:\windows\system32\drivers\aswmon.sys
+ 2009-04-13 11:35 . 2009-02-05 20:07 20560 c:\windows\system32\drivers\aswFsBlk.sys
+ 2009-04-13 11:35 . 2009-02-05 20:05 26944 c:\windows\system32\drivers\aavmker4.sys
+ 2009-04-13 11:35 . 2009-02-05 20:04 97480 c:\windows\system32\AvastSS.scr
- 2001-10-26 16:15 . 2009-04-13 10:37 484634 c:\windows\system32\perfh015.dat
+ 2001-10-26 16:15 . 2009-04-13 12:39 484634 c:\windows\system32\perfh015.dat
+ 2001-08-17 21:30 . 2009-04-13 12:39 427592 c:\windows\system32\perfh009.dat
- 2001-08-17 21:30 . 2009-04-13 10:37 427592 c:\windows\system32\perfh009.dat
+ 2009-04-13 11:35 . 2009-02-05 20:07 114768 c:\windows\system32\drivers\aswSP.sys
+ 2009-04-13 11:35 . 2009-02-05 20:11 1256296 c:\windows\system32\aswBoot.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 1885464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\mmmuhflh.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]autocheck lsdelete
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Lineage II\\LineageII.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\7-Zip\\7zFM.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26453:TCP"= 26453:TCP:BitComet 26453 TCP
"26453:UDP"= 26453:UDP:BitComet 26453 UDP
"17771:UDP"= 17771:UDP:17771
"23381:TCP"= 23381:TCP:BitComet 23381 TCP
"23381:UDP"= 23381:UDP:BitComet 23381 UDP
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 acpi32;acpi32; [x]
R2 amd64si;amd64si; [x]
R2 ati64si;ati64si; [x]
R2 fips32cup;fips32cup; [x]
R2 i386si;i386si; [x]
R2 ksi32sk;ksi32sk; [x]
R2 netsik;netsik; [x]
R2 nicsk32;nicsk32; [x]
R2 port135sik;port135sik; [x]
R2 securentm;securentm; [x]
R2 systemntmi;systemntmi; [x]
R2 ws2_32sik;ws2_32sik; [x]
R3 AmdTools;AMD Special Tools Driver; [x]
R3 iteio;iteio; [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [2008-09-08 98488]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-06 130424]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
--- Inne Usługi/Sterowniki w Pamięci ---
*NewlyCreated* - AAVMKER4
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMON2
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*NewlyCreated* - ASWUPDSV
*NewlyCreated* - AVAST!_ANTIVIRUS
*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER
.
Zawartość folderu 'Zaplanowane zadania'
2009-04-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe []
2009-04-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-03-30 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-08-02 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-08-03 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
.
------- Skan uzupełniający -------
.
IE: &D&ownload &with BitComet
IE: &D&ownload all video with BitComet
IE: &D&ownload all with BitComet
IE: Download all links using BitComet
IE: Download all videos using BitComet
IE: Download link using &BitComet
IE: Download with GetRight
IE: Open with GetRight Browser
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\ixnf2nff.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 15:09
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(2372)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSPL.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\browselc.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\nvwddi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
Czas ukończenia: 2009-04-13 15:13
ComboFix-quarantined-files.txt 2009-04-13 13:13
ComboFix2.txt 2009-04-13 11:34
Przed: 28 471 050 240 bajtów wolnych
Po: 28,457,418,752 bajtów wolnych
252 --- E O F --- 2008-01-10 02:01
[/code]