dudek564
(Dudek564)
14 Czerwiec 2009 11:14
#1
Witam . W trybie normalnym nie mam internetu . W trybie awaryjnym z obsługą sieci jest internet . Kożystałem z przywracania systemu i dalej nie ma w trybie normalnym internetu najpierw nod32 sypał błędami usunełem potem avast zaczą być może to jest przyczyną ?
Podaje poniżej logi :
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:11:19, on 2009-06-14 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Nowe Gadu-Gadu\gg.exe C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\BitComet\BitComet.exe C:\WINDOWS\explorer.exe C:\Program Files\Opera\opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ati.amd.com/support/driver.html O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Pomocnik rejestracji usługi Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Daniel\Application Data\Nowe Gadu-Gadu_userdata\ggbho.1.dll O4 - HKLM…\Run: [startCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun O4 - HKLM…\Run: [CTHelper] CTHELPER.EXE O4 - HKLM…\Run: [samsung Common SM] “C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe” /autorun O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe” O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe” O4 - HKLM…\Run: [avast!] “C:\Program Files\Alwil Software\Avast4\ashDisp.exe” O4 - HKCU…\Run: [Nowe Gadu-Gadu] “C:\Program Files\Nowe Gadu-Gadu\gg.exe” O4 - HKCU…\Run: [steam] “d:\program files\steam\steam.exe” -silent O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Pobierz za pomocą BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Update Service (gupdate1c9884b1121d748) (gupdate1c9884b1121d748) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: mks_vir (mks_services) - Unknown owner - C:\Program Files\mks_vir_9\bin\mks_services.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe – End of file - 7071 bytes
ComboFix
ComboFix 09-06-13.09 - Daniel 2009-06-14 13:04.1 - NTFSx86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1033.18.1022.690 [GMT 2:00] Uruchomiony z: c:\downloads\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090612-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((( Pliki utworzone od 2009-05-14 do 2009-06-14 ))))))))))))))))))))))))))))))) . 2009-06-14 10:57 . 2009-06-14 10:57 -------- d-----w- c:\program files\Trend Micro 2009-06-13 23:39 . 2009-06-13 23:39 -------- d-----w- c:\windows\LastGood 2009-06-13 16:07 . 2009-06-13 16:23 -------- d-----w- c:\program files\SkanerOnline 2009-06-13 15:03 . 2009-06-13 15:24 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-06-13 14:38 . 2009-06-13 14:38 -------- d-----w- c:\documents and settings\Daniel\Local Settings\Application Data\Downloaded Installations 2009-06-13 14:37 . 2009-06-13 14:39 -------- d-----w- c:\documents and settings\Daniel\Application Data\GetRightToGo 2009-06-13 14:35 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-06-13 14:35 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-06-13 14:35 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-06-13 14:35 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-06-13 14:35 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-06-13 14:35 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-06-13 14:35 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-06-13 14:35 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-06-13 14:34 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe 2009-06-13 14:34 . 2009-06-13 14:34 -------- d-----w- c:\program files\Alwil Software 2009-06-13 14:28 . 2009-06-13 14:28 232202 ----a-w- C:\macloveros_x.zip 2009-06-13 14:27 . 2009-06-13 14:34 35642600 ----a-w- C:\setuppolpro.exe 2009-06-13 14:19 . 2009-06-13 14:19 -------- d-----w- c:\windows\system32\wbem\Repository 2009-06-13 14:18 . 2009-06-13 14:18 -------- d-----w- c:\program files\Amazing Photo Editor 2009-06-13 14:09 . 2009-06-13 14:18 -------- d-s—w- c:\documents and settings\Administrator.DUDEK 2009-06-13 14:09 . 2009-06-13 14:18 -------- d-----w- c:\documents and settings\Administrator.DUDEK\Local Settings\Application Data\Microsoft 2009-06-13 14:09 . 2009-04-16 14:37 -------- d-----w- c:\documents and settings\Administrator.DUDEK\IETldCache 2009-06-10 14:32 . 2009-06-10 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeRIP 2009-06-10 14:25 . 2009-06-10 14:25 -------- d-----w- c:\program files\easetech 2009-06-08 06:38 . 2009-06-08 06:46 -------- d-----w- c:\windows\BEAD140D65134B00AE0FD4A7222F0BF9.TMP 2009-06-08 06:17 . 2009-06-13 13:56 -------- d-sh–w- C:\found.000 2009-06-06 22:48 . 2009-06-06 22:42 18704 ----a-w- c:\windows\system32\mksidsf.sys 2009-06-06 22:39 . 2009-06-06 22:42 -------- d-----w- c:\program files\mks_vir_9 2009-06-06 22:37 . 2009-06-06 22:37 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-06 11:41 . 2009-06-10 22:57 -------- d-----w- c:\documents and settings\Daniel\Local Settings\Application Data\BearShare 2009-06-06 11:41 . 2009-06-06 11:41 -------- d-----w- c:\program files\BearShare Applications 2009-06-05 16:13 . 2009-06-06 08:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nowe Gadu-Gadu 2009-06-05 16:13 . 2009-06-05 16:13 69624 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-03 13:55 . 2009-06-03 13:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google 2009-06-03 13:55 . 2009-06-06 08:17 -------- d-s—w- c:\documents and settings\Administrator 2009-06-03 13:55 . 2009-06-06 08:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft 2009-06-03 13:55 . 2009-04-16 14:37 -------- d-----w- c:\documents and settings\Administrator\IETldCache 2009-05-28 21:35 . 2009-05-28 21:35 -------- d-----w- c:\documents and settings\Daniel\ErrorLogs 2009-05-28 21:14 . 2009-05-28 21:27 -------- d-----w- c:\documents and settings\Daniel\Application Data\Uniblue 2009-05-28 21:14 . 2008-12-22 08:23 2567629 -c–a-w- c:\documents and settings\All Users\Application Data{92E7A367-8E12-4830-AA70-29C32E331A81}\Uniblue RegistryBooster.exe 2009-05-28 21:14 . 2009-05-28 21:26 -------- d-----w- c:\program files\Uniblue 2009-05-28 21:14 . 2008-08-26 16:48 99624 -c–a-w- c:\documents and settings\All Users\Application Data{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe 2009-05-28 21:14 . 2008-08-26 16:48 757760 -c–a-w- c:\documents and settings\All Users\Application Data{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll 2009-05-28 21:14 . 2008-08-26 16:48 6676480 -c–a-w- c:\documents and settings\All Users\Application Data{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll 2009-05-28 21:14 . 2008-08-26 16:48 497496 -c–a-w- c:\documents and settings\All Users\Application Data{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll 2009-05-28 21:14 . 2008-08-26 16:48 413696 -c–a-w- c:\documents and settings\All Users\Application Data{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\52CD59C9\6383BC9B\update.dll 2009-05-28 21:14 . 2008-08-26 16:48 2019624 -c–a-w- c:\documents and settings\All Users\Application Data{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe 2009-05-28 21:14 . 2008-08-26 16:48 111912 -c–a-w- c:\documents and settings\All Users\Application Data{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe 2009-05-28 21:13 . 2009-05-28 21:14 -------- dc-h–w- c:\documents and settings\All Users\Application Data{92E7A367-8E12-4830-AA70-29C32E331A81} 2009-05-28 18:07 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll 2009-05-28 18:07 . 2008-12-07 18:08 795648 ----a-w- c:\windows\system32\xvidcore.dll 2009-05-28 18:07 . 2008-12-07 18:08 130048 ----a-w- c:\windows\system32\xvidvfw.dll 2009-05-28 18:07 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll 2009-05-28 18:07 . 2008-12-11 00:33 86016 ----a-w- c:\windows\system32\dpl100.dll 2009-05-28 18:07 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll 2009-05-28 18:07 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll 2009-05-28 18:07 . 2009-04-02 13:21 84480 ----a-w- c:\windows\system32\ff_vfw.dll 2009-05-28 18:07 . 2009-05-28 18:07 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-05-27 05:54 . 2009-05-28 17:06 -------- d-----w- c:\program files\AoA DVD Copy 2009-05-26 16:01 . 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\Daniel\Application Data\Nowe Gadu-Gadu_userdata\ggbho.1.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-14 10:51 . 2009-06-13 23:40 4706 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2009-06-13 23:40 . 2009-02-04 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-13 23:38 . 2009-01-14 14:25 -------- d-----w- c:\documents and settings\Daniel\Application Data\skypePM 2009-06-13 23:38 . 2009-01-14 14:23 -------- d-----w- c:\documents and settings\Daniel\Application Data\Skype 2009-06-13 14:21 . 2009-02-06 11:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-06-10 14:14 . 2009-01-24 11:46 -------- d-----w- c:\program files\Winamp 2009-06-05 13:08 . 2009-01-14 13:52 -------- d-----w- c:\program files\Opera 2009-06-01 11:33 . 2009-01-14 13:37 -------- d-----w- c:\program files\Nowe Gadu-Gadu 2009-05-31 20:02 . 2009-05-09 10:43 -------- d-----w- c:\program files\Lavasoft 2009-05-31 20:02 . 2009-05-09 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-04-21 16:10 . 2009-02-14 15:14 -------- d-----w- c:\program files\MP3Gain 2009-04-20 14:08 . 2009-01-14 15:25 -------- d-----w- c:\program files\Java 2009-04-20 14:08 . 2009-04-20 14:08 152576 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-18 09:39 . 2009-04-18 09:39 -------- d-----w- c:\program files\MIKSOFT 2009-04-17 21:31 . 2009-01-13 21:44 69624 -c–a-w- c:\documents and settings\Daniel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-15 14:39 . 2009-01-29 09:49 -------- d-----w- c:\program files\Common Files\Adobe 2009-03-18 15:04 . 2009-03-18 15:04 54272 ----a-w- c:\documents and settings\Daniel\Application Data\GanymedeNet\Online Games\Common\ielauncher.exe 2009-03-18 15:04 . 2009-03-18 15:04 168 ----a-w- c:\windows\system32\proc625010911.bin . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] 2009-05-26 16:01 42088 ----a-w- c:\documents and settings\Daniel\Application Data\Nowe Gadu-Gadu_userdata\ggbho.1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Nowe Gadu-Gadu”=“c:\program files\Nowe Gadu-Gadu\gg.exe” [2009-05-28 10486376] “Steam”=“d:\program files\steam\steam.exe” [2009-06-10 1217784] “Skype”=“c:\program files\Skype\Phone\Skype.exe” [2008-11-07 21633320] “ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “StartCCC”=“c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2008-08-29 61440] “Samsung Common SM”=“c:\windows\Samsung\ComSMMgr\ssmmgr.exe” [2005-07-03 372736] “GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2007-08-24 33648] “Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-02-27 35696] “SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-03-09 148888] “avast!”=“c:\program files\Alwil Software\Avast4\ashDisp.exe” [2009-02-05 81000] “CTHelper”=“CTHELPER.EXE” - c:\windows\system32\CtHelper.exe [2008-06-27 19456] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360] [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “%windir%\Network Diagnostic\xpnetdiag.exe”= “c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”= “c:\Program Files\Microsoft Office\Office12\GROOVE.EXE”= “c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”= “c:\Program Files\Windows Live\Messenger\msnmsgr.exe”= “c:\Program Files\Nowe Gadu-Gadu\gg.exe”= “c:\Program Files\BearShare Applications\BearShare\BearShare.exe”= “c:\Program Files\Skype\Phone\Skype.exe”= [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] “17774:TCP”= 17774:TCP:BitComet 17774 TCP “17774:UDP”= 17774:UDP:BitComet 17774 UDP R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2004-02-09 97873] S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-06-13 114768] S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-06-13 20560] S2 gupdate1c9884b1121d748;Google Update Service (gupdate1c9884b1121d748);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 133104] S2 mks_services;mks_vir;“c:\program files\mks_vir_9\bin\mks_services.exe” --> c:\program files\mks_vir_9\bin\mks_services.exe [?] S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [2009-01-14 223232] S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352] S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-06-27 99352] S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032] S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-06-27 555032] S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888] S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-06-27 100888] S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296] S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-06-27 566296] S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-03-29 42112] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-01-14 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-01-14 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-01-14 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-01-14 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-01-14 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-01-14 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-01-14 115752] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] “c:\windows\system32\rundll32.exe” “c:\windows\system32\iedkcs32.dll”,BrandIEActiveSetup SIGNUP . Zawartość folderu ‘Zaplanowane zadania’ 2009-06-13 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-06 11:06] 2009-06-13 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-06 11:07] 2009-06-13 c:\windows\Tasks\User_Feed_Synchronization-{B3B4E98E-48DA-4AB0-AAC8-5396DD96AC88}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31] . . ------- Skan uzupełniający ------- . uStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://ati.amd.com/support/driver.html IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Pobierz wszystkie VIdeo za pomocą BitComet - d:\program files\BitComet\BitComet.exe/AddVideo.htm IE: Pobierz wszystko za pomocą BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Pobierz za pomocą BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htm DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-14 13:07 Windows 5.1.2600 Service Pack 3 NTFS skanowanie ukrytych procesów … skanowanie ukrytych wpisów autostartu … HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE? skanowanie ukrytych plików … skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > ‘winlogon.exe’(672) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2009-06-14 13:08 ComboFix-quarantined-files.txt 2009-06-14 11:08 Przed: 56 532 168 704 bytes free Po: 56 527 613 952 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect 197 — E O F — 2009-06-01 05:43