Od dwóch dni cos dziwnego dzieje się z moim łączem. Mam łącze w chello upc 25 Mbit/s; z transferem bywało różnie raz bylo mniej, raz więcej niż 25 ale nie narzekałem bo miescily się te wahania w granicach ±20 % od predkosci nominalnej, Niestety wczoraj cos się stało i po włączeniu komputera internet chodzi tak jakbym używał starego modemu podpietego do sieci telefonicznej, czyli prawie wcale. Po sprawdzeniu na speedtest.net wyszło mi że mój download wynosi uwaga całe 0,45 Mbit/s, upload jest w normie (ok 2 Mbit/s). Co może być tego przyczyną? Czy to wina providera czy moze jakis trojan albo inny spyware? Możliwe że podczas mojej nieobecnosci z komputera mogla korzystac siostra i nasciagala jakiegos syfu.
Wrzucam loga z Hijackthis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:33:51, on 2010-11-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Alwil Software\Avast5\avastUI.exe
D:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.39\GoogleCrashHandler.exe
D:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files (x86)\Java\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\Digsby\lib\aspell\bin\aspell.exe
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=15000
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Babylon-English Toolbar - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\tbBaby.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Babylon-English Toolbar - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\tbBaby.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files (x86)\Java\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Babylon-English Toolbar - {ce18769b-c7fa-42d2-860d-17c4662c70ad} - C:\Program Files\Babylon-English\tbBaby.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avast5] "D:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: digsby.lnk = D:\Program Files\Digsby\digsby.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files (x86)\Java\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 10223 bytes
i Combofix
ComboFix 10-11-17.01 - Administrator 2010-11-17 19:24:16.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1983.1632 [GMT 1:00]
Uruchomiony z: d:\downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Pliki utworzone od 2010-10-17 do 2010-11-17 )))))))))))))))))))))))))))))))
.
2010-11-01 07:23 . 2010-11-01 07:35 -------- d-----w- C:\aaa
2010-11-01 07:23 . 2010-11-01 07:23 -------- d-----w- C:\Nowy folder
2010-10-28 17:05 . 2010-11-15 12:49 -------- d-----r- C:\Program Files
2010-10-28 17:02 . 2010-10-28 15:17 -------- d-----w- C:\Documents and Settings
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-14 23:44 . 2010-10-14 23:44 4280320 ----a-w- c:\windows\system32\GPhotos.scr
.
------- Sigcheck -------
[-] 2007-07-28 . 0FB6743E937C7BB248B2530A5A77ABC6 . 360576 . . [5.1.2600.2892] . . c:\windows\system32\drivers\tcpip.sys
[-] 2007-07-13 . A29DE506E89C131C0AACC86047CB1373 . 3856896 . . [7.00.6000.20591] . . c:\windows\system32\mshtml.dll
[-] 2007-07-26 . 9899BB89856E3BD4EF13E11CCEE49B71 . 2190464 . . [5.1.2600.3093] . . c:\windows\system32\ntoskrnl.exe
[-] 2007-07-10 . CE594E18FE0D0AF804F1F3694921CE62 . 642560 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll
[-] 2007-07-13 . CE7193C5F7C01B19768E066087C1C919 . 814592 . . [7.00.6000.20583] . . c:\windows\system32\wininet.dll
[-] 2007-07-13 . 32F67215C57DF2C401BF93B7EE65987F . 974848 . . [6.00.2900.2649] . . c:\windows\explorer.exe
[-] 2007-07-27 . 89878732D5EB0C845AD2356081142F2A . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2007-07-26 . 5362D54A6925AFDCBBBA53B43EE65774 . 2067584 . . [5.1.2600.3051] . . c:\windows\system32\ntkrnlpa.exe
c:\windows\System32\wuauclt.exe ... - brak elementu
c:\windows\System32\regsvc.dll ... - brak elementu
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ce18769b-c7fa-42d2-860d-17c4662c70ad}"= "c:\program files\Babylon-English\tbBaby.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{ce18769b-c7fa-42d2-860d-17c4662c70ad}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ce18769b-c7fa-42d2-860d-17c4662c70ad}]
2010-06-13 18:10 2734688 ----a-w- c:\program files\Babylon-English\tbBaby.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ce18769b-c7fa-42d2-860d-17c4662c70ad}"= "c:\program files\Babylon-English\tbBaby.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{ce18769b-c7fa-42d2-860d-17c4662c70ad}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CE18769B-C7FA-42D2-860D-17C4662C70AD}"= "c:\program files\Babylon-English\tbBaby.dll" [2010-06-13 2734688]
[HKEY_CLASSES_ROOT\clsid\{ce18769b-c7fa-42d2-860d-17c4662c70ad}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2010-10-28 136176]
"Gadu-Gadu 10"="d:\program files (x86)\Gadu-Gadu 10\gg.exe" [2010-10-07 12661344]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-09 7311360]
"nwiz"="nwiz.exe" [2005-12-09 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-09 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avast5"="d:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"GrooveMonitor"="d:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-11-15 3824056]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-07-27 124928]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files (x86)\\Gadu-Gadu 10\\gg.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\Program Files (x86)\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files (x86)\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files (x86)\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-10-31 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-31 165584]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-31 17744]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2010-11-11 91830]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Zawartość folderu 'Zaplanowane zadania'
2010-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1715567821-725345543-500Core.job
- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-10-28 16:13]
2010-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-1715567821-725345543-500UA.job
- c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-10-28 16:13]
2010-11-12 c:\windows\Tasks\WebReg Deskjet F4100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-11 19:27]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.babylon.com/home?AF=15000
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksportuj do programu Microsoft Excel - d:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-17 19:28
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\cscui.dll
.
Czas ukończenia: 2010-11-17 19:30:02
ComboFix-quarantined-files.txt 2010-11-17 18:29
Przed: 9 121 443 840 bajtów wolnych
Po: 9 796 308 992 bajtów wolnych
- - End Of File - - 29DB97EB273D88AD3A99640DAC1AFEE1
[/code]