Witam,
coś mi się zaczął laptop przycinać, a nie było tego wcześniej, oto dzisiejszy log, proszę o sprawdzenie.
ComboFix 09-09-17.04 - Michał 2009-09-18 20:02.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.48.1045.18.2046.1239 [GMT 2:00]
Uruchomiony z: e:\download\ComboFix.exe
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-611559869-920762673-1300272416-500
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\users\Michał\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
c:\users\Michał\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
c:\windows\system32\acovcnt.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-08-18 do 2009-09-18 )))))))))))))))))))))))))))))))
.
2009-09-18 18:26 . 2009-09-18 18:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-09 13:13 . 2009-09-09 13:13 -------- d-----w- c:\program files\Common Files\NSV
2009-08-24 19:52 . 2009-08-24 19:52 -------- d-----w- c:\windows\Sun
2009-08-21 16:08 . 2009-08-30 15:24 -------- d-----w- C:\SPDISK
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 18:25 . 2009-08-03 17:03 -------- d-----w- c:\program files\pdfforge Toolbar
2009-09-18 17:37 . 2007-04-20 07:29 662056 ----a-w- c:\windows\system32\perfh015.dat
2009-09-18 17:37 . 2007-04-20 07:29 126908 ----a-w- c:\windows\system32\perfc015.dat
2009-09-18 17:12 . 2009-08-01 05:28 20 ---h--w- c:\programdata\PKP_DLdw.DAT
2009-09-17 22:11 . 2007-04-20 06:34 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-14 18:56 . 2009-08-01 05:21 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2009-09-10 19:26 . 2009-07-31 21:43 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-09-07 19:30 . 2009-08-06 19:56 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-08-10 19:19 . 2009-08-10 19:19 -------- d-----w- c:\programdata\LightScribe
2009-08-03 15:47 . 2009-08-01 01:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-03 15:36 . 2009-08-03 15:36 -------- d-----w- c:\program files\ESET
2009-08-03 15:34 . 2009-08-01 01:45 -------- d-----w- c:\programdata\Symantec
2009-08-02 20:13 . 2009-07-31 21:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-02 19:44 . 2009-07-31 21:44 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-02 18:52 . 2009-07-31 21:40 -------- d-----r- c:\program files\Skype
2009-08-02 18:51 . 2009-08-02 18:45 -------- d-----w- c:\programdata\NOS
2009-08-02 18:51 . 2009-08-02 18:45 -------- d-----w- c:\program files\NOS
2009-08-02 18:46 . 2009-07-31 21:55 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-02 18:40 . 2009-08-02 18:40 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-02 09:37 . 2009-08-02 09:37 119280 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-02 06:52 . 2009-08-02 06:52 -------- d-----w- c:\programdata\FLEXnet
2009-08-02 06:46 . 2009-08-02 06:46 -------- d-----w- c:\program files\Bonjour
2009-08-02 06:34 . 2009-08-02 06:34 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-08-01 18:37 . 2009-08-01 05:19 -------- d-----w- c:\program files\Common Files\Nikon
2009-08-01 18:36 . 2009-08-01 18:36 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-01 05:28 . 2009-08-01 05:28 -------- d-----w- c:\programdata\Documentation
2009-08-01 05:28 . 2009-08-01 05:21 -------- d-----w- c:\programdata\Ultima_T15
2009-08-01 05:28 . 2009-08-01 05:21 -------- d-----w- c:\programdata\EnterNHelp
2009-08-01 05:22 . 2009-08-01 05:22 -------- d-----w- c:\program files\Common Files\muvee Technologies
2009-08-01 05:22 . 2009-08-01 05:22 -------- d-----w- c:\programdata\Nikon
2009-08-01 05:21 . 2009-08-01 05:21 -------- d-----w- c:\programdata\Database
2009-08-01 05:19 . 2009-08-01 01:42 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-01 05:17 . 2009-08-01 05:17 -------- d-----w- c:\program files\Common Files\LightScribe
2009-08-01 05:15 . 2009-08-01 05:14 -------- d-----w- c:\program files\Common Files\Ahead
2009-08-01 05:14 . 2009-08-01 05:14 -------- d-----w- c:\programdata\Nero
2009-08-01 02:23 . 2009-08-01 02:23 -------- d-----w- c:\program files\CSR
2009-08-01 02:21 . 2009-08-01 02:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-08-01 02:21 . 2009-08-01 02:21 -------- d-----w- c:\program files\Synaptics
2009-08-01 02:19 . 2009-08-01 02:19 -------- d-----w- c:\programdata\P4G
2009-08-01 02:19 . 2009-08-01 02:19 -------- d-----w- c:\program files\P4G
2009-08-01 02:17 . 2009-08-01 01:39 -------- d-----w- c:\program files\Intel
2009-08-01 02:09 . 2009-08-01 02:09 -------- d-----w- c:\program files\Attansic
2009-08-01 01:58 . 2009-08-01 01:58 -------- d-----w- c:\programdata\ASUS
2009-08-01 01:57 . 2009-08-01 01:57 -------- d-----w- c:\programdata\Roaming
2009-08-01 01:57 . 2009-08-01 01:57 56 ----a-w- c:\windows\system32\IHV_Install.bat
2009-08-01 01:57 . 2009-08-01 01:57 -------- d-----w- c:\programdata\Intel
2009-08-01 01:55 . 2009-08-01 01:55 -------- d-----w- c:\program files\Wireless Console 2
2009-08-01 01:54 . 2009-08-01 01:54 -------- d-----w- c:\program files\Fingerprint Sensor
2009-08-01 01:45 . 2009-08-01 01:45 -------- d-----w- c:\program files\ATKOSD2
2009-08-01 01:44 . 2009-08-01 01:44 -------- d-----w- c:\program files\ATKGFNEX
2009-08-01 01:44 . 2009-08-01 01:44 -------- d-----w- c:\program files\ATK Hotkey
2009-08-01 01:42 . 2009-08-01 01:42 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-08-01 01:42 . 2009-08-01 01:42 -------- d-----w- c:\program files\Realtek
2009-08-01 01:42 . 2009-08-01 01:42 315392 ----a-w- c:\windows\HideWin.exe
2009-08-01 01:34 . 2009-08-01 01:34 -------- d-----w- c:\program files\Motorola
2009-07-31 22:31 . 2009-07-31 22:26 -------- d-----w- c:\programdata\Autodesk
2009-07-31 22:30 . 2009-07-31 22:25 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-07-31 22:29 . 2009-07-31 22:28 -------- d-----w- c:\program files\AnswerWorks 4.0
2009-07-31 22:25 . 2009-07-31 22:25 -------- d-----w- c:\program files\Autodesk
2009-07-31 22:21 . 2009-07-31 22:21 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-07-31 22:21 . 2009-07-31 22:21 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-31 22:17 . 2009-07-31 22:11 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-31 21:52 . 2009-07-31 21:52 -------- d-----w- c:\program files\Google
2009-07-31 21:50 . 2009-07-31 21:50 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-07-31 21:48 . 2009-07-31 21:48 -------- d-----w- c:\program files\VideoLAN
2009-07-31 21:41 . 2009-07-31 21:41 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-31 21:40 . 2009-07-31 21:40 -------- d-----w- c:\program files\Common Files\Skype
2009-07-31 21:40 . 2009-07-31 21:40 -------- d-----w- c:\programdata\Skype
2009-07-31 21:34 . 2009-07-31 21:34 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-31 21:33 . 2009-07-31 21:33 -------- d-----w- c:\program files\Java
2009-07-31 21:30 . 2009-07-31 21:30 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-31 21:27 . 2009-07-31 21:27 -------- d-----w- c:\program files\AC3Filter
2009-07-31 20:43 . 2009-08-01 02:22 -------- d-----w- c:\program files\PowerForPhone
2009-07-31 20:43 . 2009-08-01 01:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-31 20:34 . 2009-08-01 01:52 -------- d-----w- c:\program files\ASUS
2009-07-31 20:28 . 2009-07-31 20:28 0 ----a-w- c:\windows\nsreg.dat
2009-07-31 20:22 . 2009-07-31 20:22 260 ----a-w- C:\SPCSqmDataReview.dat
2009-07-31 20:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-31 20:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-31 20:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-31 20:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-31 20:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-31 20:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-31 19:41 . 2009-07-31 19:41 546 ----a-w- c:\windows\system32\ABF3Sv.DAT
2009-07-31 19:34 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-31 19:16 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-07-31 19:16 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-07-31 18:36 . 2009-07-31 18:36 0 ----a-w- c:\windows\system32\drivers\1043_ASUSTeK_F3Sv.alu
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2009-06-25 13:06 688640 ----a-w- c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdfforgeToolbarIE.dll" [2009-06-25 688640]
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-05-08 174872]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2007-05-08 33048]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Eksplorator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Eksplorator.lnk
backup=c:\windows\pss\Eksplorator.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Przyspieszenie uruchomienia programu AutoCAD.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Przyspieszenie uruchomienia programu AutoCAD.lnk
backup=c:\windows\pss\Przyspieszenie uruchomienia programu AutoCAD.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Michał^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Nikon Monitor.lnk]
path=c:\users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
backup=c:\windows\pss\Nikon Monitor.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2E920D25-3918-431B-9DB7-284B90814EC8}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{5C1E07B4-FF14-4499-86C4-1E0808FD910C}c:\\program files\\nowe gadu-gadu\\gg.exe"= UDP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu
"UDP Query User{B5B8AA38-130A-44D9-8B5E-D5C8F9449A88}c:\\program files\\nowe gadu-gadu\\gg.exe"= TCP:c:\program files\nowe gadu-gadu\gg.exe:Nowe Gadu-Gadu
"TCP Query User{0060B5C8-F8F9-404C-B313-8271FA48A6CA}d:\\program files\\winamp\\winamp.exe"= UDP:d:\program files\winamp\winamp.exe:Winamp
"UDP Query User{93137A50-6ECD-421E-9248-5E2D5E3DDE26}d:\\program files\\winamp\\winamp.exe"= TCP:d:\program files\winamp\winamp.exe:Winamp
"TCP Query User{32CD436D-7DAB-4101-BC08-32A898BC0027}d:\\program files\\miranda im\\miranda32.exe"= UDP:d:\program files\miranda im\miranda32.exe:Miranda IM
"UDP Query User{0EFB3223-A3E0-451E-8B7C-7C5A7D41572F}d:\\program files\\miranda im\\miranda32.exe"= TCP:d:\program files\miranda im\miranda32.exe:Miranda IM
"TCP Query User{7C5F2DD1-482B-4AE8-8CF6-D6808A2E6A47}d:\\program files\\wapster\\wapster aqq\\aqq.exe"= UDP:d:\program files\wapster\wapster aqq\aqq.exe:AQQ Communicator
"UDP Query User{B0886282-4237-4B9E-ABC1-85E99F28E16E}d:\\program files\\wapster\\wapster aqq\\aqq.exe"= TCP:d:\program files\wapster\wapster aqq\aqq.exe:AQQ Communicator
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [2009-08-01 208896]
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [2009-05-14 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [2009-05-14 93312]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2009-08-01 24576]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\System32\drivers\atl01v32.sys [2009-08-01 48128]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\System32\drivers\StkCMini.sys [2009-08-01 1260672]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-07-31 1153368]
--- Inne Usługi/Sterowniki w Pamięci ---
*NewlyCreated* - EKRN
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.asus.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksport do programu Microsoft Excel - d:\progra~1\Office10\EXCEL.EXE/3000
TCP: {7291504B-5F78-4641-B0A6-16F762B6C611} = 217.30.129.149,217.30.137.200
FF - ProfilePath - c:\users\Michał\AppData\Roaming\Mozilla\Firefox\Profiles\tow0v41p.default\
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
.
- - - - USUNIĘTO PUSTE WPISY - - - -
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-18 20:28
Windows 6.0.6002 Service Pack 2, v.113 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Czas ukończenia: 2009-09-18 20:30
ComboFix-quarantined-files.txt 2009-09-18 18:30
Przed: 7 397 023 744 bajtów wolnych
Po: 7 799 169 024 bajtów wolnych
219 --- E O F --- 2009-07-31 22:05
Bezpieczeństwo i logi HijackThis