Nie było mnie troche w domu i ktoś się dopadł do peceta.
Mam jakieś wira, prawdopodobnie malware cfxxe.
Naturalnie blokuje programy typu avast.
Komp jest używalny po czyszczeniu cf do momentu połączenia z internetem.
combofix:
ComboFix 10-04-21.01 - laszlo 2010-04-23 20:47:56.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1022.763 [GMT 2:00]
Uruchomiony z: d:\dokumenty\Pobrane\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3360PR
-------\Service_asc3360pr
((((((((((((((((((((((((( Pliki utworzone od 2010-03-23 do 2010-04-23 )))))))))))))))))))))))))))))))
.
2010-04-23 18:30 . 2010-04-23 18:30 -------- d-----w- d:\program files\CCleaner
2010-04-23 18:24 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-23 18:24 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-23 18:24 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-23 18:24 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-23 18:24 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-23 18:24 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-23 18:24 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-23 18:24 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-23 18:24 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-23 18:24 . 2010-04-23 18:24 -------- d-----w- d:\program files\Alwil Software
2010-04-23 18:24 . 2010-04-23 18:24 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Alwil Software
2010-04-17 19:25 . 2010-04-17 19:25 -------- d-----w- d:\program files\MSXML 4.0
2010-04-17 19:22 . 2010-02-12 10:03 363008 ------w- c:\windows\system32\browserchoice.exe
2010-04-17 10:02 . 2010-04-17 10:02 -------- d-----w- d:\program files\Common Files\Java
2010-04-17 10:01 . 2010-04-17 10:01 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-17 10:01 . 2010-04-17 10:01 -------- d-----w- d:\program files\Java
2010-04-16 20:19 . 2010-04-16 20:19 -------- d-----w- d:\program files\Mp3 Knife
2010-04-16 18:07 . 2010-04-16 18:07 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Age of Empires 3
2010-04-16 17:48 . 2010-04-16 17:48 -------- d-----w- d:\program files\Microsoft Games
2010-04-16 16:23 . 2010-04-16 16:23 -------- dc----w- c:\windows\system32\DRVSTORE
2010-04-16 16:23 . 2010-04-16 16:23 -------- d-----w- c:\windows\system32\AGEIA
2010-04-16 16:23 . 2010-04-16 16:23 -------- d-----w- d:\program files\AGEIA Technologies
2010-04-16 16:22 . 2010-04-16 16:22 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2010-04-06 14:20 . 2010-04-06 14:20 12720 ----a-w- c:\documents and settings\laszlo\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-04-05 01:47 . 2010-04-23 14:30 -------- d-----w- c:\documents and settings\laszlo\Dane aplikacji\skypePM
2010-04-05 01:47 . 2010-04-05 01:47 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-05 01:47 . 2010-04-23 18:20 -------- d-----w- c:\documents and settings\laszlo\Dane aplikacji\Skype
2010-04-05 01:47 . 2010-04-05 01:47 -------- d-----w- d:\program files\Common Files\Skype
2010-04-05 01:47 . 2010-04-05 01:47 -------- d-----r- d:\program files\Skype
2010-04-05 01:47 . 2010-04-05 01:47 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype
2010-04-03 16:59 . 2010-04-03 17:01 -------- d-----w- d:\program files\OpenTTD
2010-04-03 11:10 . 2010-04-02 18:33 70 ----a-w- c:\windows\apktool.bat
2010-04-03 11:10 . 2009-12-21 22:38 86528 ----a-w- c:\windows\mgwz.dll
2010-04-03 11:10 . 2009-12-21 22:38 11947555 ----a-w- c:\windows\aapt.exe
2010-03-27 18:00 . 2010-04-16 20:16 -------- d-----w- c:\documents and settings\laszlo\Ustawienia lokalne\Dane aplikacji\Easy CD-DA Extractor
2010-03-27 18:00 . 2010-04-16 20:23 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2010-03-27 18:00 . 2010-03-27 18:00 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Easy CD-DA Extractor
2010-03-27 18:00 . 2010-03-27 18:00 -------- d-----w- d:\program files\Easy CD-DA Extractor 2010
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 18:52 . 2010-02-27 21:09 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\eboostr
2010-04-23 18:20 . 2010-02-06 13:23 -------- d-----w- c:\documents and settings\laszlo\Dane aplikacji\AIMP
2010-04-17 10:01 . 2006-03-02 15:00 86530 ----a-w- c:\windows\system32\perfc015.dat
2010-04-17 10:01 . 2006-03-02 15:00 498782 ----a-w- c:\windows\system32\perfh015.dat
2010-04-16 18:02 . 2010-02-05 17:12 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-04-16 17:43 . 2010-02-05 23:07 -------- d-----w- d:\program files\Common Files\InstallShield
2010-03-27 15:13 . 2010-02-06 13:21 -------- d-----w- d:\program files\Notepad++
2010-03-27 15:13 . 2010-02-06 13:21 -------- d-----w- c:\documents and settings\laszlo\Dane aplikacji\Notepad++
2010-03-13 22:17 . 2010-03-13 22:16 -------- d-----w- d:\program files\NAPI-PROJEKT
2010-03-13 22:16 . 2010-03-13 22:16 -------- d-----w- c:\documents and settings\laszlo\Dane aplikacji\Media Player Classic
2010-03-13 22:13 . 2010-03-13 22:13 -------- d-----w- d:\program files\K-Lite Codec Pack
2010-03-13 22:09 . 2010-03-13 22:09 -------- d-----w- c:\documents and settings\laszlo\Dane aplikacji\BESTplayer
2010-03-11 12:35 . 2002-04-26 22:47 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:35 . 2002-04-26 22:47 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:35 . 2002-04-26 22:47 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:11 . 2008-04-14 22:50 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 19:05 . 2010-03-08 19:05 -------- d-----w- d:\program files\Team JPN
2010-02-27 21:32 . 2010-02-27 21:09 -------- d-----w- d:\program files\eBoostr
2010-02-27 21:19 . 2010-02-27 21:19 -------- d-----w- c:\documents and settings\laszlo\Dane aplikacji\Auslogics
2010-02-27 21:19 . 2010-02-27 21:19 -------- d-----w- d:\program files\Auslogics
2010-02-27 18:27 . 2010-02-27 16:00 -------- d-----w- c:\documents and settings\laszlo\Dane aplikacji\DAEMON Tools Lite
2010-02-27 16:03 . 2010-02-27 16:00 -------- d-----w- d:\program files\DAEMON Tools Lite
2010-02-27 16:00 . 2010-02-27 16:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-27 16:00 . 2010-02-27 16:00 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite
2010-02-27 15:50 . 2010-02-27 15:50 -------- d-----w- d:\program files\Microsoft.NET
2010-02-26 17:06 . 2010-02-26 17:06 -------- d-----w- d:\program files\Common Files\Adobe
2010-02-24 13:11 . 2008-04-14 00:47 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 13:14 . 2010-02-20 13:09 103751 ----a-w- c:\windows\hpoins08.dat
2010-02-16 19:09 . 2008-04-14 21:59 2147840 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:09 . 2008-04-14 21:59 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 16:16 . 2010-02-05 16:33 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-12 04:34 . 2008-04-14 22:49 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 00:30 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-06 14:29 . 2010-02-06 14:29 503808 ----a-w- c:\documents and settings\laszlo\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6b2a0a24-n\msvcp71.dll
2010-02-06 14:29 . 2010-02-06 14:29 499712 ----a-w- c:\documents and settings\laszlo\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6b2a0a24-n\jmc.dll
2010-02-06 14:29 . 2010-02-06 14:29 348160 ----a-w- c:\documents and settings\laszlo\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6b2a0a24-n\msvcr71.dll
2010-02-06 14:29 . 2010-02-06 14:29 61440 ----a-w- c:\documents and settings\laszlo\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-29db17d1-n\decora-sse.dll
2010-02-06 14:29 . 2010-02-06 14:29 12800 ----a-w- c:\documents and settings\laszlo\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-29db17d1-n\decora-d3d.dll
2010-02-05 16:31 . 2010-02-05 16:31 21856 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-03 23:52 . 2010-02-05 17:49 5376 ----a-w- c:\windows\system32\antiwat.dll
2010-01-28 04:01 . 2010-01-28 04:01 17760 ----a-w- c:\windows\system32\aspnet_counters.dll
2010-01-28 00:51 . 2010-01-28 00:51 771936 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-01-28 00:51 . 2010-01-28 00:51 70472 ----a-w- c:\windows\system32\dxva2.dll
2010-01-28 00:51 . 2010-01-28 00:51 486216 ----a-w- c:\windows\system32\evr.dll
2010-01-27 22:54 . 2010-01-27 22:54 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-01-27 22:54 . 2010-01-27 22:54 49488 ----a-w- c:\windows\system32\netfxperf.dll
2010-01-27 22:54 . 2010-01-27 22:54 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-01-27 22:54 . 2010-01-27 22:54 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-01-27 22:54 . 2010-01-27 22:54 158048 ----a-w- c:\windows\system32\UIAutomationCore.dll
.
------- Sigcheck -------
[-] 2008-05-01 . 0FFE2299A37932D32E0D32758155B928 . 1034752 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2002-04-26 . 8F7D35C91DF0DE20EE4EDB8C32DACDDA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
c:\windows\System32\ctfmon.exe ... - brak elementu !!
.
((((((((((((((((((((((((((((( SnapShot@2010-04-23_18.38.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-23 18:52 . 2010-04-23 18:52 16384 c:\windows\Temp\Perflib_Perfdata_69c.dat
+ 2010-04-23 18:52 . 2010-04-23 18:52 16384 c:\windows\Temp\Perflib_Perfdata_684.dat
+ 2010-04-23 18:47 . 2010-04-23 18:47 16384 c:\windows\Temp\Perflib_Perfdata_670.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"avast5"="d:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2010-03-11 124928]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwat]
2010-02-03 23:52 5376 ----a-w- c:\windows\system32\antiwat.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^eBoostr Control Panel.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\eBoostr Control Panel.lnk
backup=c:\windows\pss\eBoostr Control Panel.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 1026496 ----a-w- d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 105904 ----a-w- d:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 447024 ----a-w- d:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBB36X Configure]
2006-07-12 09:58 434176 ----a-w- c:\windows\system32\JMRaidTool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-05 17:32 209392 ----atw- c:\documents and settings\laszlo\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-01-11 21:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 08:02 26100520 ----a-r- d:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ----a-w- c:\windows\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 317672 ----a-w- d:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\Gry\\Aliens vs. Predator\\AvP.exe"=
"d:\\Gry\\Aliens vs. Predator\\AvP_DX11.exe"=
"d:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"d:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\WINDOWS\\system32\\JMRaidTool.exe"=
"d:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\Documents and Settings\\laszlo\\Ustawienia lokalne\\Dane aplikacji\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Documents and Settings\\laszlo\\Ustawienia lokalne\\Dane aplikacji\\Google\\Chrome\\Application\\chrome.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [2009-05-20 125544]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2010-02-27 691696]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-04-23 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-04-23 19024]
R2 EBOOSTRSVC;eBoostr Service;d:\program files\eBoostr\EBstrSvc.exe [2009-05-20 639616]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2010-02-05 450560]
S2 aswMon;aswMon;c:\windows\system32\drivers\aswmon.sys [2010-04-23 94800]
S2 clr_optimization_v4.0.30128_32;Microsoft .NET Framework NGEN v4.0.30128_X86;c:\windows\Microsoft.NET\Framework\v4.0.30128\mscorsvw.exe [2010-01-28 130384]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2010-02-06 25728]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [2010-01-28 738656]
.
Zawartość folderu 'Zaplanowane zadania'
2010-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-2000478354-1606980848-1005Core.job
- c:\documents and settings\laszlo\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-02-05 17:32]
2010-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-796845957-2000478354-1606980848-1005UA.job
- c:\documents and settings\laszlo\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-02-05 17:32]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 20:52
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spsv.sys >>UNKNOWN [0x86F89938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7639f28
\Driver\ACPI -> ACPI.sys @ 0xf73a0cb8
\Driver\atapi -> atapi.sys @ 0xf735bb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xf7247bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7236a0d
SendHandler -> NDIS.sys @ 0xf724ab40
user & kernel MBR OK
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (A B C D 2 3 5 6) (Everyone)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\antiwat.dll
- - - - - - - > 'explorer.exe'(1284)
c:\windows\system32\WININET.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
d:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Czas ukończenia: 2010-04-23 20:54:12 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-04-23 18:54
ComboFix2.txt 2010-04-23 18:40
ComboFix3.txt 2010-04-23 15:44
Przed: 1*330*593*792 bajtów wolnych
Po: 1*301*426*176 bajtów wolnych
- - End Of File - - E38ECF1BCA230BFF3AB45AC071F09278
hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:46, on 2010-04-23
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\eBoostr\EBstrSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\msiexec.exe
D:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
D:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
D:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
D:\Program Files\Sunbelt Software\CounterSpy\sbamui.exe
D:\Program Files\K2T\WTW\wtw.exe
D:\Program Files\AIMP2\AIMP2.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [sBAMTray] "D:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: Antiwat - C:\WINDOWS\SYSTEM32\antiwat.dll
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - D:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - D:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - D:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
O23 - Service: Usługa udostępniania w sieci programu Windows Media Player (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
--
End of file - 3352 bytes