Jak widzę młodszy brat chciał sobie poczitować w cs i złapał jakiś syf i szlaban na kompa 
oddaję się w profesionalne ręce 
Log z av
Avira AntiVir Personal
Report file date: 7 lipca 2008 19:08
Scanning for 1379598 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PRYWATNA-CZMQ1C
Version information:
BUILD.DAT : 8.1.0.308 16478 Bytes 2008-05-28 17:03:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:58
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:38
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:24
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:42
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 17:02:40
ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 2008-07-04 16:56:02
ANTIVIR3.VDF : 7.0.5.53 14336 Bytes 2008-07-05 16:57:58
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:22
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 2008-07-02 16:39:32
AESCN.DLL : 8.1.0.22 119157 Bytes 2008-06-22 15:21:10
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-06-22 15:21:08
AEPACK.DLL : 8.1.1.6 364918 Bytes 2008-06-22 15:21:06
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 2008-06-22 15:21:02
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 2008-07-02 16:39:30
AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-06-22 15:20:32
AEGEN.DLL : 8.1.0.29 307573 Bytes 2008-06-22 15:20:30
AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-06-22 15:20:20
AECORE.DLL : 8.1.0.32 168311 Bytes 2008-07-02 16:39:20
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:54
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:52
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:48
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:24
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:04
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:26
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:12
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: 7 lipca 2008 19:08
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'NVSVC32.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'DSLMON.EXE' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'FirewallGUI.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'CnxMon.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'FWService.exe' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '31' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\PAGEFILE.SYS
[WARNING] The file could not be opened!
C:\Documents and Settings\kamil\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\y2b5eo82.default\Cache\C2152591d01
[DETECTION] Contains detection pattern of the application APPL/NirCmd.E.2.B
[DETECTION] Contains detection pattern of the application APPL/NirCmd.E.2.B
[DETECTION] Contains detection pattern of the application APPL/NirCmd.E.1.B
[DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072
[DETECTION] Contains detection pattern of the SPR/Tool.PV program
[NOTE] The file was deleted!
C:\Documents and Settings\kamil\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\y2b5eo82.default\Cache\E2F2415Dd01
[0] Archive type: RAR
--> Basic Hack v2.2\loader.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The file was deleted!
C:\Documents and Settings\kamil\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\y2b5eo82.default\Cache\0057933Bd01
[0] Archive type: RAR
--> ECC.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\kamil\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\y2b5eo82.default\Cache\D73585BBd01
[0] Archive type: RAR
--> X-ESP.exe
[DETECTION] Is the Trojan horse TR/Agent.A.49152
--> X-ESP v2\X-ESP.exe
[DETECTION] Is the Trojan horse TR/Agent.A.49152
[NOTE] The file was deleted!
Begin scan in 'D:\' <RÓŻNE>
D:\z neta\ComboFix.exe
[DETECTION] Contains detection pattern of the application APPL/NirCmd.E.2.B
[DETECTION] Contains detection pattern of the application APPL/NirCmd.E.2.B
[DETECTION] Contains detection pattern of the application APPL/NirCmd.E.1.B
[DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072
[DETECTION] Contains detection pattern of the SPR/Tool.PV program
[WARNING] The file was ignored!
Begin scan in 'E:\' <FILMY>
Begin scan in 'F:\' <INNE>
End of the scan: 7 lipca 2008 19:22
Used time: 13:54 min
The scan has been done completely.
1552 Scanning directories
88646 Files were scanned
13 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
88633 Files not concerned
838 Archives were scanned
2 Warnings
4 Notes
SDfix
SDFix: Version 1.202
Run by Administrator on 2008-07-07 at 19:53
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 19:56:11
Windows 5.1.2600 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
Remaining Files :
Files with Hidden Attributes :
Wed 18 Jun 2008 1,427,792 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Wed 18 Jun 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Wed 18 Jun 2008 2,142,032 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Finished!
Combofix
ComboFix 08-07-05.1 - kamil 2008-07-07 19:57:55.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.0.1250.1.1045.18.100 [GMT 2:00]
Running from: D:\z neta\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-06-07 to 2008-07-07 )))))))))))))))))))))))))))))))
.
2008-07-07 19:52 . 2008-07-07 19:52 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-07 19:51 . 2008-06-22 15:59 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-07-07 19:51 . 2008-06-22 15:59 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione
2008-07-07 19:51 . 2008-06-22 15:59 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony
2008-07-07 19:51 . 2008-06-22 15:59 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-07-07 19:51 . 2008-06-22 15:59 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty
2008-07-07 19:51 . 2008-06-22 15:59 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
2008-07-07 19:51 . 2008-06-22 15:59 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji
2008-07-07 19:51 . 2008-07-07 19:51 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-07 19:49 . 2008-07-06 15:20 <DIR> d-------- C:\SDFix
2008-07-05 20:38 . 2008-07-05 20:38 <DIR> d-------- C:\Documents and Settings\kamil\Dane aplikacji\Media Player Classic
2008-07-03 19:02 . 2008-07-03 19:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-02 12:42 . 2008-07-02 12:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-02 12:42 . 2008-07-02 12:42 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-29 18:59 . 2008-06-29 18:59 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-29 18:59 . 2008-06-29 18:59 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-06-29 12:10 . 2008-06-29 12:10 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-06-29 12:10 . 2007-02-16 10:54 65,536 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-06-29 12:10 . 2007-02-16 10:54 49,152 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-06-29 12:09 . 2008-06-29 12:09 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-06-27 14:29 . 2008-07-05 20:38 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-06-27 14:04 . 2002-01-12 16:30 3,567 --a------ C:\WINDOWS\system32\drivers\PortTalk.sys
2008-06-25 15:28 . 2008-06-25 15:28 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-06-25 15:28 . 2008-06-25 15:28 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-06-25 15:27 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-06-25 15:27 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-06-25 15:27 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-06-25 15:27 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-06-25 15:27 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-06-25 15:27 . 2006-01-12 16:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-06-25 15:27 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-06-25 15:26 . 2008-06-25 15:27 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-25 15:26 . 2008-06-25 15:26 <DIR> d-------- C:\Program Files\Ahead
2008-06-25 09:18 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
2008-06-25 09:18 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\dllcache\iuengine.dll
2008-06-25 08:55 . 2008-06-25 08:55 <DIR> d-------- C:\Program Files\MarBit
2008-06-24 16:51 . 2008-06-24 16:51 <DIR> d-------- C:\Program Files\PhotoFiltre
2008-06-24 16:49 . 2001-08-17 22:03 21,760 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-06-23 16:48 . 2008-06-23 16:48 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-06-23 16:48 . 2008-06-23 16:48 <DIR> d-------- C:\Documents and Settings\kamil\Dane aplikacji\Skype
2008-06-23 16:48 . 2008-06-23 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-06-23 16:47 . 2008-06-23 16:47 <DIR> d-------- C:\Program Files\Skype
2008-06-23 11:26 . 2008-06-23 11:26 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-06-23 11:24 . 2008-06-23 11:24 <DIR> d-------- C:\Program Files\Winamp
2008-06-23 11:24 . 2008-06-23 11:24 <DIR> d-------- C:\Documents and Settings\kamil\Dane aplikacji\Winamp
2008-06-22 19:45 . 2008-06-22 19:45 1,160 --a------ C:\WINDOWS\mozver.dat
2008-06-22 19:41 . 2008-06-22 19:41 <DIR> d-------- C:\WINDOWS\Sun
2008-06-22 19:39 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-22 19:38 . 2008-06-22 19:38 <DIR> d-------- C:\Program Files\Java
2008-06-22 19:38 . 2008-06-22 19:38 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-22 18:03 . 2008-06-22 18:03 <DIR> d-------- C:\Program Files\WapSter
2008-06-22 18:03 . 2008-06-22 18:03 <DIR> d-------- C:\Documents and Settings\kamil\WapSter
2008-06-22 18:02 . 2008-06-22 18:02 <DIR> d-------- C:\Documents and Settings\kamil\Dane aplikacji\SpeedSim
2008-06-22 17:48 . 2008-06-22 17:48 <DIR> d-------- C:\Documents and Settings\kamil\Dane aplikacji\PCToolsFirewallPlus
2008-06-22 17:48 . 2008-06-22 17:48 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-22 17:45 . 2008-06-22 17:45 <DIR> d-------- C:\Program Files\PC Tools Firewall Plus
2008-06-22 17:45 . 2008-06-22 17:45 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-06-22 17:45 . 2008-01-04 14:13 218,520 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-06-22 17:45 . 2008-01-04 14:13 125,848 --a------ C:\WINDOWS\system32\drivers\pctfw.sys
2008-06-22 17:45 . 2008-01-04 14:13 40,856 --a------ C:\WINDOWS\system32\drivers\pctmp.sys
2008-06-22 17:45 . 2008-01-04 14:13 18,328 --a------ C:\WINDOWS\system32\drivers\pctssipc.sys
2008-06-22 17:44 . 2008-06-22 17:44 <DIR> d--hs---- C:\Recycled
2008-06-22 17:22 . 2008-06-22 17:22 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-22 17:14 . 2008-06-22 17:14 <DIR> d-------- C:\Program Files\Avira
2008-06-22 17:14 . 2008-06-22 17:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira
2008-06-22 17:10 . 2008-06-22 17:10 <DIR> d-------- C:\WINDOWS\nview
2008-06-22 17:10 . 2006-03-09 17:59 180,224 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-06-22 17:10 . 2006-03-09 15:29 180,224 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-06-22 17:10 . 2008-07-07 19:56 50,257 --a------ C:\WINDOWS\system32\nvapps.xml
2008-06-22 17:10 . 2006-03-09 15:29 16,960 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-06-22 17:09 . 2008-06-22 17:10 <DIR> d-------- C:\NVIDIA
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 13:15 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-06-22 14:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 14:19 --------- d-----w C:\Program Files\SAGEM
2008-06-22 14:19 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-22 14:18 --------- d-----w C:\Program Files\Neostrada TP
2008-06-22 14:08 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-22 14:04 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-10-26 17:29 13312]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-06-18 21:02 2142032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 19:07 53248]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-03-09 15:29 7561216]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-03-09 15:29 86016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-12-31 09:16 2594712]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"nwiz"="nwiz.exe" [2006-03-09 15:29 1519616 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 17:29 13312]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-06-22 16:19:37 962661]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-12-14 03:42 144784 C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2008-01-21 18:11]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2008-01-21 18:12]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-01-04 14:13]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\System32\drivers\pctmp.sys [2008-01-04 14:13]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\System32\drivers\pctssipc.sys [2008-01-04 14:13]
S3 PortTalk;PortTalk;C:\WINDOWS\System32\Drivers\PortTalk.sys [2002-01-12 16:30]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-07 19:59:05
Windows 5.1.2600 FAT NTAPI
scanning hidden processes ...
C:\WINDOWS\EXPLORER.EXE [1160] 0x81173330
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-07 19:59:31
ComboFix-quarantined-files.txt 2008-07-07 17:59:30
Pre-Run: 1,176,117,248 bajtów wolnych
Post-Run: 1,169,522,688 bajtów wolnych
141
HJ
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:12:03, on 2008-07-07
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Program Files\WapSter\AQQ\AQQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AB69AFD-5662-4754-ACB6-3837E0DA9CD0}: NameServer = 194.204.159.1 217.98.63.164
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AB69AFD-5662-4754-ACB6-3837E0DA9CD0}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
--
End of file - 5460 bytes
Pozdrawiam
popraw 
