Mam ostatnio dziwne problemy z systemem, mianowicie system się czasem nie chce zamknąć i przywiesza np system zamyka się 10 minut wydaje się że nic nie robi jakby się zawiesił no ale system po wybraniu opcji wyłącz jak minie te 10 minut zaczyna się zamykać. Kolejny problem to taki iż mam problemy z podłączeniem się do internetu, modem jest podłączony poprawnie lecz niestety czasem przez 3 godziny nie da się połączyć, mam neostrade i gdy pytam innych czy mają takie problemy to okazuje się że tylko ja oraz samo otwiera mi się okienko z zapytaniem czy podłączyć do internetu, gdy zrobię to od razu to jest ok lecz gdy wybiorę "NIE" i zamykam okienko to po 5 sekundach znowu się otwiera i pyta i tak do wieczności aż się nie zgodzę na połączenie z którym i tak są problemy. Znalazłem ostatnio Ad awarem jakiegoś malware oraz wirusa avastem a więc podejrzewam że coś dalej siedzi w tym kompie gdyż sytuacja jest dalej ta sama. Zapodaje logi z combofixa oraz Hijackthis. Jeżeli jeszcze będzie coś potrzeba to proszę mówić i dzięki za pomoc
.Hijackthis
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:40:14, on 2008-10-28
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\MagicRotation\MagicPvt.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
E:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\PROGRA~1\INTERN~2\KBOSDCtl.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\PROGRA~1\INTERN~2\KCodeMsg.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\RivaTuner v2.11\RivaTuner.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [VolPanel] "E:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKLM\..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
O4 - HKLM\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.11\RivaTuner.exe" /T
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.11\RivaTuner.exe" /S
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [EVEREST AutoStart] C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NCProTray.lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "E:\Program Files\BinarySense\HDDlife 3\hlAPP.dll" (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
Combofix
- Kod: Zaznacz wszystko
ComboFix 08-10-28.01 - Michał 2008-10-28 20:58:41.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.1471 [GMT 1:00]
Uruchomiony z: C:\Documents and Settings\Michał\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OREANS32
((((((((((((((((((((((((( Pliki utworzone od 2008-09-28 do 2008-10-28 )))))))))))))))))))))))))))))))
.
2008-10-26 15:35 . 2008-10-26 15:35 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
2008-10-26 15:35 . 2008-10-26 15:35 1,409 --a--c--- C:\WINDOWS\QTFont.for
2008-10-26 14:34 . 2008-10-26 14:34 <DIR> d----c--- C:\Program Files\Dyyno
2008-10-26 10:30 . 2008-10-26 10:36 <DIR> d----c--- C:\Program Files\Trojan Remover
2008-10-26 10:30 . 2008-10-26 10:30 <DIR> d----c--- C:\Documents and Settings\Michał\Dane aplikacji\Simply Super Software
2008-10-26 10:30 . 2008-10-26 10:30 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\Simply Super Software
2008-10-25 23:32 . 2008-10-25 23:32 <DIR> d----c--- C:\Program Files\Lavasoft
2008-10-25 23:32 . 2008-10-25 23:33 <DIR> d----c--- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-10-25 23:19 . 2006-05-25 14:52 162,304 --a--c--- C:\WINDOWS\system32\ztvunrar36.dll
2008-10-25 23:19 . 2003-02-02 19:06 153,088 --a--c--- C:\WINDOWS\system32\UNRAR3.dll
2008-10-25 23:19 . 2005-08-26 00:50 77,312 --a--c--- C:\WINDOWS\system32\ztvunace26.dll
2008-10-25 23:19 . 2002-03-06 00:00 75,264 --a--c--- C:\WINDOWS\system32\unacev2.dll
2008-10-25 23:19 . 2006-06-19 12:01 69,632 --a--c--- C:\WINDOWS\system32\ztvcabinet.dll
2008-10-25 22:59 . 2008-10-25 22:59 <DIR> d-------- C:\!FixIEDef
2008-10-25 22:35 . 2008-10-15 17:36 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 19:04 . 2008-10-22 19:04 <DIR> d----c--- C:\WINDOWS\system32\pl
2008-10-22 19:04 . 2008-10-22 19:04 <DIR> d----c--- C:\WINDOWS\system32\bits
2008-10-22 19:04 . 2008-10-22 19:04 <DIR> d----c--- C:\WINDOWS\l2schemas
2008-10-22 15:37 . 2008-04-14 18:20 651,264 -----c--- C:\WINDOWS\system32\dot3ui.dll
2008-10-21 15:54 . 2008-10-21 15:54 <DIR> d----c--- C:\Program Files\Razer
2008-10-21 15:54 . 2008-10-21 15:54 <DIR> d----c--- C:\Program Files\DIFX
2008-10-21 15:54 . 2006-11-23 04:55 73,728 --a--c--- C:\WINDOWS\system32\DeathAdder.cpl
2008-10-21 15:54 . 2005-03-03 18:47 31,104 --a--c--- C:\WINDOWS\system32\drivers\CYUSB.sys
2008-10-21 15:54 . 2007-08-02 16:32 22,784 --a--c--- C:\WINDOWS\system32\drivers\dadder.sys
2008-10-21 10:48 . 2008-10-21 10:48 <DIR> d--hsc--- C:\WINDOWS\ftpcache
2008-10-18 10:26 . 2008-10-18 10:26 <DIR> d-------- C:\Downloads
2008-10-15 20:36 . 2008-09-15 16:27 1,846,656 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 20:36 . 2008-09-08 11:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 20:35 . 2008-08-14 14:26 2,190,464 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 20:35 . 2008-08-14 14:26 2,146,816 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 20:35 . 2008-08-14 14:26 2,067,328 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 20:35 . 2008-08-14 14:26 2,025,472 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 18:41 . 2008-10-14 18:41 <DIR> d----c--- C:\Program Files\ArkanoidActivation
2008-10-11 11:52 . 2008-10-11 11:52 <DIR> d--h-c--- C:\Documents and Settings\All Users\Dane aplikacji\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-10-11 11:47 . 2008-10-11 11:47 12,750 --a--c--- C:\WINDOWS\system32\ealregsnapshot1.reg
2008-10-09 01:47 . 2008-10-09 01:47 42,320 --a--c--- C:\WINDOWS\system32\xfcodec.dll
2008-10-08 15:37 . 2008-10-08 15:38 <DIR> d----c--- C:\Program Files\RivaTuner v2.11
2008-10-05 22:31 . 2008-10-05 22:31 <DIR> d----c--- C:\WINDOWS\system32\AGEIA
2008-10-05 22:31 . 2008-10-05 22:31 <DIR> d----c--- C:\Program Files\AGEIA Technologies
2008-10-05 09:39 . 2008-10-28 21:03 32 --a--c--- C:\WINDOWS\system32\driver.dat
2008-10-05 00:12 . 2008-10-05 00:12 <DIR> d----c--- C:\WINDOWS\nview
2008-10-05 00:12 . 2008-09-16 20:27 453,152 --a--c--- C:\WINDOWS\system32\NVUNINST.EXE
2008-10-05 00:12 . 2008-09-17 08:55 453,152 --a--c--- C:\WINDOWS\system32\nvudisp.exe
2008-10-05 00:12 . 2008-10-28 21:04 200,712 --a--c--- C:\WINDOWS\system32\nvapps.xml
2008-10-05 00:12 . 2008-09-17 08:55 18,394 --a--c--- C:\WINDOWS\system32\nvdisp.nvu
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-28 20:04 --------- dc--a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-10-28 20:00 --------- dc----w C:\Program Files\Neostrada TP
2008-10-28 19:35 2,021,350 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-10-27 21:40 138,376 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-27 20:19 --------- dc----w C:\Documents and Settings\Michał\Dane aplikacji\mIRC
2008-10-27 19:10 --------- dc----w C:\Program Files\Advanced Registry Doctor
2008-10-27 19:06 --------- dc----w C:\Program Files\Xfire
2008-10-27 18:45 --------- dc----w C:\Program Files\BitComet
2008-10-27 17:22 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-10-25 22:32 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-10-25 22:00 --------- dc----w C:\Program Files\MCS Studios
2008-10-23 18:15 --------- dc----w C:\Program Files\SystemRequirementsLab
2008-10-16 21:47 --------- dc----w C:\Program Files\Premium Booster
2008-10-11 10:48 --------- dc----w C:\Program Files\Electronic Arts
2008-10-08 14:24 --------- dc----w C:\Program Files\Spybot - Search & Destroy
2008-10-05 21:38 --------- dc----w C:\Program Files\SpeedFan
2008-10-02 06:54 --------- dc----w C:\Program Files\Internet Keyboard
2008-09-22 18:26 --------- dc----w C:\Documents and Settings\Michał\Dane aplikacji\Hamachi
2008-09-22 17:36 25,280 -c--a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-09-17 07:55 6,132,576 -c--a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-09-15 14:45 --------- dc----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-09-15 14:44 --------- dc----w C:\Program Files\NokiaFREE Unlock Codes Calculator
2008-09-13 09:47 --------- dc----w C:\Program Files\Zone Labs
2008-09-08 10:41 333,824 -c--a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-07 17:19 --------- dc----w C:\Program Files\Anti Trojan Elite
2008-09-04 17:55 --------- dc----w C:\Program Files\WorldUnlock Codes Calculator
2008-08-28 22:54 --------- dc----w C:\Documents and Settings\Michał\Dane aplikacji\XnView
2008-08-28 11:20 --------- dc----w C:\Program Files\Common Files\BioWare
2008-08-28 10:50 --------- dc----w C:\Documents and Settings\Michał\Dane aplikacji\Microsoft Games
2008-03-30 20:05 22,328 -c--a-w C:\Documents and Settings\Michał\Dane aplikacji\PnkBstrK.sys
2006-06-23 06:48 32,768 -c--a-r C:\WINDOWS\inf\UpdateUSB.exe
2004-10-01 14:00 40,960 -c--a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"EVEREST AutoStart"="C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe" [2008-03-16 2083424]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-06-16 6144]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 1953792]
"MediaKey"="C:\PROGRA~1\INTERN~2\MEDIAKEY.EXE" [2000-08-01 73728]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 1397760]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-22 180269]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 286720]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"MagicRotation"="C:\Program Files\MagicRotation\MagicPvt.exe" [2006-03-14 1097728]
"GrooveMonitor"="E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-04-09 1423360]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]
"VolPanel"="E:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 122880]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 53340]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]
"EVEREST AutoStart"="C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe" [2008-03-16 2083424]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-06-16 6144]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-09-17 86016]
"RivaTuner"="C:\Program Files\RivaTuner v2.11\RivaTuner.exe" [2008-09-16 2715648]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.11\RivaTuner.exe" [2008-09-16 2715648]
"DeathAdder"="C:\Program Files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe" [2008-10-25 2468200]
"CTHelper"="CTHELPER.EXE" [2006-05-24 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-24 C:\WINDOWS\system32\CTXFIHLP.EXE]
"nwiz"="nwiz.exe" [2008-09-17 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2008-01-24 49220]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"E:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"E:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"E:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"E:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"E:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"E:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"E:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"E:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"E:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"E:\\Program Files\\Microsoft Games\\Gears of War\\Binaries\\WarGame-G4WLive.exe"=
"E:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"E:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12236:TCP"= 12236:TCP:BitComet 12236 TCP
"12236:UDP"= 12236:UDP:BitComet 12236 UDP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 magicpvt;magicpvt;C:\WINDOWS\system32\drivers\magicpvt.sys [2005-11-14 9728]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 HDDlife HDD Access service;HDDlife HDD Access service;C:\Program Files\Common Files\BinarySense\hldasvc.exe [2007-08-09 816376]
R3 DAdderFltr;DeathAdder Mouse;C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 22784]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2008-03-16 23152]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-05-24 1110016]
S3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys [ ]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 176128]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-03-31 13532]
*Newly Created Service* - AD-WATCH_REAL-TIME_SCANNER
*Newly Created Service* - AD-WATCH_REGISTRY_FILTER
*Newly Created Service* - EVERESTDRIVER
.
- - - - USUNIĘTO PUSTE WPISY - - - -
Notify-AtiExtEvent - (no file)
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\Michał\Dane aplikacji\Mozilla\Firefox\Profiles\giv3o8lv.default\
FF -: plugin - C:\Documents and Settings\Michał\Dane aplikacji\Mozilla\Firefox\Profiles\giv3o8lv.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Dyyno\Dyyno Player\npvlc.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 21:05:24
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\INTERN~2\KBOSDCTL.EXE
C:\PROGRA~1\INTERN~2\KCODEMSG.EXE
C:\WINDOWS\system32\CTXFISPI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
.
**************************************************************************
.
Czas ukończenia: 2008-10-28 21:07:17 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-10-28 20:07:10
Przed: 840 798 208 bajtów wolnych
Po: 755,814,400 bajtów wolnych
243 --- E O F --- 2008-10-25 23:04:49
.
.