- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12:36, on 2009-03-29
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Lavasoft\aawservice.exe
D:\Avast\aswUpdSv.exe
D:\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
D:\cFosSpeed\spd.exe
D:\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\HP\HP Software Update\HPWuSchd2.exe
D:\cFosSpeed\cFosSpeed.exe
D:\Avast\ashDisp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
D:\HP\Digital Imaging\bin\hpqtra08.exe
D:\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
D:\Mozilla Firefox\firefox.exe
D:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] D:\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Labtec\ISStart.exe
O4 - HKLM\..\Run: [cFosSpeed] D:\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [avast!] D:\Avast\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Acrobat Reader\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{514D1C80-D8E5-4FB5-8E48-9394AE0B0A9F}: NameServer = 83.238.255.76 213.241.79.37
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Lavasoft\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Avast\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Avast\ashWebSv.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - D:\cFosSpeed\spd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Diskeeper\DkService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Spyware Doctor\pctsSvc.exe
--
End of file - 5426 bytes
- Kod: Zaznacz wszystko
ComboFix 09-03-28.06 - Kosmo 2009-03-29 18:06:53.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.2047.1645 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Kosmo\Pulpit\Coś dla kompa\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090328-0] *On-access scanning disabled* (Updated)
AV: Doctor Web Anti-Virus *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-28 do 2009-03-29 )))))))))))))))))))))))))))))))
.
2009-03-29 15:46 . 2009-03-29 15:51 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-03-29 15:46 . 2009-03-29 17:28 <DIR> d-a------ c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-03-29 15:46 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-03-29 15:46 . 2009-02-23 10:11 130,424 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-03-29 15:46 . 2008-12-18 12:16 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-29 15:46 . 2008-12-10 12:36 64,392 --a------ c:\windows\system32\drivers\pctplsg.sys
2009-03-29 15:45 . 2009-03-29 15:45 <DIR> d-------- c:\documents and settings\Kosmo\Dane aplikacji\PC Tools
2009-03-29 15:45 . 2009-03-29 15:45 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\PC Tools
2009-03-28 16:42 . 2009-03-09 16:27 4,178,264 --a------ c:\windows\system32\D3DX9_41.dll
2009-03-28 16:42 . 2009-03-09 16:27 1,846,632 --a------ c:\windows\system32\D3DCompiler_41.dll
2009-03-28 16:42 . 2009-03-16 15:18 517,448 --a------ c:\windows\system32\XAudio2_4.dll
2009-03-28 16:42 . 2009-03-09 16:27 453,456 --a------ c:\windows\system32\d3dx10_41.dll
2009-03-28 16:42 . 2009-03-16 15:18 235,352 --a------ c:\windows\system32\xactengine3_4.dll
2009-03-28 16:42 . 2009-03-16 15:18 69,448 --a------ c:\windows\system32\XAPOFX1_3.dll
2009-03-28 16:42 . 2009-03-16 15:18 22,360 --a------ c:\windows\system32\X3DAudio1_6.dll
2009-03-25 18:03 . 2009-03-25 18:03 <DIR> d-------- c:\documents and settings\Kosmo\Dane aplikacji\AdobeUM
2009-03-23 10:17 . 2002-12-12 20:13 4,296,704 -ra------ c:\windows\unasetup.exe
2009-03-23 10:17 . 2009-03-23 10:17 53,248 --a------ c:\windows\system32\unrar.dll
2009-03-21 12:16 . 2009-03-14 19:30 281 -rahs---- C:\BOOT.BKK
2009-03-21 12:13 . 2009-03-21 12:13 <DIR> d-------- c:\program files\TGTSoft
2009-03-17 14:56 . 2009-03-17 14:56 <DIR> d-------- c:\program files\MSXML 6.0
2009-03-17 14:55 . 2009-03-17 14:55 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-15 17:00 . 2009-03-15 17:32 <DIR> d-------- c:\windows\system32\CatRoot_bak
2009-03-14 17:00 . 2008-08-14 15:46 2,181,632 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-14 17:00 . 2008-08-14 15:46 2,137,600 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-14 17:00 . 2008-08-14 15:46 2,059,008 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-14 17:00 . 2008-08-14 15:46 2,017,280 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-14 17:00 . 2008-10-24 13:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-14 17:00 . 2008-06-14 20:01 273,024 --------- c:\windows\system32\drivers\bthport.sys
2009-03-14 17:00 . 2008-06-14 20:01 273,024 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-03-14 14:15 . 2009-03-14 14:15 <DIR> d-------- c:\windows\nview
2009-03-14 14:15 . 2009-02-17 00:17 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2009-03-14 14:15 . 2009-02-18 15:44 453,152 --a------ c:\windows\system32\nvudisp.exe
2009-03-14 14:15 . 2009-03-29 18:02 215,076 --a------ c:\windows\system32\nvapps.xml
2009-03-14 14:15 . 2009-02-18 15:44 19,021 --a------ c:\windows\system32\nvdisp.nvu
2009-03-12 16:48 . 2009-03-12 16:48 <DIR> d-------- c:\documents and settings\Kosmo\Dane aplikacji\Ubisoft
2009-03-12 16:40 . 2009-03-12 16:40 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Ubisoft
2009-03-10 23:04 . 2009-03-10 23:04 <DIR> dr------- c:\program files\Skype
2009-03-10 23:04 . 2009-03-10 23:04 <DIR> d-------- c:\program files\Common Files\Skype
2009-03-10 09:26 . 2009-03-17 15:27 <DIR> d--h----- c:\windows\$hf_mig$
2009-03-09 17:44 . 2009-03-09 17:44 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Doctor Web
2009-03-08 17:21 . 2009-03-08 17:21 221 --a------ c:\windows\NCLogConfig.ini
2009-03-05 18:10 . 2009-03-05 18:10 <DIR> d-------- c:\program files\MSBuild
2009-03-05 18:08 . 2009-03-05 18:08 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-05 18:08 . 2009-03-05 18:08 <DIR> d-------- c:\program files\Reference Assemblies
2009-03-05 18:07 . 2006-06-29 14:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-03-04 17:27 . 2009-03-04 17:36 81,984 --a------ c:\windows\system32\bdod.bin
2009-03-04 17:24 . 2009-03-04 17:36 <DIR> d-------- c:\program files\Common Files\Softwin
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 16:35 --------- d-----w c:\documents and settings\Kosmo\Dane aplikacji\Skype
2009-03-28 16:33 --------- d-----w c:\documents and settings\Kosmo\Dane aplikacji\skypePM
2009-03-25 15:59 --------- d-----w c:\program files\Common Files\Adobe
2009-03-25 11:15 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-20 20:24 --------- d-----w c:\documents and settings\Kosmo\Dane aplikacji\Image Zone Express
2009-03-16 14:39 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-03-10 21:04 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype
2009-03-08 15:21 --------- d-----w c:\documents and settings\Kosmo\Dane aplikacji\HP
2009-03-05 15:21 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-28 17:47 --------- d-----w c:\documents and settings\Kosmo\Dane aplikacji\Any Video Converter
2009-02-27 18:36 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Hagel Technologies
2009-02-19 17:31 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\NexonEU
2009-02-19 15:16 421,888 ----a-w c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-02-19 15:12 --------- d-----w c:\program files\AGEIA Technologies
2009-02-12 21:05 --------- d-----w c:\documents and settings\Kosmo\Dane aplikacji\gtk-2.0
2009-02-11 13:24 73,216 ----a-w c:\windows\ST6UNST.EXE
2009-02-10 11:02 787,672 ----a-w c:\windows\system32\drivers\cfosspeed.sys
2009-02-10 11:02 290,008 ----a-w c:\windows\system32\cfosspeed.dll
2009-02-06 11:26 --------- d-----w c:\program files\Common Files\Labtec
2009-02-06 11:23 --------- d-----w c:\program files\Common Files\LogiShrd
2009-02-04 23:02 --------- d-----w c:\program files\ROBOT Structural Office
2009-02-04 23:02 --------- d-----w c:\program files\Common Files\RoboBAT
2009-01-31 11:20 --------- d-----w c:\program files\Labtec
2009-01-16 17:24 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"HP Software Update"="d:\hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LogitechVideoRepair"="d:\labtec\ISStart.exe" [2004-02-12 188416]
"cFosSpeed"="d:\cfosspeed\cFosSpeed.exe" [2009-02-10 876760]
"avast!"="d:\avast\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2009-02-18 c:\windows\system32\nvmctray.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - d:\acrobat reader\Reader\reader_sl.exe [2005-09-24 29696]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-12-08 1205840]
HP Digital Imaging Monitor.lnk - d:\hp\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
Przyspieszenie uruchomienia programu AutoCAD.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 10872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]autocheck lsdelete\[u]0[/u]autocheck lsdelete\[u]0[/u]autocheck lsdelete\[u]0[/u]autocheck lsdelete\[u]0[/u]autocheck lsdelete
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2004-02-12 17:59 77824 d:\labtec\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Tlen\\tlen.exe"=
"d:\\Metin 2\\metin2.bin"=
"d:\\Call of Duty - World at War\\CoDWaWmp.exe"=
"d:\\Call of Duty - World at War\\CoDWaW.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Gadu-Gadu\\gg.exe"=
"d:\\FIFA 08\\FIFA08.exe"=
"d:\\Dance Party\\Program\\DanceParty.exe"=
"d:\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"=
"d:\combat arms eu\CombatArms.exe"= d:\combat arms eu\CombatArms.exe:*Enabled:CombatArms.exe
"d:\combat arms eu\Engine.exe"= d:\combat arms eu\Engine.exe:*Enabled:Engine.exe
"d:\\Combat Arms EU\\NMService.exe"=
"d:\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"d:\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"d:\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"d:\\Steam\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-03-29 130424]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-05 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-05 20560]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2008-12-08 104344]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2008-12-08 69656]
S3 sdAuxService;PC Tools Auxiliary Service;d:\spyware doctor\pctsAuxs.exe [2009-03-29 348752]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
IE: E&ksportuj do programu Microsoft Excel - d:\micros~1\Office12\EXCEL.EXE/3000
TCP: {514D1C80-D8E5-4FB5-8E48-9394AE0B0A9F} = 83.238.255.76 213.241.79.37
FF - ProfilePath - c:\documents and settings\Kosmo\Dane aplikacji\Mozilla\Firefox\Profiles\90qefse8.default\
FF - prefs.js: browser.startup.homepage - http://www.google.pl
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\NexonEU\NGM\npNxGameeu.dll
FF - plugin: d:\acrobat reader\Reader\browser\nppdf32.dll
FF - plugin: d:\mozilla firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 18:07:41
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2009-03-29 18:08:29
ComboFix-quarantined-files.txt 2009-03-29 16:08:27
Przed: 22 177 558 528 bajtów wolnych
Po: 22,163,382,272 bajtów wolnych
183 --- E O F --- 2009-03-17 13:28:16
Prosiłbym o sprawdzenie tych logów, zwłaszcza z Combofixa. Przy okazji chciałem się spytać dlaczego jak skanuję Ad-aware na Full-scan to mi staje mniej więcej przy 1500 pliku o nazwie InprocServer32 i niehce iść dalej ? Jest zainfekowany, uszkodzony czy co ? Wyłączałem i włączałem przywracanie systemu (czemu to ma służyć
), reset kompa i trochę lepiej działa, ale chciałbym go doszczętnie wyczyścić, aby działał jak wcześniej 
EDIT:
Dołączam również raport z SDFix'a, jednak wydaje się czysty:
- Kod: Zaznacz wszystko
[b]SDFix: Version 1.240 [/b]
Run by Administrator on 2009-03-29 at 20:21
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-29 20:33:58
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:02374b1b
"s2"=dword:7bcbd9fb
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:86,fe,54,ab,84,bd,0b,c3,5f,cb,c1,4b,23,2e,6a,e5,2b,7c,e3,cb,eb,..
"p0"="D:\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,21,d2,90,27,8f,29,d4,df,c9,ba,18,29,3f,09,16,dc,a7,..
"khjeh"=hex:ee,9a,cc,51,ef,1d,3e,e3,f4,46,8e,3d,65,b3,64,45,44,d7,90,b5,f6,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b8,59,61,60,27,d3,4f,66,8b,96,52,a6,d8,ce,bc,d0,dd,02,c2,d4,8e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:9f,6a,b6,ee,c4,1c,26,e8,ef,6e,77,48,61,4a,18,c4,14,c6,a8,67,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:9f,6a,b6,ee,c4,1c,26,e8,ef,6e,77,48,61,4a,18,c4,14,c6,a8,67,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:86,fe,54,ab,84,bd,0b,c3,5f,cb,c1,4b,23,2e,6a,e5,2b,7c,e3,cb,eb,..
"p0"="D:\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,21,d2,90,27,8f,29,d4,df,c9,ba,18,29,3f,09,16,dc,a7,..
"khjeh"=hex:ee,9a,cc,51,ef,1d,3e,e3,f4,46,8e,3d,65,b3,64,45,44,d7,90,b5,f6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:b8,59,61,60,27,d3,4f,66,8b,96,52,a6,d8,ce,bc,d0,dd,02,c2,d4,8e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:9f,6a,b6,ee,c4,1c,26,e8,ef,6e,77,48,61,4a,18,c4,14,c6,a8,67,be,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:9f,6a,b6,ee,c4,1c,26,e8,ef,6e,77,48,61,4a,18,c4,14,c6,a8,67,be,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000020d
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Tlen\\tlen.exe"="D:\\Tlen\\tlen.exe:*:Enabled:Komunikator Tlen.pl"
"D:\\Metin 2\\metin2.bin"="D:\\Metin 2\\metin2.bin:*:Enabled:metin2"
"D:\\Call of Duty - World at War\\CoDWaWmp.exe"="D:\\Call of Duty - World at War\\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"D:\\Call of Duty - World at War\\CoDWaW.exe"="D:\\Call of Duty - World at War\\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"D:\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="D:\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"D:\\HP\\Digital Imaging\\bin\\hpqste08.exe"="D:\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"D:\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="D:\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"D:\\HP\\Digital Imaging\\bin\\hposfx08.exe"="D:\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"D:\\HP\\Digital Imaging\\bin\\hposid01.exe"="D:\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"D:\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="D:\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="D:\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="D:\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"D:\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="D:\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"D:\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="D:\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"D:\\HP\\Digital Imaging\\bin\\hpoews01.exe"="D:\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"D:\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="D:\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"D:\\Gadu-Gadu\\gg.exe"="D:\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program główny"
"D:\\FIFA 08\\FIFA08.exe"="D:\\FIFA 08\\FIFA08.exe:*:Enabled:FIFA08"
"D:\\Dance Party\\Program\\DanceParty.exe"="D:\\Dance Party\\Program\\DanceParty.exe:*:Enabled:Dance Party"
"D:\\Mozilla Firefox\\firefox.exe"="D:\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Java\\jre6\\bin\\java.exe"="C:\\Program Files\\Java\\jre6\\bin\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Dane aplikacji\\NexonEU\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"D:\\Combat Arms EU\\CombatArms.exe"="D:\\Combat Arms EU\\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\\Combat Arms EU\\Engine.exe"="D:\\Combat Arms EU\\Engine.exe:*Enabled:Engine.exe"
"D:\\Combat Arms EU\\NMService.exe"="D:\\Combat Arms EU\\NMService.exe:*:Enabled:Nexon Messenger Core"
"D:\\Assassin's Creed\\AssassinsCreed_Dx9.exe"="D:\\Assassin's Creed\\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"D:\\Assassin's Creed\\AssassinsCreed_Dx10.exe"="D:\\Assassin's Creed\\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"D:\\Assassin's Creed\\AssassinsCreed_Launcher.exe"="D:\\Assassin's Creed\\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"D:\\Steam\\hl.exe"="D:\\Steam\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Combat Arms EU\\CombatArms.exe"="D:\\Combat Arms EU\\CombatArms.exe:*Enabled:CombatArms.exe"
"D:\\Combat Arms EU\\Engine.exe"="D:\\Combat Arms EU\\Engine.exe:*Enabled:Engine.exe"
[b]Remaining Files [/b]:
[b]Files with Hidden Attributes [/b]:
Wed 22 Dec 2004 76,568 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 13 Jan 2005 11,360 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Tue 17 Mar 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\166974d4093b41d0975989d1c3cca9d8\BIT1B.tmp"
Tue 17 Mar 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\59e258e5abdd692d27dc3aade6f1564d\BIT1E.tmp"
Tue 17 Mar 2009 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c62f0d45ce37b544b0a3a2299a0c2b1\BIT1C.tmp"
Thu 25 Sep 2008 1,474,088 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc2e9ea56b7bfe9c231c6748f0d15116\BIT33.tmp"
[b]Finished![/b]
