Sign in to follow this  
Followers 0
bezimienny

Brak ikon i paska startu po starcie systemu

32 posts in this topic

dobra, użyje combofix'a ale to dopiero jutro, bo dzisiaj się nie wyrobie

log z combofix'a
[log]ComboFix 10-08-07.02 - Krzysiek 2010-08-08 21:41:13.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2047.1563 [GMT 2:00]
Uruchomiony z: d:\download\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Utworzono nowy punkt przywracania
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Krzysiek\Dane aplikacji\BITS
c:\documents and settings\Krzysiek\Dane aplikacji\BITS\BITS.ini
c:\documents and settings\Krzysiek\Dane aplikacji\BITS\DHTTable.dat
c:\documents and settings\Krzysiek\Dane aplikacji\BITS\ProxyList.ini
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat

.
((((((((((((((((((((((((( Pliki utworzone od 2010-07-08 do 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-05 13:46 . 2010-08-05 13:46 -------- d-----w- c:\windows\system32\Adobe
2010-08-03 09:18 . 2010-08-03 09:18 -------- d-----w- c:\program files\Common Files\Java
2010-08-03 09:17 . 2010-07-17 03:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-02 20:30 . 2010-08-02 20:30 503808 ----a-w- c:\documents and settings\Krzysiek\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4459d99d-n\msvcp71.dll
2010-08-02 20:30 . 2010-08-02 20:30 499712 ----a-w- c:\documents and settings\Krzysiek\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4459d99d-n\jmc.dll
2010-08-02 20:30 . 2010-08-02 20:30 348160 ----a-w- c:\documents and settings\Krzysiek\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4459d99d-n\msvcr71.dll
2010-08-02 20:30 . 2010-08-02 20:30 61440 ----a-w- c:\documents and settings\Krzysiek\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-47e19f9d-n\decora-sse.dll
2010-08-02 20:30 . 2010-08-02 20:30 12800 ----a-w- c:\documents and settings\Krzysiek\Dane aplikacji\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-47e19f9d-n\decora-d3d.dll
2010-08-02 16:33 . 2010-07-19 18:39 875296 ----a-w- c:\documents and settings\Krzysiek\Dane aplikacji\Sun\Java\JRERunOnce.exe
2010-07-24 16:52 . 2010-07-24 16:53 -------- d-----w- c:\program files\AP Tuner
2010-07-16 11:44 . 2010-07-16 11:45 -------- d-----w- c:\program files\trend micro
2010-07-12 21:09 . 2010-07-12 21:09 -------- d-----w- c:\documents and settings\Krzysiek\dwhelper
2010-07-12 11:55 . 2010-07-12 11:55 -------- d-----w- c:\documents and settings\Krzysiek\DoctorWeb
2010-07-12 11:19 . 2010-07-12 11:19 -------- d-----w- c:\documents and settings\Krzysiek\Dane aplikacji\Malwarebytes
2010-07-12 11:18 . 2010-07-12 11:18 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 20:07 . 2010-03-22 18:36 -------- d-----w- c:\documents and settings\Krzysiek\Dane aplikacji\AIMP
2010-08-07 19:26 . 2009-11-21 12:39 218808 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-08-07 19:21 . 2009-11-21 12:39 137256 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-08-07 12:00 . 2009-12-06 10:33 13186767 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-08-06 13:14 . 2009-11-21 15:20 -------- d-----w- c:\documents and settings\Krzysiek\Dane aplikacji\HPAppData
2010-08-03 09:17 . 2010-02-09 15:52 -------- d-----w- c:\program files\Java
2010-07-24 16:52 . 2009-11-21 12:35 -------- d---a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP
2010-07-24 16:51 . 2009-11-20 21:47 75120 ----a-w- c:\documents and settings\Krzysiek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-07-19 21:30 . 2009-11-20 21:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-18 22:03 . 2010-06-10 11:39 -------- d-----w- c:\program files\Cheat Engine
2010-07-05 11:01 . 2010-01-30 16:59 -------- d-----w- c:\documents and settings\Krzysiek\Dane aplikacji\Skype
2010-07-05 10:59 . 2009-12-07 14:48 -------- d-----w- c:\documents and settings\Krzysiek\Dane aplikacji\skypePM
2010-07-02 12:35 . 2010-07-02 12:35 -------- d-----w- c:\program files\SmartPCTools
2010-07-02 09:26 . 2009-11-21 11:45 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-06-28 20:57 . 2010-06-29 10:14 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2009-11-21 11:34 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2009-11-21 11:34 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2009-11-21 12:09 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2009-11-21 11:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2009-11-21 11:34 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2009-11-21 11:34 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2009-11-21 12:09 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2009-11-21 11:34 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-26 20:24 . 2010-06-26 16:13 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\PMB Files
2010-06-24 17:52 . 2001-10-26 16:15 573982 ----a-w- c:\windows\system32\perfh015.dat
2010-06-24 17:52 . 2001-10-26 16:15 113268 ----a-w- c:\windows\system32\perfc015.dat
2010-06-24 17:50 . 2010-01-10 14:47 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 11:51 . 2009-11-21 15:00 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2010-06-23 11:51 . 2009-11-21 11:44 69120 ----a-w- c:\windows\system32\zlcomm.dll
2010-06-23 11:51 . 2009-11-21 11:44 103936 ----a-w- c:\windows\system32\zlcommdb.dll
2010-06-22 20:00 . 2009-11-22 11:11 -------- d-----w- c:\documents and settings\Krzysiek\Dane aplikacji\Nowe Gadu-Gadu
2010-06-14 13:50 . 2009-11-21 11:34 -------- d-----w- c:\program files\Alwil Software
2010-06-14 12:55 . 2010-06-14 12:55 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Alwil Software
2010-06-12 16:58 . 2010-06-12 16:58 -------- d-----w- c:\program files\Electronic Arts
2010-06-11 16:50 . 2010-06-11 16:28 -------- d-----w- c:\documents and settings\Krzysiek\Dane aplikacji\TeamViewer
2010-06-11 16:28 . 2010-06-11 16:28 -------- d-----w- c:\program files\TeamViewer
2010-06-10 15:47 . 2010-06-10 15:47 -------- d-----w- c:\program files\Lavalys
2010-05-27 20:25 . 2010-05-27 20:25 36864 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\Sleep.exe
2010-05-27 20:25 . 2010-05-27 20:25 3351812 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\msxml6Exec.exe
2010-05-27 20:25 . 2010-05-27 20:25 3203453 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\vcredistExec.exe
2010-05-27 20:25 . 2010-05-27 20:26 35798496 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\NokiaSoftwareUpdaterSetup_2.5.2PL.exe
.

------- Sigcheck -------

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-04-13 . 607C976B22AEB2FCF8A7486BCCA1E3BF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\programy\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"MutlimediaKbdDriver"="e:\programy\M-KbdDrv.exe" [2007-04-18 1617920]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"hpqSRMon"=c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
"NokiaMServer"=c:\program files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"e:\\Programy\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Gry\\Crysis\\Bin32\\Crysis.exe"=
"e:\\Gry\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Gry\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"e:\\Gry\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"e:\\Gry\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"e:\\Gry\\Steam\\Steam.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"e:\\Gry\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"e:\\Gry\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"e:\\Gry\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"e:\\Gry\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"e:\\Gry\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"e:\\Programy\\FlashGet universal\\FlashGet\\FlashGet3.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Gry\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"e:\\Gry\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15238:TCP"= 15238:TCP:BitComet 15238 TCP
"15238:UDP"= 15238:UDP:BitComet 15238 UDP
"58548:TCP"= 58548:TCP:Pando Media Booster
"58548:UDP"= 58548:UDP:Pando Media Booster

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2009-12-11 5248]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2007-05-25 137728]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-11-21 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-21 17744]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2009-11-21 38656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 cpuz130;cpuz130;\??\c:\docume~1\Krzysiek\USTAWI~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Krzysiek\USTAWI~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-12-09 13224]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-05-05 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-05-05 8320]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2009-12-11 160640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Zawartość folderu 'Zaplanowane zadania'

2010-08-08 c:\windows\Tasks\1-Click Maintenance.job
- e:\programy\TuneUp Utilities 2008\OneClickStarter.exe [2008-04-16 08:59]
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://adclick.hit.gemius.pl/hitredir/id=cohAhEs7a7LzBVb1y957B6dzrqxU_U8zTiwAeZ1L7O7.r7/stparam=ohdggqdfbg/sarg=00000005801E4EF4/fastid=1297036692683035469/url=http://ad.pl.doubleclick.net/click;h=v2|3B9D|0|0|%2a|u;218826783;0-0;0;41766982;31-1|1;33769888|33787766|1;;%3fhttp://nieplaczatv.dialogmedia.pl/kontakt,krok-start,1,1.html?iK=62
IE: ????3??
IE: ????3??????
IE: Download all by FlashGet3 - e:\programy\FlashGet universal\FlashGet\GetAllUrl.htm
IE: Download by FlashGet3 - e:\programy\FlashGet universal\FlashGet\GetUrl.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Pobierz wszystkie VIdeo za pomocą BitComet - e:\programy\BitComet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - e:\programy\BitComet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - e:\programy\BitComet\BitComet.exe/AddLink.htm
IE: ????3?? - c:\documents and settings\Krzysiek\Dane aplikacji\FlashGetBHO\GetUrl.htm
IE: ????3?????? - c:\documents and settings\Krzysiek\Dane aplikacji\FlashGetBHO\GetAllUrl.htm
FF - ProfilePath - c:\documents and settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (pl)
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: network.proxy.http - 202.153.41.211
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\Krzysiek\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\documents and settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\Krzysiek\Dane aplikacji\Mozilla\Firefox\Profiles\15uuingq.default\extensions\turntoolviewer@turntool.com\plugins\nptnt.dll
FF - plugin: c:\documents and settings\Krzysiek\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: e:\programy\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: e:\programy\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-08 21:43
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-436374069-308236825-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}Ź]
@="c:\\Documents and Settings\\Krzysiek\\Dane aplikacji\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022

[HKEY_USERS\S-1-5-21-436374069-308236825-1801674531-1003\Software\Microsoft\Internet Explorer\MenuExt\O(uë_fŹ3* N}ŹhQčţ”Ąc]
@="c:\\Documents and Settings\\Krzysiek\\Dane aplikacji\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3

[HKEY_USERS\S-1-5-21-436374069-308236825-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:54,ba,da,31,22,d9,60,fd,90,f7,a4,0a,52,6b,9f,87,8e,2d,f4,de,66,
55,a7,c3,2c,54,fc,02,98,a8,bf,5a,5f,09,2a,d5,88,0a,5f,f7,c3,90,83,e9,61,0b,\
"rkeysecu"=hex:00,c6,25,20,5a,db,bd,14,8d,59,3c,ee,34,01,ac,a5
.
Czas ukończenia: 2010-08-08 21:45:24
ComboFix-quarantined-files.txt 2010-08-08 19:45

Przed: 35 947 503 616 bajtów wolnych
Po: 35 932 942 336 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - E76B4A3EC91F557996CF4297FC419D42
[/log]

EDIT
nic to nie pomogło

teraz nie działają mi dodatkowe klawisze na klawiaturze np. regulacja głośności i wszystkie inne. nawet reinstall sterów nie pomógł. Edited by Bezimienny

Share this post


Link to post
Share on other sites
Tak jak mówiłem używanie combofix to zły pomysł.

Widzę że usuną 2 pliki. Wejdź do folderu qoobox i przeskanuj poniższe pliki na virustotal
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat

Share this post


Link to post
Share on other sites
oto skany:
[url]http://www.virustotal.com/pl/analisis/25238881b995698aa3ca12f29d9ed8cbfd483d224262ed775742f4886c1a635d-1281360355[/url]
[url]https://www.virustotal.com/pl/analisis/8704793ad04c84b193c1df0498ed2a37142330c1b534f108719723730de57df2-1281360379[/url]

Share this post


Link to post
Share on other sites
Spróbować nie zaszkodziło, a te uszkodzenia są nie wielkie.

Przywróć pliki usunięte przez combofixa.

Następnie wykonaj naprawę systemu z płyty CD. (tak czy siak to Cię czekało;])

Share this post


Link to post
Share on other sites
możesz mi napisać jak je mam przywrócić?
i czy używając [url="http://www.forumpc.pl/index.php?showtopic=60904"]tego[/url] sposobu będę dalej miał zainstalowane i działające (poprawnie) programy na partycji systemowej? Edited by Bezimienny

Share this post


Link to post
Share on other sites
wchodzisz do folderu qoobox , usuwasz roszerzenia .vir dodane do plików i wrzucasz je do tych lokazlizacji
c:\documents and settings\Krzysiek\Dane aplikacji\BITS
c:\documents and settings\Krzysiek\Dane aplikacji\BITS\BITS.ini
c:\documents and settings\Krzysiek\Dane aplikacji\BITS\DHTTable.dat
c:\documents and settings\Krzysiek\Dane aplikacji\BITS\ProxyList.ini
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat

Share this post


Link to post
Share on other sites
no kurcza blada. Podczas naprawy systemu pojawił się STOP 0x0000007E. Musiałem od nowa postawić system. Zainstalowałem wszystko i dalej mi się nie wyświetla pasek startu :/. Tylko ja mam takie szczęście do maszyn :/ Na dodatek dziad instalator pozmieniał mi nazwy dysków i zamiast C D E mam C H I. Wszystkie gry uszkodzone trzeba od nowa instalować a problem jak jest tak jest. Ehhh życie... Edited by Bezimienny

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.