x-kom hosting

Mulenie i dziwne zachowanie kompa

ThirteenWonderful
utworzono
utworzono

Ostatnio mój komputer dziwnie się zawiesza i zwalnia, chociaż nigdy tak się nie działo. Dodatkowo w "zaplanowanych zadaniach" było : PCConfidential ,jakiś tam regcleaner i coś jeszcze. Wszystko z WSTF. Po zastosowaniu ComboFix'a programy z zadań zniknęły (dlatego nie pamiętam wszystkich nazw), ale nadal zamula. Proszę o sprawdzenie logów.

ComboFix

[log]ComboFix 10-04-05.05 - oem 2010-04-06 11:07:06.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.237 [GMT 2:00]
Uruchomiony z: c:\documents and settings\oem\Pulpit\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezydentny antywirus jest aktywny


UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\oem\Dane aplikacji\EurekaLog
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\winnt\system32\ADADIX16.DLL
c:\winnt\system32\ieuinit.inf
c:\winnt\system32\ReadMe.txt

.
((((((((((((((((((((((((( Pliki utworzone od 2010-03-06 do 2010-04-06 )))))))))))))))))))))))))))))))
.

Nie utworzono żadnych nowych plików w tym okresie

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 09:05 . 2010-01-21 13:13 -------- d-----w- c:\program files\Common Files\Akamai
2010-04-06 09:04 . 2009-06-07 13:01 -------- d-----w- c:\documents and settings\oem\Dane aplikacji\DNA
2010-04-06 08:13 . 2009-02-24 12:39 -------- d-----w- c:\documents and settings\oem\Dane aplikacji\skypePM
2010-04-06 08:13 . 2009-02-28 12:50 -------- d-----w- c:\documents and settings\oem\Dane aplikacji\ipla
2010-04-06 08:12 . 2009-06-07 13:01 -------- d-----w- c:\program files\DNA
2010-04-05 20:18 . 2009-02-24 12:38 -------- d-----w- c:\documents and settings\oem\Dane aplikacji\Skype
2010-04-02 08:22 . 2009-03-07 16:53 1 ----a-w- c:\documents and settings\oem\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-29 12:18 . 2001-10-26 18:15 79188 ----a-w- c:\winnt\system32\perfc015.dat
2010-03-29 12:18 . 2001-10-26 18:15 457678 ----a-w- c:\winnt\system32\perfh015.dat
2010-03-07 17:20 . 2009-08-12 17:22 -------- d-----w- c:\program files\ZwangiSearch
2010-03-05 16:08 . 2010-03-05 16:08 33 ----a-w- c:\winnt\system32\drivers\adidsl.cfg
2010-03-05 16:08 . 2009-02-24 10:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-05 16:07 . 2010-03-05 16:07 -------- d-----w- c:\program files\SAGEM
2010-03-05 16:07 . 2010-03-05 16:07 -------- d-----w- c:\documents and settings\oem\Dane aplikacji\InstallShield
2010-03-02 15:11 . 2010-01-30 20:53 -------- d-----w- c:\documents and settings\oem\Dane aplikacji\Gadu-Gadu 10
2010-02-28 19:08 . 2010-02-28 19:08 -------- d-----w- c:\winnt\system32\config\systemprofile\Dane aplikacji\Foxit Software
2010-02-28 13:42 . 2009-09-29 15:38 -------- d-----w- c:\documents and settings\oem\Dane aplikacji\Foxit Software
2010-02-27 09:45 . 2010-02-27 09:45 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\Foxit Software
2010-02-27 09:44 . 2009-06-11 12:55 -------- d-----w- c:\program files\Foxit Software
2010-02-18 20:27 . 2010-02-18 20:23 -------- d-----w- c:\program files\Google
2010-02-18 09:15 . 2009-05-25 12:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-09 19:13 . 2010-02-09 19:13 53760 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\zlib.dll
2010-02-09 19:13 . 2010-02-09 19:13 868352 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe
2010-02-09 19:13 . 2010-02-09 19:13 640000 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\dbghelp.dll
2010-02-09 19:13 . 2010-02-09 19:13 1712128 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\GdiPlus.dll
2010-02-08 14:53 . 2010-02-07 13:46 -------- d-----w- c:\program files\Stitch
2010-02-08 14:53 . 2010-02-07 13:46 -------- d-----w- c:\documents and settings\oem\Dane aplikacji\Stitch
2010-02-07 21:05 . 2009-05-17 18:19 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2010-02-07 13:39 . 2010-02-07 13:39 -------- d-----w- c:\program files\ScreenMates
2010-01-25 17:04 . 2010-01-25 17:04 65024 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\jinput-dx8_64.dll
2010-01-25 17:04 . 2010-01-25 17:04 62464 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\jinput-raw_64.dll
2010-01-25 17:04 . 2010-01-25 17:04 444952 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\wrap_oal.dll
2010-01-25 17:04 . 2010-01-25 17:04 29184 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\jinput-raw.dll
2010-01-25 17:04 . 2010-01-25 17:04 244224 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\lwjgl64.dll
2010-01-25 17:04 . 2010-01-25 17:04 163328 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\lwjgl.dll
2010-01-25 17:04 . 2010-01-25 17:04 30720 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\jinput-dx8.dll
2010-01-25 17:04 . 2010-01-25 17:04 195072 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\OpenAL64.dll
2010-01-25 17:04 . 2010-01-25 17:04 121856 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\ProcessList.dll
2010-01-25 17:04 . 2010-01-25 17:04 109080 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\OpenAL32.dll
2010-01-22 19:19 . 2009-02-24 13:54 73944 ----a-w- c:\documents and settings\oem\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-01-20 12:05 . 2010-01-20 12:05 42088 ----a-w- c:\documents and settings\oem\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
2010-01-20 12:03 . 2010-01-20 12:03 11776 ----a-w- c:\documents and settings\oem\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="d:\skype\Phone\Skype.exe" [2009-02-04 23975720]
"IPLA!"="d:\ipla\ipla.exe" [2009-12-23 14100888]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-15 323392]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"EPSON Stylus DX3800 Series"="c:\winnt\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 344064]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-05-25 35328]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"EPSON Stylus DX3800 Series"="c:\winnt\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-01-09 53340]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\oem\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2010-3-5 1205840]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINNT\\system32\\dpnsvr.exe"=
"d:\\Metin\\metin2.bin"=
"d:\\Metin\\metin2client.bin"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Gadu-Gadu 10\\gg.exe"=
"d:\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;c:\winnt\system32\drivers\epfwtdir.sys [2008-06-10 34312]
R2 Akamai;Akamai NetSession Interface;c:\winnt\System32\svchost.exe -k Akamai [2004-08-04 14336]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\winnt\system32\drivers\e4usbaw.sys [2010-03-05 104344]
R3 V0260VID;Live! Cam Vista IM;c:\winnt\system32\drivers\V0260Vid.sys [2010-02-04 162176]
S0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [2009-06-13 717296]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\winnt\system32\drivers\e4ldr.sys [2010-03-05 69656]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 135664]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\winnt\system32\regedt32.exe [2001-10-26 3584]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\winnt\system32\drivers\k510bus.sys [2009-02-25 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\winnt\system32\drivers\k510mdfl.sys [2009-02-25 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\winnt\system32\drivers\k510mdm.sys [2009-02-25 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\winnt\system32\drivers\k510mgmt.sys [2009-02-25 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\winnt\system32\drivers\k510obex.sys [2009-02-25 83344]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Zawartość folderu 'Zaplanowane zadania'

2010-04-06 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 20:23]

2010-04-06 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 20:23]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://today.ask.com/foxit?o=101702&l=dis
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s
IE: E&ksportuj do programu Microsoft Excel - d:\office\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\oem\Dane aplikacji\Mozilla\Firefox\Profiles\gwy82wlg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
FF - plugin: c:\documents and settings\all users\dane aplikacji\Reader\browser\nppdf32.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\oem\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\documents and settings\oem\Dane aplikacji\Mozilla\Firefox\Profiles\gwy82wlg.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\oem\Dane aplikacji\Mozilla\Firefox\Profiles\gwy82wlg.default\extensions\{eaf8a4ef-d221-45ca-9deb-d0934b45fa34}\plugins\npOggX.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOggX.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - USUNIĘTO PUSTE WPISY - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
HKCU-Run-Expressivo - d:\expressivo\expressivo.exe
HKCU-Run-ALLUpdate - d:\allplayer\ALLUpdate.exe
HKCU-Run-iGoD - c:\documents and settings\oem\Pulpit\iGoDr01685.exe
HKCU-RunOnce-Shockwave Updater - (no file)
HKLM-Run-QuickTime Task - d:\quicktime\QTTask.exe
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
AddRemove-AVI ReComp - d:\avi recomp\Uninstall.exe
AddRemove-Avisynth - d:\avisynth 2.5\Uninstall.exe
AddRemove-Dracula Twins_is1 - d:\program files\Dracula Twins\unins000.exe
AddRemove-Gold Miner Vegas - d:\gold miner vegas\uninstall.exe
AddRemove-Hard Truck 18 Wheels of Steel - d:\hardtr~1\UNWISE.EXE
AddRemove-Monopoly by Parker Brothers - d:\monopoly\UNWISE.EXE
AddRemove-RegPowerClean_is1 - c:\program files\Winferno\RegistryPowerCleaner\unins000.exe
AddRemove-Total Video Converter 3.21_is1 - d:\total video converter\unins000.exe
AddRemove-VobSub - d:\vobsub\uninstall.exe
AddRemove-WinGimp-2.0_is1 - d:\gimp\setup\unins000.exe
AddRemove-Xvid_is1 - d:\xvid\unins000.exe
AddRemove-ZgrywusNMZ_is1 - d:\zgrywus - nie ma zmiluj\unins000.exe
AddRemove-{4DBF3C3D-5B6D-45B2-A08B-B06490E2666F}_is1 - d:\wru\unins000.exe
AddRemove-BitTorrent - d:\bittorrent\BitTorrent.exe
AddRemove-CodeBlocks - d:\codeblocks\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-06 11:12
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\winnt\system32\Ati2evxx.dll
.
Czas ukończenia: 2010-04-06 11:14:50
ComboFix-quarantined-files.txt 2010-04-06 09:14

Przed: 8 572 997 632 bajtów wolnych
Po: 10 717 622 272 bajtów wolnych

- - End Of File - - CEE128F0138447FF6F68B080F68ABF90[/log]

HijackThis

[log]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:39, on 2010-04-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINNT\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/foxit?o=101702&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\documents and settings\all users\dane aplikacji\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [Skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IPLA!] D:\ipla\ipla.exe /autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [EPSON Stylus DX3800 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CA96F82-19FE-46E0-817A-7C5B30BF43DD}: NameServer = 213.241.79.37 87.204.204.204
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CA96F82-19FE-46E0-817A-7C5B30BF43DD}: NameServer = 213.241.79.37 87.204.204.204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7039 bytes[/log]

Mateusz J.
komentarz
komentarz

Ogólnie ok.
Pozostałość mała:
Do notatnika wklej:
[code]Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nlsf"=-[/code]Plik ==> Zapisz jako ==> Zmień rozszerzenie na Wszystkie pliki ==> Zapisz pod nazwą [b]FIX.REG[/b]
Uruchom utworzony plik [b]FIX.REG[/b] i potwierdź dodanie do Rejestru i zresetuj komputer.

Usuń folder c:\QooBox.

ThirteenWonderful
komentarz
komentarz

Aha, dzięki wielkie :)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.