ThirteenWonderful utworzono 6 kwietnia 2010 utworzono 6 kwietnia 2010 Ostatnio mój komputer dziwnie się zawiesza i zwalnia, chociaż nigdy tak się nie działo. Dodatkowo w "zaplanowanych zadaniach" było : PCConfidential ,jakiś tam regcleaner i coś jeszcze. Wszystko z WSTF. Po zastosowaniu ComboFix'a programy z zadań zniknęły (dlatego nie pamiętam wszystkich nazw), ale nadal zamula. Proszę o sprawdzenie logów. ComboFix [log]ComboFix 10-04-05.05 - oem 2010-04-06 11:07:06.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.511.237 [GMT 2:00] Uruchomiony z: c:\documents and settings\oem\Pulpit\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Rezydentny antywirus jest aktywny UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\oem\Dane aplikacji\EurekaLog c:\program files\AskSearch\bin\DefaultSearch.dll c:\winnt\system32\ADADIX16.DLL c:\winnt\system32\ieuinit.inf c:\winnt\system32\ReadMe.txt . ((((((((((((((((((((((((( Pliki utworzone od 2010-03-06 do 2010-04-06 ))))))))))))))))))))))))))))))) . Nie utworzono żadnych nowych plików w tym okresie . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-06 09:05 . 2010-01-21 13:13 -------- d-----w- c:\program files\Common Files\Akamai 2010-04-06 09:04 . 2009-06-07 13:01 -------- d-----w- c:\documents and settings\oem\Dane aplikacji\DNA 2010-04-06 08:13 . 2009-02-24 12:39 -------- d-----w- c:\documents and settings\oem\Dane aplikacji\skypePM 2010-04-06 08:13 . 2009-02-28 12:50 -------- d-----w- c:\documents and settings\oem\Dane aplikacji\ipla 2010-04-06 08:12 . 2009-06-07 13:01 -------- d-----w- c:\program files\DNA 2010-04-05 20:18 . 2009-02-24 12:38 -------- d-----w- c:\documents and settings\oem\Dane aplikacji\Skype 2010-04-02 08:22 . 2009-03-07 16:53 1 ----a-w- c:\documents and settings\oem\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-03-29 12:18 . 2001-10-26 18:15 79188 ----a-w- c:\winnt\system32\perfc015.dat 2010-03-29 12:18 . 2001-10-26 18:15 457678 ----a-w- c:\winnt\system32\perfh015.dat 2010-03-07 17:20 . 2009-08-12 17:22 -------- d-----w- c:\program files\ZwangiSearch 2010-03-05 16:08 . 2010-03-05 16:08 33 ----a-w- c:\winnt\system32\drivers\adidsl.cfg 2010-03-05 16:08 . 2009-02-24 10:25 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-03-05 16:07 . 2010-03-05 16:07 -------- d-----w- c:\program files\SAGEM 2010-03-05 16:07 . 2010-03-05 16:07 -------- d-----w- c:\documents and settings\oem\Dane aplikacji\InstallShield 2010-03-02 15:11 . 2010-01-30 20:53 -------- d-----w- c:\documents and settings\oem\Dane aplikacji\Gadu-Gadu 10 2010-02-28 19:08 . 2010-02-28 19:08 -------- d-----w- c:\winnt\system32\config\systemprofile\Dane aplikacji\Foxit Software 2010-02-28 13:42 . 2009-09-29 15:38 -------- d-----w- c:\documents and settings\oem\Dane aplikacji\Foxit Software 2010-02-27 09:45 . 2010-02-27 09:45 -------- d-----w- c:\documents and settings\LocalService\Dane aplikacji\Foxit Software 2010-02-27 09:44 . 2009-06-11 12:55 -------- d-----w- c:\program files\Foxit Software 2010-02-18 20:27 . 2010-02-18 20:23 -------- d-----w- c:\program files\Google 2010-02-18 09:15 . 2009-05-25 12:16 -------- d-----w- c:\program files\Microsoft Silverlight 2010-02-09 19:13 . 2010-02-09 19:13 53760 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\zlib.dll 2010-02-09 19:13 . 2010-02-09 19:13 868352 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe 2010-02-09 19:13 . 2010-02-09 19:13 640000 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\dbghelp.dll 2010-02-09 19:13 . 2010-02-09 19:13 1712128 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\GdiPlus.dll 2010-02-08 14:53 . 2010-02-07 13:46 -------- d-----w- c:\program files\Stitch 2010-02-08 14:53 . 2010-02-07 13:46 -------- d-----w- c:\documents and settings\oem\Dane aplikacji\Stitch 2010-02-07 21:05 . 2009-05-17 18:19 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM 2010-02-07 13:39 . 2010-02-07 13:39 -------- d-----w- c:\program files\ScreenMates 2010-01-25 17:04 . 2010-01-25 17:04 65024 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\jinput-dx8_64.dll 2010-01-25 17:04 . 2010-01-25 17:04 62464 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\jinput-raw_64.dll 2010-01-25 17:04 . 2010-01-25 17:04 444952 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\wrap_oal.dll 2010-01-25 17:04 . 2010-01-25 17:04 29184 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\jinput-raw.dll 2010-01-25 17:04 . 2010-01-25 17:04 244224 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\lwjgl64.dll 2010-01-25 17:04 . 2010-01-25 17:04 163328 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\lwjgl.dll 2010-01-25 17:04 . 2010-01-25 17:04 30720 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\jinput-dx8.dll 2010-01-25 17:04 . 2010-01-25 17:04 195072 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\OpenAL64.dll 2010-01-25 17:04 . 2010-01-25 17:04 121856 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\ProcessList.dll 2010-01-25 17:04 . 2010-01-25 17:04 109080 ----a-w- c:\documents and settings\oem\Dane aplikacji\Sun\Java\Deployment\cache\6.0\18\29a59cd2-2634223c-n\OpenAL32.dll 2010-01-22 19:19 . 2009-02-24 13:54 73944 ----a-w- c:\documents and settings\oem\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2010-01-20 12:05 . 2010-01-20 12:05 42088 ----a-w- c:\documents and settings\oem\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll 2010-01-20 12:03 . 2010-01-20 12:03 11776 ----a-w- c:\documents and settings\oem\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="d:\skype\Phone\Skype.exe" [2009-02-04 23975720] "IPLA!"="d:\ipla\ipla.exe" [2009-12-23 14100888] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-15 323392] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] "EPSON Stylus DX3800 Series"="c:\winnt\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304] "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2004-06-18 67584] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-14 344064] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-05-25 35328] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "EPSON Stylus DX3800 Series"="c:\winnt\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-01-09 53340] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nlsf"="move" [X] "tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\oem\Menu Start\Programy\Autostart\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2010-3-5 1205840] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\WINNT\\system32\\dpnsvr.exe"= "d:\\Metin\\metin2.bin"= "d:\\Metin\\metin2client.bin"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "d:\\Gadu-Gadu 10\\gg.exe"= "d:\\Skype\\Phone\\Skype.exe"= R1 epfwtdir;epfwtdir;c:\winnt\system32\drivers\epfwtdir.sys [2008-06-10 34312] R2 Akamai;Akamai NetSession Interface;c:\winnt\System32\svchost.exe -k Akamai [2004-08-04 14336] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-06-10 468224] R3 e4usbaw;USB ADSL2 WAN Adapter;c:\winnt\system32\drivers\e4usbaw.sys [2010-03-05 104344] R3 V0260VID;Live! Cam Vista IM;c:\winnt\system32\drivers\V0260Vid.sys [2010-02-04 162176] S0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [2009-06-13 717296] S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\winnt\system32\drivers\e4ldr.sys [2010-03-05 69656] S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 135664] S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\winnt\system32\regedt32.exe [2001-10-26 3584] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\winnt\system32\drivers\k510bus.sys [2009-02-25 58288] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\winnt\system32\drivers\k510mdfl.sys [2009-02-25 8336] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\winnt\system32\drivers\k510mdm.sys [2009-02-25 94064] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\winnt\system32\drivers\k510mgmt.sys [2009-02-25 85408] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\winnt\system32\drivers\k510obex.sys [2009-02-25 83344] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Zawartość folderu 'Zaplanowane zadania' 2010-04-06 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 20:23] 2010-04-06 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 20:23] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://today.ask.com/foxit?o=101702&l=dis uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s IE: E&ksportuj do programu Microsoft Excel - d:\office\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\oem\Dane aplikacji\Mozilla\Firefox\Profiles\gwy82wlg.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q= FF - plugin: c:\documents and settings\all users\dane aplikacji\Reader\browser\nppdf32.dll FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\documents and settings\oem\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll FF - plugin: c:\documents and settings\oem\Dane aplikacji\Mozilla\Firefox\Profiles\gwy82wlg.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\oem\Dane aplikacji\Mozilla\Firefox\Profiles\gwy82wlg.default\extensions\{eaf8a4ef-d221-45ca-9deb-d0934b45fa34}\plugins\npOggX.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOggX.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - USUNIĘTO PUSTE WPISY - - - - BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll HKCU-Run-Expressivo - d:\expressivo\expressivo.exe HKCU-Run-ALLUpdate - d:\allplayer\ALLUpdate.exe HKCU-Run-iGoD - c:\documents and settings\oem\Pulpit\iGoDr01685.exe HKCU-RunOnce-Shockwave Updater - (no file) HKLM-Run-QuickTime Task - d:\quicktime\QTTask.exe AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe AddRemove-AVI ReComp - d:\avi recomp\Uninstall.exe AddRemove-Avisynth - d:\avisynth 2.5\Uninstall.exe AddRemove-Dracula Twins_is1 - d:\program files\Dracula Twins\unins000.exe AddRemove-Gold Miner Vegas - d:\gold miner vegas\uninstall.exe AddRemove-Hard Truck 18 Wheels of Steel - d:\hardtr~1\UNWISE.EXE AddRemove-Monopoly by Parker Brothers - d:\monopoly\UNWISE.EXE AddRemove-RegPowerClean_is1 - c:\program files\Winferno\RegistryPowerCleaner\unins000.exe AddRemove-Total Video Converter 3.21_is1 - d:\total video converter\unins000.exe AddRemove-VobSub - d:\vobsub\uninstall.exe AddRemove-WinGimp-2.0_is1 - d:\gimp\setup\unins000.exe AddRemove-Xvid_is1 - d:\xvid\unins000.exe AddRemove-ZgrywusNMZ_is1 - d:\zgrywus - nie ma zmiluj\unins000.exe AddRemove-{4DBF3C3D-5B6D-45B2-A08B-B06490E2666F}_is1 - d:\wru\unins000.exe AddRemove-BitTorrent - d:\bittorrent\BitTorrent.exe AddRemove-CodeBlocks - d:\codeblocks\uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-06 11:12 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(664) c:\winnt\system32\Ati2evxx.dll . Czas ukończenia: 2010-04-06 11:14:50 ComboFix-quarantined-files.txt 2010-04-06 09:14 Przed: 8 572 997 632 bajtów wolnych Po: 10 717 622 272 bajtów wolnych - - End Of File - - CEE128F0138447FF6F68B080F68ABF90[/log] HijackThis [log]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:38:39, on 2010-04-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\CTsvcCDA.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINNT\system32\Ati2evxx.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\wscntfy.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINNT\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://today.ask.com/foxit?o=101702&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\documents and settings\all users\dane aplikacji\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon O4 - HKCU\..\Run: [Skype] "D:\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [IPLA!] D:\ipla\ipla.exe /autorun O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [EPSON Stylus DX3800 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU" O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\Office\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file) O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{1CA96F82-19FE-46E0-817A-7C5B30BF43DD}: NameServer = 213.241.79.37 87.204.204.204 O17 - HKLM\System\CS1\Services\Tcpip\..\{1CA96F82-19FE-46E0-817A-7C5B30BF43DD}: NameServer = 213.241.79.37 87.204.204.204 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 7039 bytes[/log]
Mateusz J. komentarz 7 kwietnia 2010 komentarz 7 kwietnia 2010 Ogólnie ok. Pozostałość mała: Do notatnika wklej: [code]Windows Registry Editor Version 5.00 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nlsf"=-[/code]Plik ==> Zapisz jako ==> Zmień rozszerzenie na Wszystkie pliki ==> Zapisz pod nazwą [b]FIX.REG[/b] Uruchom utworzony plik [b]FIX.REG[/b] i potwierdź dodanie do Rejestru i zresetuj komputer. Usuń folder c:\QooBox.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.