soffia utworzono 16 lutego 2009 utworzono 16 lutego 2009 ComboFix 09-02-15.01 - Toshiba 2009-02-16 13:46:14.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.446.54 [GMT 1:00] Running from: c:\documents and settings\Toshiba\Pulpit\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090216-0] *On-access scanning enabled* (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system\_sv_CMD_ c:\windows\system\_sv_CMD_\U.exe . ((((((((((((((((((((((((( Files Created from 2009-01-16 to 2009-02-16 ))))))))))))))))))))))))))))))) . 2009-02-13 10:54 . 2009-02-13 11:00 <DIR> d-------- C:\AP Ramzes 2009-02-12 18:42 . 2004-12-13 21:16 73,728 --a------ c:\windows\system32\foxhhelp9.exe 2009-02-12 18:42 . 2005-10-06 07:28 38,912 --a------ c:\windows\system32\foxtools.fll 2009-02-12 18:42 . 2004-12-13 21:16 16,384 --a------ c:\windows\system32\foxhhelpps9.dll 2009-01-26 21:04 . 2009-01-26 21:04 <DIR> d-------- C:\Spidek 2009-01-22 15:41 . 2009-01-22 15:41 <DIR> d-------- c:\documents and settings\Toshiba\Dane aplikacji\23doors 2009-01-22 15:36 . 2009-01-22 15:36 <DIR> d-------- c:\documents and settings\Toshiba\.spidek 2009-01-21 11:27 . 2009-01-21 11:32 <DIR> d-------- c:\program files\Valve . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-16 12:26 --------- d-----w c:\program files\PITy 2009-02-16 08:15 --------- d-----w c:\program files\Lx_cats 2009-02-09 17:16 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "EXPLORER.EXE"="EXPLORER.EXE" [2007-06-13 c:\windows\explorer.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064] "NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648] "lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe" [2005-08-02 192512] "EzPrint"="c:\program files\Lexmark 4300 Series\ezprint.exe" [2005-07-26 94208] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "LXCECATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll" [2005-07-20 73728] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Przyspieszenie uruchomienia programu AutoCAD.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-18 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-18 20560] R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2007-10-11 33792] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{428a1943-7835-11dc-b024-001636c813ba}] \Shell\AutoRun\command - t.com \Shell\explore\Command - t.com \Shell\open\Command - t.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70467ddd-fd8d-11dc-b1df-0019665109c6}] \Shell\AutoRun\command - F:\t.com \Shell\explore\Command - F:\t.com \Shell\open\Command - F:\t.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca7af24c-1d11-11dd-b20a-0019665109c6}] \Shell\AutoRun\command - G:\t.com \Shell\explore\Command - G:\t.com \Shell\open\Command - G:\t.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6588a72-f4f6-11dc-b1c4-00508d637b3b}] \Shell\AutoRun\command - F:\EXPLORER.EXE \Shell\explore\Command - F:\EXPLORER.EXE \Shell\open\Command - F:\EXPLORER.EXE . - - - - ORPHANS REMOVED - - - - HKCU-Run-wsctf.exe - wsctf.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.wp.pl/ uInternet Connection Wizard,ShellNext = iexplore DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} - hxxps://www.bph.pl/pi/components/SignActivX.cab FF - ProfilePath - c:\documents and settings\Toshiba\Dane aplikacji\Mozilla\Firefox\Profiles\4q3tjv5m.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.onet.pl/ FF - plugin: c:\documents and settings\Toshiba\Dane aplikacji\Mozilla\Firefox\Profiles\4q3tjv5m.default\extensions\SignPlugin@bph.pl\plugins\NPSignPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npNOL3_ns8_mozilla.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSignPlugin.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-16 13:48:04 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCECATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\(*E…‘|] "DisplayName"="??" "DeviceDesc"="??" "ProviderName"="?\11???\11\08" "MFG"="?\08???" "ReinstallString"=".10.1000.5" "DeviceInstanceIds"=multi:"c:\\display driver\\sbdrv\\smbus\\smbusati.inf\00" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(704) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-02-16 13:49:34 ComboFix-quarantined-files.txt 2009-02-16 12:49:24 Pre-Run: 35˙576˙606˙720 bajt˘w wolnych Post-Run: 35,648,999,424 bajt˘w wolnych 130 --- E O F --- 2009-02-12 19:42:12 HIJACKTHIS \ Logfile of Trend Micro HijackThis v2.0.2Scan saved at 13:57:00, on 2009-02-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Lexmark 4300 Series\lxcemon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\WINDOWS\system32\lxcecoms.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [EXPLORER.EXE] EXPLORER.EXE O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 5693 bytes
Mateusz J. komentarz 16 lutego 2009 komentarz 16 lutego 2009 Do notatnika wklej: Windows Registry Editor Version 5.00[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"EXPLORER.EXE"=- Plik ==> Zapisz jako ==> Zmień rozszerzenie na Wszystkie pliki ==> Zapisz pod nazwą FIX.REG Uruchom utworzony plik FIX.REG i potwierdź dodanie do Rejestru i zresetuj komputer. Usuń folder c:\QooBox.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.