norekpll utworzono 26 lutego 2009 utworzono 26 lutego 2009 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:11:12, on 2009-02-25Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Unable to get Internet Explorer version!Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\PnkBstrA.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadu-Gadu\gg.exeC:\Program Files\Brother\Brmfcmon\BrMfcWnd.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\Brother\Brmfcmon\BrMfcmon.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\system32\mspaint.exeC:\Documents and Settings\Norbert\Pulpit\GoMan.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dllO3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft\PaperPort\11\Config\Ereg\Ereg.iniO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exeO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{9456726F-C1AC-413F-8318-206619610B75}: NameServer = 194.204.159.1 217.98.63.164O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe--End of file - 6764 byt Przy okazji zajrzyjcie a mój drugi temat bo mam problem http://www.forumpc.pl/index.php?showtopic=...mp;#entry665174 Proszę o szybkie sprawdzenie logów .
Mateusz J. komentarz 27 lutego 2009 komentarz 27 lutego 2009 R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) Fix, ogólnie ok. Pokaż log z ComboFix.
norekpll komentarz 27 lutego 2009 Autor komentarz 27 lutego 2009 ComboFix 09-02-26.02 - Norbert 2009-02-27 18:00:39.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1023.579 [GMT 1:00]Uruchomiony z: c:\documents and settings\Norbert\Pulpit\ComboFix.exeAV: avast! antivirus 4.8.1296 [VPS 090226-0] *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracania.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\IE4 Error Log.txtc:\windows\system32\lsprst7.dllc:\windows\system32\nsprs.dllc:\windows\system32\serauth1.dllc:\windows\system32\serauth2.dllc:\windows\system32\ssprs.dll.((((((((((((((((((((((((( Pliki utworzone od 2009-01-27 do 2009-02-27 ))))))))))))))))))))))))))))))).2009-02-25 10:22 . 2009-02-25 10:22 636 --a------ c:\windows\.reg2009-02-24 10:08 . 2009-02-24 10:12 <DIR> d-------- c:\documents and settings\Agnieszka\Dane aplikacji\Samsung2009-02-24 10:07 . 2009-02-24 10:07 <DIR> d-------- c:\windows\system32\CatRoot_bak2009-02-24 10:07 . 2009-02-24 10:07 <DIR> d-------- c:\program files\MSXML 4.02009-02-22 14:39 . 2009-02-24 09:45 <DIR> d-------- c:\documents and settings\Agnieszka\Dane aplikacji\Winamp2009-02-22 09:40 . 2009-02-24 09:59 <DIR> d-------- c:\program files\ivo2009-02-22 09:40 . 2009-02-24 10:07 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\OrbNetworks2009-02-12 11:49 . 2009-02-12 11:49 <DIR> d-------- c:\documents and settings\Norbert\.gstreamer-0.102009-02-12 11:40 . 2009-02-12 14:45 <DIR> d-------- c:\documents and settings\Norbert\Dane aplikacji\Nowe Gadu-Gadu2009-02-12 11:39 . 2009-02-24 10:04 <DIR> d-------- c:\program files\Nowe Gadu-Gadu2009-02-12 10:11 . 2009-02-24 10:12 <DIR> d-------- c:\program files\Team17(2)2009-02-10 10:34 . 2009-02-10 10:34 <DIR> d-------- c:\program files\TryMedia2009-02-05 20:42 . 2009-02-05 20:42 <DIR> d-------- c:\windows\Logs2009-02-05 15:16 . 2009-02-24 09:46 <DIR> d-------- c:\program files\GoMan.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-02-24 09:12 --------- d--h--w c:\program files\InstallShield Installation Information2009-02-24 09:12 --------- d-----w c:\program files\Samsung2009-02-24 09:11 --------- d-----w c:\program files\DreamCatcher2009-02-24 09:10 --------- d-----w c:\program files\Gothic PL2009-02-24 09:08 --------- d-----w c:\program files\VDFS MiniLib 1.02009-02-24 09:08 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ipla2009-02-24 09:07 --------- d-----w c:\program files\Winamp2009-02-24 09:07 --------- d-----w c:\program files\Google2009-02-24 09:07 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Wru2009-02-24 09:07 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy2009-02-24 09:05 --------- d-----w c:\program files\Spybot - Search & Destroy2009-02-22 08:38 --------- d-----w c:\program files\ipla2009-02-22 08:38 --------- d-----w c:\documents and settings\Norbert\Dane aplikacji\ipla2009-02-06 10:19 --------- d-----w c:\program files\JoWooD2009-01-23 15:22 --------- d-----w c:\program files\Counter-Strike Source2009-01-07 18:47 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP2009-01-07 18:10 --------- d-----w c:\program files\Max Soft2008-12-29 21:28 --------- d-----w c:\documents and settings\Norbert\Dane aplikacji\zweitgeist2008-12-28 19:27 --------- d-----w c:\program files\Trend Micro2008-12-28 18:21 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\NortonInstaller2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet(3)(2).dll2008-12-20 23:03 267,776 ----a-w c:\windows\system32\iertutil(2)(2)(2).dll2008-12-20 23:03 105,984 ----a-w c:\windows\system32\url(3)(2).dll2008-12-20 23:03 1,160,192 ----a-w c:\windows\system32\urlmon(3)(2).dll2008-01-10 21:11 779 ----a-w c:\program files\Uruchom przeglądarkę Internet Explorer.lnk.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-07-09 2119104][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]c:\documents and settings\All Users\Menu Start\Programy\Autostart\Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2008-01-18 663552][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.VP31"= vp31vfw.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2aaxx.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati3vnxx.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati5xixx.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6sdxx.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6vtxx.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7btxx.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati7ojxx.sys]@="Driver"[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\Program Files\\Counter-Strike Source\\hl2.exe"="c:\\Program Files\\Counter-Strike Source\\srcds.exe"="c:\\Metin2_PL\\metin2.bin"="d:\\g3\\Diablo II\\Diablo II.exe"="c:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"8461:TCP"= 8461:TCP:GoD High Port"8462:TCP"= 8462:TCP:GoD Low PortR0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-20 111184]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-20 20560]S0 ati2aaxx;ati2aaxx;c:\windows\system32\Drivers\ati2aaxx.sys --> c:\windows\system32\Drivers\ati2aaxx.sys [?]S0 ati3vnxx;ati3vnxx;c:\windows\system32\Drivers\ati3vnxx.sys --> c:\windows\system32\Drivers\ati3vnxx.sys [?]S0 ati5xixx;ati5xixx;c:\windows\system32\Drivers\ati5xixx.sys --> c:\windows\system32\Drivers\ati5xixx.sys [?]S0 ati6sdxx;ati6sdxx;c:\windows\system32\Drivers\ati6sdxx.sys --> c:\windows\system32\Drivers\ati6sdxx.sys [?]S0 ati6vtxx;ati6vtxx;c:\windows\system32\Drivers\ati6vtxx.sys --> c:\windows\system32\Drivers\ati6vtxx.sys [?]S0 ati7btxx;ati7btxx;c:\windows\system32\Drivers\ati7btxx.sys --> c:\windows\system32\Drivers\ati7btxx.sys [?]S0 ati7ojxx;ati7ojxx;c:\windows\system32\Drivers\ati7ojxx.sys --> c:\windows\system32\Drivers\ati7ojxx.sys [?]S3 {BADA9AEF-34DE-4790-83F5-2CFAC8FADB9C};{BADA9AEF-34DE-4790-83F5-2CFAC8FADB9C};\??\c:\windows\system32\{BADA9AEF-34DE-4790-83F5-2CFAC8FADB9C} --> c:\windows\system32\{BADA9AEF-34DE-4790-83F5-2CFAC8FADB9C} [?]S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2008-12-14 61504]S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;c:\windows\system32\drivers\w200mdfl.sys [2008-12-15 9328]S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;c:\windows\system32\drivers\w200mdm.sys [2008-12-15 97056]S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w200mgmt.sys [2008-12-15 88560]S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2008-12-15 86368][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{172c3d28-ea01-11dd-bdf4-000e50db3555}]\Shell\AutoRun\command - E:\t1ypkh.exe\Shell\explore\Command - E:\t1ypkh.exe\Shell\open\Command - E:\t1ypkh.exe.Zawartość folderu 'Zaplanowane zadania'2008-01-12 c:\windows\Tasks\Norton Security Scan.job- c:\program files\Norton Security Scan\Nss.exe [].- - - - USUNIĘTO PUSTE WPISY - - - -URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)ShellIconOverlayIdentifiers-{B9CE503D-03F8-4161-A8A6-C912ADFCF2D4} - (no file).------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uInternet Connection Wizard,ShellNext = iexploreuInternet Settings,ProxyServer = socks=uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,uSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000TCP: {9456726F-C1AC-413F-8318-206619610B75} = 194.204.159.1 217.98.63.164DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cabFF - ProfilePath - c:\documents and settings\Norbert\Dane aplikacji\Mozilla\Firefox\Profiles\kabzn5ga.default\FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divxd&p=FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-divxd&p=FF - component: c:\documents and settings\Norbert\Dane aplikacji\Mozilla\Firefox\Profiles\kabzn5ga.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dllFF - component: c:\documents and settings\Norbert\Dane aplikacji\Mozilla\Firefox\Profiles\kabzn5ga.default\extensions\{208722fa-38e0-4142-83e5-a341b43a35dd}\components\FFAlert.dllFF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dllFF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dllFF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dllFF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dllFF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dllFF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dllFF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-02-27 18:01:57Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{BADA9AEF-34DE-4790-83F5-2CFAC8FADB9C}]"ImagePath"="\??\c:\windows\system32\{BADA9AEF-34DE-4790-83F5-2CFAC8FADB9C}".Czas ukończenia: 2009-02-27 18:03:38ComboFix-quarantined-files.txt 2009-02-27 17:03:29Przed: 23 873 712 128 bajtów wolnychPo: 24,099,459,072 bajtów wolnychWindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect185 --- E O F --- 2009-02-24 08:13:5
Mateusz J. komentarz 28 lutego 2009 komentarz 28 lutego 2009 Usuń folder c:\QooBox. Do notatnika wklej: Windows Registry Editor Version 5.00[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] Plik ==> Zapisz jako ==> Zmień rozszerzenie na Wszystkie pliki ==> Zapisz pod nazwą FIX.REG Uruchom utworzony plik FIX.REG i potwierdź dodanie do Rejestru i zresetuj komputer.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.