Explorer sam się wyłącza

Oprogramowanie komputerowe Problemy z oprogramowaniem
#1

znam dobrze ten wirus, ale nie mogę sobie z nim poradzić.

Dawniej używałem do “ujażmiania” wirusa comodo leak test.

Teraz ten wirus się uodpornił i ten program nie działa.

Log combofix:

ComboFix 09-10-24.03 - kubek 2009-10-25 15:33.1.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2038.1357 [GMT 1:00]

Uruchomiony z: c:\documents and settings\kubek.KUBEKXP-PC\Pulpit\Śmieci 2.0\ComboFix.exe

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Zapora osobista *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

 * Rezydentny antywirus jest aktywny


.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\$recycle.bin\S-1-5-21-2356953869-1821084903-3622301875-1000

c:\$recycle.bin\S-1-5-21-88592010-846006287-4006485344-1000

c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Desktopicon

c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Desktopicon\eBayShortcuts.exe

c:\recycler\S-1-5-21-1547161642-920026266-1177238915-1003

c:\recycler\S-1-5-21-299502267-1425521274-1177238915-1003

c:\windows\AegisP.inf

c:\windows\system32\AutoRun.inf

c:\windows\system32\wfxhelp22.dll


.

((((((((((((((((((((((((( Pliki utworzone od 2009-09-25 do 2009-10-25 )))))))))))))))))))))))))))))))

.


2009-12-29 11:30 . 2009-12-29 11:30	--------	d-----w-	c:\program files\Winstep

2009-12-29 11:27 . 2009-10-14 08:18	--------	d-----w-	c:\program files\Microsoft Silverlight

2009-12-28 17:30 . 2009-12-28 17:44	--------	d-s---w-	c:\documents and settings\^^^Kubek^^^

2009-12-28 09:45 . 2009-12-28 09:45	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\TuneUp Software

2009-12-28 09:44 . 2009-10-15 13:33	--------	d-----w-	c:\program files\TuneUp Utilities 2009

2009-12-28 09:44 . 2009-12-28 09:44	--------	d-sh--w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\{55A29068-F2CE-456C-9148-C869879E2357}

2009-12-28 09:15 . 2009-12-28 09:15	172910	----a-w-	C:\cc_20091228_101523.reg

2009-12-25 15:37 . 2009-12-25 15:41	--------	d-----w-	C:\strony

2009-12-25 15:32 . 2009-10-14 08:18	--------	d-----w-	C:\wamp

2009-12-25 10:17 . 2009-09-24 16:55	49016	----a-w-	c:\windows\system32\GDIPFONTCACHEV1.DAT

2009-12-24 10:36 . 2009-12-24 10:36	--------	d-----w-	C:\Adobe

2009-12-22 17:07 . 2009-12-22 17:08	--------	d-----w-	C:\3a07cbfef00f8827fae4ef

2009-12-22 17:06 . 2009-12-22 17:22	--------	d-----w-	c:\windows\SxsCaPendDel

2009-12-22 07:36 . 2009-10-14 08:19	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Documents

2009-12-22 07:22 . 2009-10-14 08:20	--------	dc-h--w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\{62902F53-D725-44F9-B385-979CC0E00E8A}

2009-12-20 09:10 . 2009-12-20 09:10	--------	d-----w-	c:\program files\GIMP-2.0

2009-12-20 08:37 . 2009-12-20 08:37	--------	d-----w-	c:\program files\Unlocker

2009-12-20 07:50 . 2009-12-20 07:50	--------	d-----w-	c:\program files\My Drive Meter

2009-10-25 13:50 . 2009-09-10 13:45	7680	-c--a-w-	c:\windows\system32\dllcache\migregdb.exe

2009-10-25 13:49 . 2009-09-10 13:45	56832	-c--a-w-	c:\windows\system32\dllcache\convlog.exe

2009-10-25 13:46 . 2009-09-10 13:45	16384	-c--a-w-	c:\windows\system32\dllcache\isignup.exe

2009-10-25 13:37 . 2008-04-14 19:51	152064	----a-w-	c:\windows\system32\irftp.exe

2009-10-25 13:37 . 2008-04-14 19:51	8192	----a-w-	c:\windows\system32\wshirda.dll

2009-10-25 13:37 . 2008-04-14 19:50	28672	----a-w-	c:\windows\system32\irmon.dll

2009-10-25 13:29 . 2009-09-10 13:45	13312	-c--a-w-	c:\windows\system32\dllcache\irclass.dll

2009-10-25 13:29 . 2009-09-10 13:45	13312	----a-w-	c:\windows\system32\irclass.dll

2009-10-25 13:29 . 2009-09-10 13:45	24661	-c--a-w-	c:\windows\system32\dllcache\spxcoins.dll

2009-10-25 13:29 . 2009-09-10 13:45	24661	----a-w-	c:\windows\system32\spxcoins.dll

2009-10-23 18:15 . 2009-10-23 18:17	--------	d-----w-	c:\windows\vf_hip

2009-10-23 18:15 . 2009-10-23 18:16	--------	d-----w-	c:\program files\Hide IP Platinum

2009-10-23 17:57 . 2009-10-23 18:08	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Hide IP NG

2009-10-23 17:57 . 2009-10-23 18:08	--------	d-----w-	c:\program files\Hide IP NG

2009-10-23 15:47 . 2009-10-23 15:47	--------	d-----w-	c:\program files\Gadget Extractor

2009-10-23 15:43 . 2009-10-23 15:43	--------	d-----w-	c:\program files\Windows Sidebar

2009-10-23 15:42 . 2009-10-23 15:42	--------	d-----w-	C:\b71a55e9fb9838ee6e9ea6e75147735e

2009-10-23 15:41 . 2009-10-23 15:41	--------	d-----w-	c:\program files\Alky for Applications

2009-10-23 07:28 . 2009-10-23 07:30	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Nitro PDF

2009-10-23 07:28 . 2009-09-15 08:16	17728	----a-w-	c:\windows\system32\nitrolocalui.dll

2009-10-23 07:28 . 2009-09-15 08:15	26432	----a-w-	c:\windows\system32\nitrolocalmon.dll

2009-10-23 07:27 . 2009-10-23 07:27	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Nitro PDF

2009-10-23 07:27 . 2009-10-23 07:27	--------	d-----w-	c:\program files\Common Files\Nitro PDF

2009-10-23 07:27 . 2009-10-23 07:27	--------	d-----w-	c:\program files\Nitro PDF

2009-10-23 07:26 . 2009-10-23 07:26	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Downloaded Installations

2009-10-15 21:44 . 2009-10-15 21:44	--------	d-----w-	C:\98f502015a4805735a

2009-10-14 12:55 . 2009-10-14 12:56	--------	d-----w-	C:\v

2009-10-14 09:18 . 2009-10-14 09:23	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\AveDesk

2009-10-14 09:17 . 2009-10-14 09:20	--------	d-----w-	c:\program files\AveDesk

2009-10-13 17:25 . 2009-10-13 17:25	--------	d-----w-	c:\program files\Microsoft Device Emulator

2009-10-13 17:25 . 2009-10-13 17:25	--------	d-----w-	c:\program files\Windows Mobile 6 SDK

2009-10-12 18:55 . 2009-10-12 18:55	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Stardock

2009-10-12 18:31 . 2009-10-12 18:31	604416	----a-w-	c:\windows\system32\TUProgSt.exe

2009-10-12 18:30 . 2009-10-12 18:30	361216	----a-w-	c:\windows\system32\TuneUpDefragService.exe

2009-10-12 15:13 . 2009-10-12 15:13	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\.VirtualBox

2009-10-11 15:23 . 2009-10-11 15:23	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Ceiiular

2009-10-11 15:20 . 2009-10-11 15:20	--------	d-----w-	c:\program files\Show Desktop

2009-10-11 15:06 . 2009-10-11 15:06	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Library

2009-10-11 15:06 . 2009-10-11 15:06	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\com.adobe.ExMan

2009-10-11 14:57 . 2009-10-11 14:57	--------	d-----w-	c:\windows\system32\wbem\Repository

2009-10-11 08:01 . 2009-10-11 08:18	--------	d-----w-	C:\ts2

2009-10-09 16:43 . 2009-10-09 16:45	--------	d-----w-	C:\pen

2009-10-09 08:09 . 2009-10-09 08:09	--------	d-----w-	C:\Windows 7 (E)

2009-10-09 07:30 . 2009-10-11 08:08	--------	d-----w-	C:\windowsxp

2009-10-02 15:18 . 2009-10-02 15:18	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Opera

2009-10-02 15:18 . 2009-10-25 14:04	--------	d-----w-	c:\program files\Opera

2009-10-02 15:08 . 2009-10-02 15:08	0	----a-w-	c:\windows\nsreg.dat

2009-10-02 15:08 . 2009-10-02 15:08	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Mozilla

2009-10-01 15:49 . 2009-09-15 15:17	--------	d-----w-	C:\antysledz

2009-10-01 15:34 . 2009-10-11 15:05	--------	d-----w-	c:\program files\Adobe Media Player

2009-10-01 15:01 . 2009-10-11 15:06	--------	d-----r-	C:\MSOCache

2009-10-01 13:59 . 2009-10-01 13:59	--------	d-----w-	c:\program files\Kwyshell

2009-10-01 13:35 . 2009-09-09 18:15	115856	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys

2009-10-01 13:35 . 2009-09-09 18:15	91856	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys

2009-10-01 13:35 . 2009-09-09 18:15	41424	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys

2009-10-01 13:23 . 2009-10-01 13:23	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\ABBYY

2009-10-01 13:20 . 2009-10-01 13:20	--------	d-----w-	c:\program files\Common Files\ABBYY

2009-10-01 13:16 . 2009-10-01 13:30	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\ABBYY

2009-10-01 13:16 . 2009-10-01 13:30	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\ABBYY

2009-10-01 13:16 . 2009-10-01 13:23	--------	d-----w-	c:\program files\ABBYY FineReader 9.0

2009-10-01 13:12 . 2009-10-01 13:13	--------	d-----w-	c:\temp\FR90PE

2009-10-01 13:12 . 2009-10-01 13:12	--------	d-----w-	C:\temp

2009-10-01 12:38 . 2009-10-01 12:38	--------	d-----w-	c:\windows\tessdata

2009-10-01 12:38 . 2009-10-01 12:38	--------	d-----w-	c:\program files\Softi Software

2009-10-01 12:37 . 2009-10-01 12:37	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Softi Software


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-22 08:45 . 2009-05-14 15:20	163712	----a-w-	c:\windows\system32\drivers\vidstub.sys

2009-12-22 07:23 . 2009-03-04 18:07	--------	d-----w-	c:\program files\Common Files\Stardock

2009-10-25 14:30 . 2008-04-15 12:00	84078	----a-w-	c:\windows\system32\perfc015.dat

2009-10-25 14:30 . 2008-04-15 12:00	490866	----a-w-	c:\windows\system32\perfh015.dat

2009-10-25 13:44 . 2009-04-10 14:58	23016	----a-w-	c:\windows\system32\emptyregdb.dat

2009-10-25 13:43 . 2009-02-27 19:52	--------	d-----w-	c:\program files\Windows Media Connect 2

2009-10-24 13:02 . 2009-05-24 17:18	--------	d-----w-	c:\program files\Thoosje Vista Sidebar

2009-10-23 18:33 . 2009-04-26 08:12	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\BitTorrent

2009-10-23 17:09 . 2009-04-01 15:40	--------	d-----w-	c:\program files\ESET

2009-10-23 15:47 . 2009-04-10 15:09	49464	----a-w-	c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-10-15 21:43 . 2009-05-10 12:57	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help

2009-10-14 12:47 . 2009-04-12 14:38	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\ipla

2009-10-14 10:57 . 2009-02-27 16:39	--------	d-----w-	c:\program files\Styler

2009-10-14 10:22 . 2008-04-15 12:00	6235136	----a-w-	c:\windows\system32\logonuiX.exe

2009-10-14 08:20 . 2009-09-10 13:44	--------	d-----w-	c:\program files\Weemi

2009-10-14 08:20 . 2009-05-14 17:37	--------	d-----w-	c:\program files\ViGlance

2009-10-14 08:20 . 2009-03-31 05:46	--------	d-----w-	c:\program files\Visplore

2009-10-14 08:20 . 2009-08-31 18:23	--------	d-----w-	c:\program files\DebugMode

2009-10-14 08:19 . 2009-08-12 18:12	--------	d-----w-	c:\program files\NAPI-PROJEKT

2009-10-14 08:18 . 2009-05-14 17:35	--------	d-----w-	c:\program files\ViStart

2009-10-12 18:50 . 2009-06-26 08:10	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Electronic Arts

2009-10-01 15:33 . 2009-02-26 07:29	--------	d-----w-	c:\program files\Common Files\Adobe

2009-09-27 07:44 . 2009-08-31 21:27	664	----a-w-	c:\windows\system32\d3d9caps.dat

2009-09-23 13:53 . 2009-07-21 07:21	--------	d-----w-	c:\program files\Gem Ball Ancient Legends

2009-09-23 13:52 . 2009-03-06 08:00	--------	d-----w-	c:\program files\Stardock

2009-09-23 13:35 . 2009-06-26 08:10	--------	d-----w-	c:\program files\Electronic Arts

2009-09-23 13:32 . 2009-03-14 18:52	--------	d-----w-	c:\program files\EA GAMES

2009-09-22 15:40 . 2009-09-22 15:40	--------	d-----w-	c:\program files\4t Tray Minimizer

2009-09-15 08:17 . 2009-09-15 08:17	61760	----a-w-	c:\windows\system32\ASTSRV.EXE

2009-09-13 08:42 . 2009-09-13 08:42	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\TuneUp Software

2009-09-07 15:18 . 2009-09-07 15:18	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\GlobalSCAPE

2009-09-07 13:40 . 2009-09-07 13:17	153509	----a-w-	c:\windows\hpoins14.dat

2009-09-07 13:30 . 2009-09-07 13:30	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\HP Product Assistant

2009-09-07 13:30 . 2009-05-10 12:50	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\HP

2009-09-07 13:29 . 2009-09-07 13:29	--------	d-----w-	c:\program files\Hewlett-Packard

2009-09-07 13:18 . 2009-09-07 13:18	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Malwarebytes

2009-09-04 08:04 . 2009-09-04 08:04	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\RealHideIP

2009-09-01 07:06 . 2009-04-23 09:56	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Nowe Gadu-Gadu

2009-08-31 18:45 . 2009-07-15 11:50	--------	d-----w-	c:\program files\bobyte

2009-08-12 17:09 . 2009-08-12 17:09	226010	----a-w-	C:\cc_20090812_190919.reg

2009-08-03 11:36 . 2009-08-12 17:12	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 11:36 . 2009-08-12 17:12	19096	----a-w-	c:\windows\system32\drivers\mbam.sys

.


------- Sigcheck -------


[-] 2009-09-10 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowFX"="c:\program files\Stardock\Object Desktop\WindowFX\\wfxload.exe" [2006-08-02 820912]

"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2009-04-27 163072]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-10 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-10 155648]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-10 131072]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-06-13 16377344]

"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2009-09-10 110592]


c:\documents and settings\kubek.KUBEKXP-PC\Menu Start\Programy\Autostart\

4t Tray Minimizer.lnk - c:\program files\4t Tray Minimizer\4t-min.exe [2009-9-22 1091584]

Styler.lnk - c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe [2009-10-14 15086]

Thoosje Sidebar.lnk - c:\program files\Thoosje Vista Sidebar\Thoosje Sidebar.exe [2009-8-16 605696]


c:\documents and settings\All Users.WINDOWS\Menu Start\Programy\Autostart\

ESET Smart Security.lnk - c:\program files\ESET\ESET Smart Security\egui.exe [2009-5-14 2029640]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"EditLevel"= 0 (0x0)

"NoCommonGroups"= 0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2008-09-16 07:44	174328	----a-w-	c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wbsys.dll


[HKLM\~\startupfolder\C:^Documents and Settings^kubek.KUBEKXP-PC^Menu Start^Programy^Autostart^ViGlance OneStep.exe]

path=c:\documents and settings\kubek.KUBEKXP-PC\Menu Start\Programy\Autostart\ViGlance OneStep.exe

backup=c:\windows\pss\ViGlance OneStep.exeStartup


[HKLM\~\startupfolder\C:^Documents and Settings^Kubek2^Menu Start^Programy^Autostart^Styler.lnk]

path=c:\documents and settings\Kubek2\Menu Start\Programy\Autostart\Styler.lnk

backup=c:\windows\pss\Styler.lnkStartup


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4


R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]

R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2009-09-10 69248]

R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2009-09-10 212520]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-05-14 107256]

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-09-15 188736]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-10-12 604416]

R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [2007-03-23 30032]

S2 CoLinuxDriver;CoLinuxDriver;\??\c:\ubuntu\Portable_Ubuntu\linux.sys --> c:\ubuntu\Portable_Ubuntu\linux.sys [?]

S2 gupdate1c9ef5be5f3a182;Usługa Google Update (gupdate1c9ef5be5f3a182);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 133104]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-10-01 91856]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]

"c:\program files\Windows Sidebar\sidebar.exe" /RegServer

.

Zawartość folderu 'Zaplanowane zadania'


2009-10-25 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]


2009-10-25 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-17 14:52]


2009-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 14:57]


2009-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 14:57]


2009-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1491950412-2009852829-4049741679-1003Core.job

- c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-10 17:06]


2009-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1491950412-2009852829-4049741679-1003UA.job

- c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-10 17:06]


2009-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-1177238915-1003.job

- c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-10 17:06]


2009-10-25 c:\windows\Tasks\User_Feed_Synchronization-{F18B4246-7B93-4B2B-932B-4B1708AC5A73}.job

- c:\windows\system32\msfeedssync.exe [2009-09-10 13:45]

.

.

------- Skan uzupełniający -------

.

IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm

FF - ProfilePath - c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Mozilla\Firefox\Profiles\9snnallf.default\

FF - plugin: c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-25 15:40

Windows 5.1.2600 Dodatek Service Pack 3 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------


[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)


[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2E774316-4A34-AD93-7E3D-2FA9BB15338B}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"haoecdjcjhjcbkfj"=hex:6a,61,6a,64,6a,68,63,6b,62,6a,63,65,6b,64,62,6f,70,65,

   66,6f,00,ea

"iamemceihflomihehd"=hex:6a,61,6a,64,6a,68,63,6b,62,6a,63,65,6b,64,62,6f,70,65,

   66,6f,00,00

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'winlogon.exe'(924)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

c:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll

.

Czas ukończenia: 2009-10-25 15:43

ComboFix-quarantined-files.txt 2009-10-25 14:42


Przed: 20 276 830 208 bajtów wolnych

Po: 25 473 581 056 bajtów wolnych


WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /kernel=cxlogo.exe


- - End Of File - - 389BE2C9BC619373B82FCE927C8FFE0F

To też nie pomogło. Naprawa całego systemu też nie pomogło. Nie mam już z tym sił. Pomożcie. – Dodane 25.10.2009 (N) 16:18 – log hijack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:15:57, on 2009-10-25

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe

C:\WINDOWS\system32\ASTSRV.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe

C:\Program Files\4t Tray Minimizer\4t-min.exe

C:\Program Files\Styler\Styler.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Documents and Settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\explorer.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKCU\..\Run: [WindowFX] C:\Program Files\Stardock\Object Desktop\WindowFX\\wfxload.exe

O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2009\MemOptimizer.exe" autostart

O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files\4t Tray Minimizer\4t-min.exe

O4 - Startup: Styler.lnk = ?

O4 - Startup: Thoosje Sidebar.lnk = C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe

O4 - Global Startup: ESET Smart Security.lnk = C:\Program Files\ESET\ESET Smart Security\egui.exe

O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O20 - AppInit_DLLs: C:\WINDOWS\system32\wbsys.dll

O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe

O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Usługa Google Update (gupdate1c9ef5be5f3a182) (gupdate1c9ef5be5f3a182) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe


--

End of file - 6811 bytes