Komputer spowolnił

sabinka2188 · 24 Październik 2008 22:06

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Opera\Opera.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM…\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM…\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM…\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe”

O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe

O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe”

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”

O4 - HKLM…\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\Wapster\AQQ\AQQ.exe

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [bitComet] “C:\Program Files\BitComet\BitComet.exe” /tray

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra ‘Tools’ menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: APSHook.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll

O20 - Winlogon Notify: OneCard - C:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

–

End of file - 8021 bytes

czy ja mam również jakieś wirusy ? jak to sprawdzić !? proszę o pomoc

Gutek · 25 Październik 2008 00:27

HJT Ok

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

Daj log z ComboFix

sabinka2188 · 28 Październik 2008 15:09

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll

C:\WINDOWS\IE4 Error Log.txt

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_VFILT

((((((((((((((((((((((((( Pliki utworzone od 2008-09-28 do 2008-10-28 )))))))))))))))))))))))))))))))

.

2008-10-24 22:37 . 2008-10-24 22:37

2008-10-24 11:26 . 2008-10-24 11:26

2008-10-24 11:26 . 2008-09-24 19:41 839,680 --a------ C:\WINDOWS\system32\lameACM.acm

2008-10-24 11:26 . 2008-09-16 01:11 683,520 --a------ C:\WINDOWS\system32\divx.dll

2008-10-24 11:26 . 2004-01-25 17:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll

2008-10-24 11:26 . 2007-09-04 17:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll

2008-10-24 11:26 . 2008-06-12 19:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll

2008-10-24 11:26 . 2007-07-10 17:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

2008-10-24 11:26 . 2008-10-03 13:30 414 --a------ C:\WINDOWS\system32\lame_acm.xml

2008-10-24 11:26 . 2008-07-30 20:09 38 --a------ C:\WINDOWS\avisplitter.ini

2008-10-22 12:51 . 2008-10-22 12:51

2008-10-22 12:51 . 2006-07-30 18:00 442,368 -ra------ C:\WINDOWS\system32\zshp1018.exe

2008-10-22 12:51 . 2006-07-30 18:00 143,360 -ra------ C:\WINDOWS\apptune1018.exe

2008-10-22 12:51 . 2006-07-30 18:00 129,092 -ra------ C:\WINDOWS\system32\hp1018.img

2008-10-22 12:51 . 2006-07-30 18:00 106,496 -ra------ C:\WINDOWS\system32\vshp1018.dll

2008-10-22 12:51 . 2006-07-30 18:00 102,400 -ra------ C:\WINDOWS\system32\zlhp1018.dll

2008-10-22 12:51 . 2006-07-30 18:00 86,016 -ra------ C:\WINDOWS\system32\ZSPOOL.DLL

2008-10-22 12:51 . 2006-07-30 18:00 28,672 -ra------ C:\WINDOWS\system32\zlm.dll

2008-10-22 12:51 . 2006-07-30 18:00 28,672 -ra------ C:\WINDOWS\system32\IMF32.DLL

2008-10-22 12:51 . 2006-07-30 18:00 24,576 -ra------ C:\WINDOWS\system32\ZTAG32.DLL

2008-10-22 12:51 . 2006-07-30 18:00 7,564 -ra------ C:\WINDOWS\system32\ZSHP1018.HLP

2008-10-17 15:51 . 2008-10-17 15:58

2008-10-17 15:51 . 2008-10-17 15:57

2008-10-17 15:51 . 2008-10-17 15:51

2008-10-17 15:45 . 2008-10-17 15:45

2008-10-17 15:45 . 2008-06-10 01:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl

2008-10-17 15:44 . 2008-10-17 15:44

2008-10-17 15:18 . 2008-10-17 15:18

2008-10-17 15:17 . 2008-10-17 15:28

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-28 15:04 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\Skype

2008-10-28 15:02 --------- d-----w C:\Program Files\neostrada tp

2008-10-28 13:06 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\skypePM

2008-10-26 14:13 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\Tlen.pl

2008-10-24 15:37 --------- d-----w C:\Program Files\Sunny Race

2008-10-24 10:26 --------- d-----w C:\Program Files\DivX

2008-10-22 11:51 --------- d-----w C:\Program Files\Hewlett-Packard

2008-10-17 14:45 --------- d-----w C:\Program Files\Java

2008-09-16 00:14 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-09-04 19:29 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-09-04 18:03 --------- d-----w C:\Documents and Settings\Tomek\Dane aplikacji\Reallusion

2008-09-04 18:02 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-09-04 18:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield

2008-03-03 12:13 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 15360]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-11-12 21760296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SynTPStart”=“C:\Program Files\Synaptics\SynTP\SynTPStart.exe” [2007-09-14 102400]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-11-11 8523776]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-11-11 81920]

“SMSERIAL”=“C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe” [2007-01-29 638976]

“QlbCtrl”=“C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2007-02-13 159744]

“CognizanceTS”=“C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll” [2003-12-22 17920]

“HP Software Update”=“c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe” [2005-02-16 49152]

“QPService”=“C:\Program Files\HP\QuickPlay\QPService.exe” [2006-07-11 102400]

“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2004-08-23 20480]

“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\GestMaj.exe” [2004-10-14 32768]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784]

“OrderReminder”=“C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe” [2006-07-30 98304]

“nwiz”=“nwiz.exe” [2007-11-11 C:\WINDOWS\system32\nwiz.exe]

“RTHDCPL”=“RTHDCPL.EXE” [2007-10-16 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“AppInit_DLLs”=APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

–a------ 2007-05-04 01:32 961024 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

–a------ 2007-06-27 19:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

–a------ 2008-04-01 10:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

–a------ 2008-03-20 11:04 2127296 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

–a------ 2007-10-18 15:27 455968 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

–a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

–a------ 2008-02-26 02:23 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-11-12 15:48 21760296 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

–a------ 2008-01-15 23:54 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

“ekrn”=2 (0x2)

“EhttpSrv”=3 (0x3)

“AVP”=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“UpdatesDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“7952:TCP”= 7952:TCP:BitComet 7952 TCP

“7952:UDP”= 7952:UDP:BitComet 7952 UDP

R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]

S2 ASBroker;Logon Session Broker;C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”

.

- - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-AQQ - C:\PROGRA~1\Wapster\AQQ\AQQ.exe

HKCU-Run-BitComet - C:\Program Files\BitComet\BitComet.exe

MSConfigStartUp-AVP - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

MSConfigStartUp-egui - C:\Program Files\ESET\ESET Smart Security\egui.exe

MSConfigStartUp-FreeCall - C:\program files\freecall.com\freecall\freecall.exe

MSConfigStartUp-adiras - adiras.exe

.

------- Skan uzupełniający -------

.

FireFox -: Profile - C:\Documents and Settings\Tomek\Dane aplikacji\Mozilla\Firefox\Profiles\d87fnwts.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/default

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-28 16:03:06

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

PROCES: C:\WINDOWS\explorer.exe

-> ?:\WINDOWS\System32\CSCDLL.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\system32\FTRTSVC.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Czas ukończenia: 2008-10-28 16:08:22 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2008-10-28 15:08:13

Przed: 4 027 604 992 bajtów wolnych

Po: 6,051,385,344 bajtów wolnych

188

huber2t · 29 Październik 2008 04:38

W logu nic nie widzę

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar całego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!