Komputer wiesza sie po uruchomieniu prośba o spr log


(Supersonic65) #1

Logfile of HijackThis v1.99.1

Scan saved at 10:49:04, on 2009-01-29

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\GStartUp.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

G:\JBrowser.exe

C:\WINDOWS\system32\mmc.exe

C:\WINDOWS\system32\DfrgNtfs.exe

C:\Documents and Settings\Kamil\Pulpit\stinger.exe

C:\Documents and Settings\Kamil\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: StartUp Service (GStartUp) - G DATA Software Sp. z o.o. - C:\WINDOWS\system32\GStartUp.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe


(Spandau) #2

Usuń te wpisy w HJT

Uruchom HijackThis - Do a system scan only - w oknie programu pokaże się log - zaznacz kratki przy podanych wpisach - klikasz Fix checked

Pobierz Combofix ale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.

Loga wklej na http://www.wklejto.pl lub http://www.wklej.org/ a w poście daj linka


(Supersonic65) #3

ComboFix 09-02-03.01 - Kamil 2009-02-04 11:51:53.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.3326.2747 [GMT 1:00]

Uruchomiony z: c:\documents and settings\Kamil\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\Kamil\Pulpit\CFScript.txt

AV: avast! antivirus 4.8.1296 [VPS 090203-1] *On-access scanning disabled* (Updated)

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

FILE ::

c:\windows\system32\GStartUp.exe

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\GStartUp.exe

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_GSTARTUP

-------\Service_GStartUp

((((((((((((((((((((((((( Pliki utworzone od 2009-01-04 do 2009-02-04 )))))))))))))))))))))))))))))))

.

2009-02-03 22:20 . 2009-02-03 22:20

2009-02-03 22:20 . 2009-02-03 22:20

2009-02-03 22:18 . 2009-02-03 22:20

2009-02-03 21:51 . 2009-02-03 21:51 286,720 --------- c:\windows\Setup1.exe

2009-02-03 21:51 . 2009-02-03 21:51 73,216 --a------ c:\windows\ST6UNST.EXE

2009-02-02 22:15 . 2007-11-02 11:47 83,496 -ra------ c:\windows\system32\drivers\s916bus.sys

2009-02-02 22:15 . 2007-11-02 11:47 12,200 -ra------ c:\windows\system32\drivers\s916whnt.sys

2009-02-02 22:15 . 2007-11-02 11:47 12,200 -ra------ c:\windows\system32\drivers\s916wh.sys

2009-01-29 21:54 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll

2009-01-29 21:53 . 2009-01-29 21:53

2009-01-29 21:53 . 2009-01-29 21:53

2009-01-29 21:50 . 2009-01-29 21:50

2009-01-29 21:49 . 2009-01-29 21:49

2009-01-29 21:49 . 2009-02-03 18:40

2009-01-29 10:52 . 2009-01-29 10:52

2009-01-28 16:15 . 2009-01-28 16:15

2009-01-28 13:29 . 2009-01-28 13:32

2009-01-28 13:27 . 2009-01-28 13:28

2009-01-28 13:27 . 2009-01-28 13:27 215,872 --a------ c:\windows\system32\drivers\truecrypt.sys

2009-01-28 13:19 . 2002-10-09 14:53 43,904 --a------ c:\windows\system32\drivers\AFPAnsi.sys

2009-01-28 13:19 . 2009-01-28 13:25 4 --a------ c:\windows\gstartup.dat

2009-01-27 16:52 . 2009-01-27 16:52

2009-01-27 16:52 . 2009-01-27 16:52

2009-01-27 16:52 . 2009-01-27 16:52

2009-01-27 16:52 . 2008-08-19 10:56 53,248 --a------ c:\windows\system32\CSVer.dll

2009-01-27 16:44 . 2009-02-04 11:54 16,608 --a------ c:\windows\gdrv.sys

2009-01-27 16:40 . 2009-01-27 16:40

2009-01-27 16:40 . 2008-12-23 21:58 453,152 --a------ c:\windows\system32\NVUNINST.EXE

2009-01-27 16:40 . 2008-12-26 19:20 453,152 --a------ c:\windows\system32\nvudisp.exe

2009-01-27 16:40 . 2009-02-04 11:54 211,076 --a------ c:\windows\system32\nvapps.xml

2009-01-27 16:40 . 2008-12-26 19:20 18,725 --a------ c:\windows\system32\nvdisp.nvu

2009-01-26 19:18 . 2008-04-14 00:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys

2009-01-26 18:35 . 2009-01-26 19:50 664 --a------ c:\windows\system32\d3d9caps.dat

2009-01-26 13:20 . 2009-01-26 13:20

2009-01-26 13:08 . 2009-01-26 13:08

2009-01-26 08:03 . 2009-01-26 08:05

2009-01-26 08:03 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll

2009-01-26 07:37 . 2009-01-26 07:38

2009-01-26 06:50 . 2009-02-04 11:52

2009-01-26 06:50 . 2009-01-21 00:19

2009-01-26 06:50 . 2009-01-20 23:26

2009-01-26 06:50 . 2009-01-21 00:19

2009-01-26 06:50 . 2009-01-21 00:19

2009-01-26 06:50 . 2009-01-21 00:19

2009-01-26 06:50 . 2009-01-21 00:19

2009-01-26 06:50 . 2009-01-26 06:50

2009-01-23 15:27 . 2009-01-23 15:27

2009-01-22 21:25 . 2009-01-22 21:25

2009-01-21 17:47 . 2009-01-21 17:47

2009-01-21 17:47 . 2009-01-22 22:30 69 --a------ c:\windows\NeroDigital.ini

2009-01-21 15:42 . 2008-04-14 21:51 221,184 --a------ c:\windows\system32\wmpns.dll

2009-01-21 15:40 . 2009-01-29 10:22

2009-01-21 14:35 . 2009-01-21 14:35

2009-01-21 14:24 . 2009-02-02 07:25

2009-01-21 03:04 . 2009-01-21 03:04

2009-01-21 03:00 . 2009-01-21 03:01

2009-01-21 01:12 . 2009-01-21 01:12

2009-01-21 01:11 . 2009-02-03 22:20

2009-01-21 01:02 . 2009-01-21 01:02

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-03 21:23 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-03 21:19 --------- d-----w c:\program files\Common Files\InstallShield

2009-01-26 06:51 --------- d-----w c:\program files\Unlocker

2009-01-22 22:09 --------- d-----w c:\program files\RegCleaner

2009-01-22 21:10 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\Winamp

2009-01-22 07:37 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\Skype

2009-01-21 16:57 --------- d-----w c:\program files\NAPI-PROJEKT

2009-01-21 16:55 --------- d-----w c:\program files\K-Lite Codec Pack

2009-01-20 23:47 --------- d-----w c:\program files\YouTube Downloader

2009-01-20 23:46 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\Xilisoft Corporation

2009-01-20 23:45 --------- d-----w c:\program files\Microsoft.NET

2009-01-20 23:45 --------- d-----w c:\program files\Any Video Converter

2009-01-20 23:45 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\Any Video Converter

2009-01-20 23:41 --------- d-----w c:\program files\Winamp

2009-01-20 23:41 --------- d-----w c:\program files\Java

2009-01-20 23:39 --------- d-----w c:\program files\Common Files\Nero

2009-01-20 23:39 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\Nero

2009-01-20 23:38 --------- d-----w c:\program files\Nero

2009-01-20 23:38 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Nero

2009-01-20 23:33 --------- d-----w c:\program files\SureThing CD Labeler 5

2009-01-20 23:33 --------- d-----w c:\program files\Common Files\SureThing Shared

2009-01-20 23:33 --------- d-----w c:\program files\Common Files\LightScribe

2009-01-20 23:26 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\TuneUp Software

2009-01-20 23:25 --------- d-----w c:\program files\ivo

2009-01-20 23:23 --------- d-----w c:\program files\Common Files\Adobe

2009-01-20 23:20 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\Desktopicon

2009-01-20 23:19 --------- d-----w c:\program files\SubEdit-Player

2009-01-20 23:19 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\skypePM

2009-01-20 23:18 --------- d-----w c:\program files\Skype

2009-01-20 23:18 --------- d-----w c:\program files\Real Alternative

2009-01-20 23:18 --------- d-----w c:\program files\Imagenomic

2009-01-20 23:18 --------- d-----w c:\program files\Common Files\Skype

2009-01-20 23:18 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype

2009-01-20 23:17 --------- d-----w c:\program files\mp3DirectCut

2009-01-20 23:17 --------- d-----w c:\program files\foobar2000

2009-01-20 23:16 --------- d-----w c:\program files\DAEMON Tools Lite

2009-01-20 23:13 717,296 ----a-w c:\windows\system32\drivers\sptd.sys

2009-01-20 23:13 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\DAEMON Tools

2009-01-20 23:12 --------- d-----w c:\program files\Crystal Player

2009-01-20 23:12 --------- d-----w c:\program files\CCleaner

2009-01-20 23:11 --------- d-----w c:\program files\MarBit

2009-01-20 23:11 --------- d-----w c:\documents and settings\Kamil\Dane aplikacji\BESTplayer

2009-01-20 23:10 --------- d-----w c:\program files\Common Files\Java

2009-01-20 23:04 --------- d-----w c:\program files\IVT Corporation

2009-01-20 23:02 --------- d-----w c:\program files\VGA USB Camera

2009-01-20 23:02 --------- d-----w c:\program files\directx

2009-01-20 22:29 --------- d-----w c:\program files\microsoft frontpage

2009-01-20 22:28 --------- d-----w c:\program files\Usługi online

2008-12-26 18:20 7,962,528 ----a-w c:\windows\system32\drivers\nv4_mini.sys

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]

"Gadu-Gadu"="e:\kamil\Komunikatory\Gadu-Gadu1\gg.exe" [2005-09-15 749568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-21 136600]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13729792]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk

backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

--a------ 2005-09-15 15:05 749568 e:\kamil\Komunikatory\Gadu-Gadu1\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

--a------ 2008-10-22 19:57 2363392 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

--a------ 2007-09-20 09:51 1836328 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2007-10-10 06:28 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

-ra------ 2008-05-13 11:50 16862720 c:\windows\RTHDCPL.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe"=

"%windir%\system32\sessmgr.exe"=

"c:\Program Files\Skype\Phone\Skype.exe"=

"e:\Gry\Company of Heroes\RelicCOH.exe"=

"f:\KAMIL\Bit Lord 1.1\BitLord.exe"=

"e:\KAMIL\Emul\Nowy folder (2)\emule.exe"=

"e:\KAMIL\Komunikatory\Gadu-Gadu1\gg.exe"=

"e:\Gry\WoW\World of Warcraft\Wow.exe"=

"c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"=

"d:\Steam\SteamApps\zygzak6540\counter-strike\hl.exe"=

"c:\Program Files\Microsoft Office\Office12\GROOVE.EXE"=

"c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=

"c:\Program Files\Wolfram Research\Mathematica\5.2\Mathematica.exe"=

"c:\Program Files\Wolfram Research\Mathematica\5.2\MathKernel.exe"=

"c:\Program Files\Wolfram Research\Mathematica\5.2\math.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-21 111184]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-21 20560]

R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-01-29 80392]

S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2009-02-02 83496]

S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [2009-01-21 74384]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Zawartość folderu 'Zaplanowane zadania'

2009-01-30 c:\windows\Tasks\1-Click Maintenance.job

  • c:\program files\TuneUp Utilities 2008\OneClick.exe []

.

  • USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-DriverCD - G:\Run.exe

.

------- Skan uzupełniający -------

.

IE: Eksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Eksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Kamil\Dane aplikacji\Mozilla\Firefox\Profiles\kmxkfsax.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.gazeta.pl

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-04 11:54:48

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Nero\Lib\NMIndexingService.exe

c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

.

**************************************************************************

.

Czas ukończenia: 2009-02-04 11:55:50 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-02-04 10:55:48

Przed: 2 108 817 408 bajtów wolnych

Po: 2,201,010,176 bajtów wolnych

243


(Spandau) #4

Log wygląda na czysty.

usuń ręcznie folder C: \Qoobox oraz instalkę Combofix z dysku.

Przeczyść system oraz rejestr CCleaner

Wykonaj optymalizacje Autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar Mój komputer Kaspersky Online Scanner Przeskanuj system daj raport na forum

lub Dr.WEB CureIt!


(adpawl) #5

supersonic65, zachęcam do lektury tematu Zasady wklejania logów na forum