Otwieraja mi sie okna windows internet explorer

Oprogramowanie komputerowe Problemy z oprogramowaniem
#1

pomocy nie mozna w spokoju przegladac stron bo co jakis czas mi sie otwieraja nowe okienka ie7

a w internet option w privacy co przestawie wskaznik na medium high za jakis czas sprawdzam i znowu jest na najnizszym poziomie

co to moze byc

virus??

wklejam loga z hijackthis

i prosze o pomoc

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:02:53 PM, on 3/24/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ehome\ehSched.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\Java\jre6\bin\jqs.exe

c:\program files\mcafee.com\agent\mcdetect.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

c:\program files\mcafee.com\vso\mcvsshld.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\ehome\ehmsas.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

c:\program files\mcafee.com\agent\mcagent.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Nowe Gadu-Gadu\gg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Documents and Settings\googsik\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM…\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM…\Run: [soundMAX] “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray

O4 - HKLM…\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”

O4 - HKLM…\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup

O4 - HKLM…\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun

O4 - HKLM…\Run: [7c2b6d91] rundll32.exe “C:\WINDOWS\system32\jenbctpl.dll”,b

O4 - HKLM…\Run: [mcagent_exe] “C:\Program Files\McAfee.com\Agent\mcagent.exe” /runkey

O4 - HKLM…\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU…\Run: [Nowe Gadu-Gadu] “C:\Program Files\Nowe Gadu-Gadu\gg.exe”

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: $McInstBootA5E6DEAA56$.lnk = C:\WINDOWS\system32\cmd.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/share … insctl.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL nuvvfn.dll

O23 - Service: McAfee Application Installer Cleanup (0271021237927305) (0271021237927305mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\googsik\LOCALS~1\Temp\027102~1.EXE

O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

End of file - 7262 bytes

Dodane 24.03.2009 (Wt) 21:36

teraz jescze przy starcie windy pojawia mi sie blad

ze nie moze odnalezc pliku: jenbctpl.dll

co to jest i do czego sluzy

jakies pomysly

#2

Fix w hijackthis:

W celu optymalizacji możesz usunąć także wpisy:

Daj log z combofix

Zalecam korzystanie z przeglądarki internetowej innej niż internet explorer, ze względu na jej niskie bezpieczeństwo, oraz słabe lub żadne zabezpieczenia prywatności użytkownika. Wiem że jest wielu konserwatystów przyzwyczajonych do nawigacji po internet exporerze, i uważających charakterystyczne “e” w kółeczku za synonim internetu, jednak zapewniam że inne przeglądarki nie gryzą, a przy ich bliższej znajomości dochodzi się do wniosku że internet explorer to… nic godnego uwagi…

Osobiście polecam firefoxa.

PS: Pisze tego posta 2 raz bo raz mi się przez przypadek skasował, więc mam nadzieje że przez nieuwagę nie ominąłem ważnego żadnego wpisu.

#3

dobra poczyscilem wszystko co mi powiedziales pod spodem zamieszcze log z combofixa

juz mi blad niewyskakuje :slight_smile:

piekne dzieki za pomoc

ComboFix 09-03-23.01 - googsik 2009-03-24 22:33:08.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1407.745 [GMT 0:00]

Running from: c:\documents and settings\googsik\Desktop\ComboFix.exe

AV: McAfee VirusScan *On-access scanning enabled* (Updated)

FW: McAfee Personal Firewall *enabled*

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\GiiiPqss.ini

c:\windows\system32\GiiiPqss.ini2

c:\windows\Tasks\dwpxigsl.job

.

((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))

.

2009-03-24 22:28 . 2009-03-24 22:29

2009-03-24 20:58 . 2009-03-24 20:58

2009-03-24 20:46 . 2009-03-24 22:39 6,161 --a------ c:\windows\system32\Config.MPF

2009-03-24 20:44 . 2009-03-24 20:44

2009-03-24 20:42 . 2008-10-23 13:08 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys

2009-03-24 20:42 . 2009-01-16 20:04 79,304 --a------ c:\windows\system32\drivers\mfeavfk.sys

2009-03-24 20:42 . 2009-01-16 20:04 40,552 --a------ c:\windows\system32\drivers\mfesmfk.sys

2009-03-24 20:42 . 2009-01-16 20:04 35,272 --a------ c:\windows\system32\drivers\mfebopk.sys

2009-03-24 20:41 . 2009-03-24 21:16

2009-03-24 20:41 . 2009-03-24 20:42

2009-03-24 20:36 . 2009-01-16 20:03 34,216 --a------ c:\windows\system32\drivers\mferkdk.sys

2009-03-24 20:27 . 2009-03-24 21:14

2009-03-23 22:25 . 2009-03-24 21:13

2009-03-23 22:24 . 2009-03-24 21:13

2009-03-23 22:24 . 2005-10-18 11:08 349,760 --a------ c:\windows\system32\mcinsctl.dll

2009-03-23 22:24 . 2005-05-24 19:23 288,320 --a------ c:\windows\system32\mcgdmgr.dll

2009-03-23 18:25 . 2009-03-23 18:25

2009-03-23 17:55 . 2009-03-24 22:33

2009-03-23 17:40 . 2008-12-20 23:15 6,066,688 -----c— c:\windows\system32\dllcache\ieframe.dll

2009-03-23 17:40 . 2007-04-17 09:32 2,455,488 -----c— c:\windows\system32\dllcache\ieapfltr.dat

2009-03-23 17:40 . 2007-03-08 05:10 991,232 -----c— c:\windows\system32\dllcache\ieframe.dll.mui

2009-03-23 17:40 . 2008-12-20 23:15 459,264 -----c— c:\windows\system32\dllcache\msfeeds.dll

2009-03-23 17:40 . 2008-12-20 23:15 383,488 -----c— c:\windows\system32\dllcache\ieapfltr.dll

2009-03-23 17:40 . 2008-12-20 23:15 267,776 -----c— c:\windows\system32\dllcache\iertutil.dll

2009-03-23 17:40 . 2008-12-20 23:15 63,488 -----c— c:\windows\system32\dllcache\icardie.dll

2009-03-23 17:40 . 2008-12-20 23:15 52,224 -----c— c:\windows\system32\dllcache\msfeedsbs.dll

2009-03-23 17:40 . 2008-12-19 09:10 13,824 -----c— c:\windows\system32\dllcache\ieudinit.exe

2009-03-23 03:06 . 2008-06-13 11:05 272,128 --------- c:\windows\system32\drivers\bthport.sys

2009-03-23 03:06 . 2008-06-13 11:05 272,128 -----c— c:\windows\system32\dllcache\bthport.sys

2009-03-23 03:03 . 2008-08-14 10:11 2,189,184 -----c— c:\windows\system32\dllcache\ntoskrnl.exe

2009-03-23 03:03 . 2008-08-14 10:09 2,145,280 -----c— c:\windows\system32\dllcache\ntkrnlmp.exe

2009-03-23 03:03 . 2008-08-14 09:33 2,066,048 -----c— c:\windows\system32\dllcache\ntkrnlpa.exe

2009-03-23 03:03 . 2008-08-14 09:33 2,023,936 -----c— c:\windows\system32\dllcache\ntkrpamp.exe

2009-03-23 03:03 . 2008-10-24 11:21 455,296 -----c— c:\windows\system32\dllcache\mrxsmb.sys

2009-03-23 03:00 . 2009-03-23 17:41

2009-03-23 03:00 . 2006-09-06 17:43 22,752 --a------ c:\windows\system32\spupdsvc.exe

2009-03-22 14:03 . 2009-03-22 14:03

2009-03-22 14:03 . 2009-03-22 14:03

2009-03-22 13:01 . 2009-03-22 13:01

2009-03-22 10:06 . 2009-03-22 10:24

2009-03-22 10:06 . 2009-03-22 10:06

2009-03-22 08:49 . 2009-03-22 08:48 410,984 --a------ c:\windows\system32\deploytk.dll

2009-03-22 08:16 . 2009-03-22 08:16

2009-03-22 07:46 . 2009-03-23 18:59

2009-03-21 14:10 . 2009-03-21 14:10

2009-03-21 14:07 . 2009-03-21 14:07

2009-03-21 14:07 . 2003-03-19 03:14 499,712 --a------ c:\windows\system32\msvcp71.dll

2009-03-21 14:07 . 2004-01-11 22:00 348,160 --a------ c:\windows\system32\msvcr71.dll

2009-03-21 13:30 . 2008-04-14 05:39 6,144 --a------ c:\windows\system32\kbd106.dll

2009-03-21 13:30 . 2008-04-14 05:39 6,144 --a–c— c:\windows\system32\dllcache\kbd106.dll

2009-03-21 12:48 . 2009-03-21 12:52

2009-03-21 12:48 . 2009-03-21 12:48

2009-03-21 12:48 . 2009-03-21 12:49

2009-03-21 12:31 . 2009-03-21 12:31

2009-03-21 12:19 . 2009-03-21 12:19

2009-03-21 12:19 . 2009-03-22 08:48

2009-03-21 12:19 . 2009-03-22 08:48 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-03-21 12:18 . 2009-03-21 12:18

2009-03-21 11:43 . 2009-03-21 11:43

2009-03-21 11:43 . 2009-03-21 11:43

2009-03-21 11:43 . 2009-03-21 11:43

2009-03-21 11:43 . 2009-03-21 12:43

2009-03-21 11:38 . 2009-03-21 11:38

2009-03-21 11:38 . 2002-02-18 18:40 6,200 --a------ c:\windows\system32\INT13EXT.VXD

2009-03-20 19:15 . 2009-03-20 19:15

2009-03-20 19:15 . 2009-03-22 08:20

2009-03-20 19:08 . 2009-03-20 19:08

2009-03-20 19:08 . 2008-06-19 11:45 817,152 -ra------ c:\windows\system32\bootman.exe

2009-03-20 16:27 . 2009-03-20 16:27

2009-03-20 16:27 . 2009-03-22 07:46 702 --a------ c:\windows\wincmd.ini

2009-03-20 16:27 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF

2009-03-20 16:27 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF

2009-03-20 16:27 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF

2009-03-20 16:27 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF

2009-03-20 16:27 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF

2009-03-20 16:27 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF

2009-03-20 16:27 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF

2009-03-19 22:45 . 2009-03-19 22:45

2009-03-19 18:36 . 2009-03-23 18:04

2009-03-19 18:30 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe

2009-03-19 18:23 . 2009-03-23 18:26

2009-03-19 18:16 . 2009-03-19 18:16

2009-03-19 18:16 . 2001-09-11 15:20 1,285,632 --------- c:\windows\system32\SMMedia.dll

2009-03-19 18:16 . 2005-05-04 09:20 53,248 --------- c:\windows\system32\wdmioctl.dll

2009-03-19 18:16 . 2005-09-26 16:20 49,152 --a------ c:\windows\system32\DSndUp.exe

2009-03-19 18:16 . 2002-04-17 15:05 45,056 --------- c:\windows\system32\CleanUp.exe

2009-03-19 18:00 . 2009-03-19 18:01

2009-03-19 18:00 . 2005-10-10 21:49 180,224 --a------ c:\windows\system32\nvudisp.exe

2009-03-19 18:00 . 2009-03-24 22:38 39,291 --a------ c:\windows\system32\nvapps.xml

2009-03-19 18:00 . 2005-10-10 21:49 15,868 --a------ c:\windows\system32\nvdisp.nvu

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-21 11:38 --------- d–h--w c:\program files\InstallShield Installation Information

2009-03-19 17:56 --------- d-----w c:\program files\Realtek AC97

2009-03-19 17:56 --------- d-----w c:\program files\Common Files\InstallShield

2009-03-19 17:53 --------- d-----w c:\program files\NVIDIA Corporation

2009-03-19 17:51 --------- d-----w c:\documents and settings\googsik\Application Data\InstallShield

2009-03-19 17:45 --------- d-----w c:\program files\microsoft frontpage

2009-03-15 10:25 56,268 ----a-w c:\windows\system32\drivers\scdemu.sys

2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{7c5c0f58-e061-457d-9033-77307f5ed00c}]

2009-03-21 12:53 1883672 --a------ c:\program files\TorrentMan\tbTor1.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

“{7C5C0F58-E061-457D-9033-77307F5ED00C}”= “c:\program files\TorrentMan\tbTor1.dll” [2009-03-21 1883672]

[HKEY_CLASSES_ROOT\clsid{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“UserFaultCheck”=“c:\windows\system32\dumprep 0 -u” [X]

“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2005-10-10 7286784]

“SoundMAXPnP”=“c:\program files\Analog Devices\Core\smax4pnp.exe” [2005-08-11 925696]

“McRegWiz”=“c:\progra~1\McAfee.com\Agent\mcregwiz.exe” [2005-06-01 368714]

“mcagent_exe”=“c:\program files\McAfee.com\Agent\mcagent.exe” [2009-01-08 645328]

“McENUI”=“c:\progra~1\McAfee\MHN\McENUI.exe” [2009-01-09 1176808]

“nwiz”=“nwiz.exe” [2005-10-10 c:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.ffds”= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe”=

“c:\Program Files\BitLord\BitLord.exe”=

“c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe”=

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-03-24 203280]

.

Contents of the ‘Scheduled Tasks’ folder

2009-03-24 c:\windows\Tasks\McDefragTask.job

  • c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-03-24 c:\windows\Tasks\McQcTask.job

  • c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.wp.pl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}sourceid=ie7rls=com.microsoft:en-USie=utf8oe=utf8

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-24 22:39:06

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

c:\windows\ehome\ehSched.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe

c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe

c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe

c:\program files\McAfee\MPF\MpfSrv.exe

c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

c:\windows\system32\nvsvc32.exe

c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\windows\system32\oobe\msoobe.exe

.

**************************************************************************

.

Completion time: 2009-03-24 22:41:35 - machine was rebooted

ComboFix-quarantined-files.txt 2009-03-24 22:41:29

Pre-Run: 20,644,220,928 bytes free

Post-Run: 21,894,881,280 bytes free

202 — E O F — 2009-03-24 22:40:58