Podejrzewam wirusa, komputer bardzo wolno chodzi


(Zerka95) #1

Witam !

Moj komputer bardzo wolno chodzi, podejrzewam wirusa. Bardzo prosze o sprawdzenie logow z hijackthisa. Prosze o szybka odpowiedz.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:21:03, on 2009-03-03

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE

C:\Program Files\Mouse Driver\KMWDSrv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe

C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE

C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe

C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe

C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\Documents and Settings\Busia\Pulpit\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM..\Run: [GEST] =

O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Kontrola rodzicielska... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra 'Tools' menuitem: Kontrola rodzicielska... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe

O23 - Service: Usługa Google Update (gupdate1c9944be395417c) (gupdate1c9944be395417c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--

End of file - 9514 bytes


(jessica) #2

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked.

Nie widzę tu jakiejś konkretnej infekcji, ale ponieważ 3 spośród tych wymienionych powyżej wpisów nie powinny się pojawić w logu, to może dasz jeszcze log z ComboFix ?.?

Nowsza instrukcja obsługi ComboFixa >http://www.bleepingcomputer.com/combofix/pl/instrukcja-uzycia-combofix

jessi


(Leon$) #3

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?s ... ntry395642 ale nie włączaj.

Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

:slight_smile:


(Zerka95) #4

LOG Z COMBO

ComboFix 09-03-04.01 - Administrator 2009-03-05 14:14:20.1 - NTFSx86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.3582.3317 [GMT 1:00]

Uruchomiony z: c:\documents and settings\Busia\Pulpit\ComboFix.exe

AV: F-Secure Internet Security 2009 9.00 *On-access scanning enabled* (Updated)

FW: F-Secure Internet Security 2009 9.00 *enabled*

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\INSTALL.LOG

c:\windows\system_sv_CMD_

c:\windows\system_sv_CMD_\U.exe

.

((((((((((((((((((((((((( Pliki utworzone od 2009-02-05 do 2009-03-05 )))))))))))))))))))))))))))))))

.

2009-03-04 19:36 . 2009-02-28 17:36 854,016 --a------ C:\Christie Agata - Morderstwo w Orient Expresie.doc

2009-03-04 11:31 . 2009-03-04 11:31

2009-03-03 20:03 . 2009-03-03 20:03

2009-03-03 20:03 . 2009-03-05 13:52

2009-03-03 20:03 . 2009-03-05 14:06

2009-03-03 19:59 . 2009-03-03 19:59

2009-03-03 16:00 . 2008-04-15 13:00 51,823 --a------ c:\windows\system32_command.com

2009-03-03 15:59 . 2009-03-03 15:59

2009-03-03 15:59 . 1996-02-14 14:01 92,208 --a------ c:\windows\system\Wing.dll

2009-03-03 15:59 . 1998-09-02 12:43 81,920 --a------ c:\windows\system32\LZSCMPRS.DLL

2009-03-03 15:59 . 1998-03-26 15:25 12,800 --a------ c:\windows\system32\Wing32.dll

2009-03-03 15:59 . 2009-03-03 15:59 214 --a------ c:\windows\compedia.ini

2009-03-03 15:31 . 2009-03-03 15:31

2009-03-02 18:26 . 2009-03-02 18:27

2009-03-01 04:34 . 2009-03-01 04:34

2009-02-28 11:43 . 2009-02-28 11:59 20 --a------ c:\windows\system32\PDBootState

2009-02-28 11:37 . 2009-02-28 11:37

2009-02-28 11:37 . 2009-02-28 11:37

2009-02-28 11:36 . 2009-02-28 11:37

2009-02-28 11:34 . 2009-02-28 11:34

2009-02-25 16:07 . 2009-02-25 16:07

2009-02-25 15:59 . 2009-02-25 15:59

2009-02-25 15:59 . 2009-02-25 15:59

2009-02-24 17:58 . 2009-02-24 17:58

2009-02-23 17:19 . 2009-02-23 17:19

2009-02-23 17:18 . 2009-02-23 17:18

2009-02-23 16:25 . 2009-02-23 16:25

2009-02-22 21:06 . 2009-02-22 21:09

2009-02-21 18:42 . 2009-02-27 17:49

2009-02-21 18:42 . 2009-03-04 08:01

2009-02-20 18:54 . 2009-02-20 18:54

2009-02-20 18:51 . 2009-02-20 18:53 560 --a------ c:\documents and settings\Busia\Dane aplikacji\ViewerApp.dat

2009-02-20 18:22 . 2009-02-20 18:22

2009-02-20 18:10 . 2006-08-01 08:02 49,152 -r------- c:\windows\system32\ChCfg.exe

2009-02-20 18:09 . 2007-09-19 11:14 16,844,800 -r------- c:\windows\RTHDCPL.exe

2009-02-20 18:09 . 2007-03-23 12:19 9,715,200 -r------- c:\windows\RTLCPL.exe

2009-02-20 18:09 . 2007-09-19 10:16 4,617,728 -r------- c:\windows\system32\drivers\RtkHDAud.sys

2009-02-20 18:09 . 2006-05-04 09:26 2,808,832 -r------- c:\windows\alcwzrd.exe

2009-02-20 18:09 . 2007-06-28 09:44 2,165,760 -r------- c:\windows\MicCal.exe

2009-02-20 18:09 . 2007-08-03 06:22 1,826,816 -r------- c:\windows\SkyTel.exe

2009-02-20 18:09 . 2007-07-26 11:06 1,191,936 -r------- c:\windows\RtlUpd.exe

2009-02-20 18:09 . 2007-07-26 10:09 520,192 -r------- c:\windows\RtlExUpd.dll

2009-02-20 18:09 . 2005-09-21 03:25 299,008 -r------- c:\windows\system32\ALSndMgr.cpl

2009-02-20 18:09 . 2006-08-17 23:58 282,624 -r------- c:\windows\system32\RTSndMgr.cpl

2009-02-20 18:09 . 2006-07-21 09:14 86,016 -r------- c:\windows\SoundMan.exe

2009-02-20 18:09 . 2005-05-03 11:43 69,632 -r------- c:\windows\Alcmtr.exe

2009-02-17 19:02 . 2009-02-17 19:02

2009-02-17 19:02 . 2009-02-17 19:02

2009-02-16 20:32 . 2009-02-16 20:32

2009-02-11 09:02 . 2008-04-15 13:00 221,184 --a------ c:\windows\system32\wmpns.dll

2009-02-10 14:51 . 2009-03-05 14:15

2009-02-10 14:51 . 2009-03-02 13:59

2009-02-10 14:51 . 2009-01-07 23:34

2009-02-10 14:51 . 2009-03-04 12:31

2009-02-10 14:51 . 2008-08-29 21:29

2009-02-10 14:51 . 2008-08-29 21:29

2009-02-10 14:51 . 2008-08-29 21:29

2009-02-10 14:51 . 2009-02-10 14:51

2009-02-05 18:27 . 2009-02-05 18:27

2009-02-05 18:27 . 2009-02-05 18:28

2009-02-05 15:17 . 2009-02-05 15:17

2009-02-05 14:06 . 2009-02-05 14:06

2009-02-05 14:05 . 2009-02-05 14:06

2009-02-05 14:05 . 2009-02-05 14:05

2009-02-05 14:05 . 2004-03-08 12:55 13,567 --------- c:\windows\system32\drivers\CDRBSDRV.SYS

2009-02-05 13:36 . 2009-02-05 13:36

2009-02-05 12:35 . 2008-04-14 22:50 54,784 --a------ c:\windows\system32\vfwwdm32.dll

2009-02-05 12:35 . 2008-04-14 22:50 54,784 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll

2009-02-05 12:35 . 2008-04-14 00:16 48,128 --a------ c:\windows\system32\drivers\61883.sys

2009-02-05 12:35 . 2008-04-14 00:16 48,128 --a--c--- c:\windows\system32\dllcache\61883.sys

2009-02-05 12:35 . 2008-04-14 00:16 38,912 --a------ c:\windows\system32\drivers\avc.sys

2009-02-05 12:35 . 2008-04-14 00:16 38,912 --a--c--- c:\windows\system32\dllcache\avc.sys

2009-02-05 12:13 . 2009-02-05 12:13

2009-02-05 12:13 . 2009-02-09 17:20

2009-02-05 12:11 . 2009-02-05 18:27

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-05 12:53 --------- d-----w c:\program files\F-Secure Internet Security

2009-03-04 11:28 --------- d-----w c:\program files\Valve

2009-03-03 16:14 138,184 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-03-03 16:13 183,112 ----a-w c:\windows\system32\PnkBstrB.exe

2009-03-03 15:00 50,620 ----a-w c:\windows\system32\command.com

2009-03-03 14:59 --------- d--h--w c:\program files\InstallShield Installation Information

2009-02-28 12:38 --------- d-----w c:\program files\DNA

2009-02-27 21:35 --------- d-----w c:\program files\Online TV Player 4

2009-02-27 18:39 --------- d-----w c:\program files\SpeedFan

2009-02-27 16:49 --------- d-----w c:\program files\Winamp

2009-02-25 20:42 --------- d-----w c:\program files\NiemPol

2009-02-25 20:42 --------- d-----w c:\program files\Need for Speed Carbon

2009-02-25 20:42 --------- d-----w c:\program files\Kennys Adventure

2009-02-25 20:42 --------- d-----w c:\program files\GameHouse

2009-02-25 20:42 --------- d-----w c:\program files\ABCLiterki

2009-02-25 20:42 --------- d-----w c:\program files\123Cyferki

2009-02-20 18:03 --------- d-----w c:\program files\Real Alternative

2009-02-20 18:02 --------- d-----w c:\program files\SubEdit-Player

2009-02-20 17:12 16,608 -c--a-w c:\windows\gdrv.sys

2009-02-20 17:09 --------- d-----w c:\program files\Realtek

2009-02-17 20:11 --------- d-----w c:\program files\Treasure Frogman

2009-02-05 17:28 --------- d-----w c:\program files\QuickTime

2009-02-01 14:20 --------- d-----w c:\program files\BattlePackmanDemo

2009-02-01 14:19 --------- d-----w c:\program files\Pinokio Demo

2009-02-01 14:14 --------- d-----w c:\program files\Bud Redhead

2009-02-01 14:11 --------- d-----w c:\program files\The Learning Company

2009-02-01 14:03 --------- d-----w c:\program files\Snowy Lunch Rush

2009-02-01 14:03 --------- d-----w c:\program files\Play

2009-02-01 14:01 --------- d-----w c:\program files\Ascaron Entertainment

2009-02-01 13:46 --------- d-----w c:\documents and settings\MooN\Dane aplikacji\Gadu-Gadu

2009-01-30 17:29 --------- d-----w c:\program files\Snowy Poszukiwacz Skarbów 2

2009-01-30 17:06 --------- d-----w c:\program files\directx

2009-01-30 14:32 --------- d-----w c:\program files\PizzaCommander

2009-01-30 14:30 --------- d-----w c:\program files\Hyperspace Invader

2009-01-30 14:26 --------- d-----w c:\program files\BitComet

2009-01-30 09:39 66,872 ----a-w c:\windows\system32\PnkBstrA.exe

2009-01-27 17:30 --------- d-----w c:\program files\Black Sheep Studio

2009-01-26 14:56 5,386 ----a-w c:\windows\system32\ealregsnapshot1.reg

2009-01-26 14:56 --------- d-----w c:\program files\Common Files\InstallShield

2009-01-26 14:28 --------- d-----w c:\program files\EA GAMES

2009-01-23 22:34 --------- d-----w c:\documents and settings\Busia\Dane aplikacji\BitTorrent

2009-01-23 18:17 --------- d-----w c:\program files\Soulseek

2009-01-23 17:50 --------- d-----w c:\documents and settings\Busia\Dane aplikacji\F-Secure

2009-01-23 17:46 --------- d-----w c:\documents and settings\Zbynio\Dane aplikacji\F-Secure

2009-01-23 17:40 33,408 ----a-w c:\windows\system32\drivers\fsbts.sys

2009-01-23 17:30 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\f-secure

2009-01-23 17:29 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\fssg

2009-01-23 17:25 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Norton

2009-01-23 17:21 --------- d-----w c:\program files\Free MP3 WMA WAV Converter

2009-01-23 12:30 164,992 ----a-w c:\windows\system32\drivers\athsgt.sys

2009-01-23 12:30 12,544 ----a-w c:\windows\system32\drivers\limsgt.sys

2009-01-21 17:07 --------- d-----w c:\program files\Games

2009-01-07 22:26 --------- d-----w c:\documents and settings\Zbynio\Dane aplikacji\BitTorrent

2009-01-07 22:26 --------- d-----w c:\documents and settings\Busia\Dane aplikacji\Desktop Sidebar

2009-01-07 15:37 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\AquaFish 2

2009-01-07 15:03 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Symantec

2009-01-06 14:25 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\NortonInstaller

2009-01-06 14:02 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\nView_Profiles

2008-12-06 16:07 5,607 ----a-w c:\windows\~GLH0003.TMP

2008-12-06 16:07 155,136 ----a-w c:\windows\~GLC0003.TMP

2008-12-06 16:06 5,607 ----a-w c:\windows\~GLH0005.TMP

2008-12-06 16:06 5,607 ----a-w c:\windows\~GLH0001.TMP

2008-12-06 16:06 5,607 ----a-w c:\windows\~GLH0000.TMP

2008-12-06 16:06 155,136 ----a-w c:\windows\~GLC0005.TMP

2008-12-06 16:06 155,136 ----a-w c:\windows\~GLC0001.TMP

2008-12-06 16:06 155,136 ----a-w c:\windows\~GLC0000.TMP

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"F-Secure Manager"="c:\program files\F-Secure Internet Security\Common\FSM32.EXE" [2008-06-25 182936]

"F-Secure TNB"="c:\program files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2008-06-25 957024]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]

"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2009-03-01 3960552]

"RTHDCPL"="RTHDCPL.EXE" [2007-09-19 c:\windows\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.X264"= x264vfw.dll

"VIDC.3iv2"= 3ivxVfWCodec.dll

"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2008-08-04 00:02 36352 c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"c:\WINDOWS\system32\usmt\migwiz.exe"=

"c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=

"c:\Program Files\Microsoft Office\Office12\GROOVE.EXE"=

"c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=

"c:\Program Files\Empire Interactive\FlatOut2\FlatOut2.exe"=

"c:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\Polish\setup.exe"=

"c:\Program Files\DNA\btdna.exe"=

"c:\Program Files\Valve\hl.exe"=

"c:\Program Files\Gadu-Gadu\gg.exe"=

"c:\Documents and Settings\Busia\Pulpit\slskPLbyFoxconn.exe"=

"c:\Documents and Settings\Zbynio\Pulpit\slskPLbyFoxconn.exe"=

"c:\Program Files\Valve\hlds.exe"=

"c:\Program Files\EA GAMES\Battlefield 2\BF2.exe"=

"c:\WINDOWS\Network Diagnostic\xpnetdiag.exe"=

"c:\Program Files\uTorrent\uTorrent.exe"=

"c:\Program Files\Online TV Player 4\TVPlayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8461:TCP"= 8461:TCP:GoD High Port

"8462:TCP"= 8462:TCP:GoD Low Port

"23762:TCP"= 23762:TCP:BitComet 23762 TCP

"23762:UDP"= 23762:UDP:BitComet 23762 UDP

"15556:TCP"= 15556:TCP:BitComet 15556 TCP

"15556:UDP"= 15556:UDP:BitComet 15556 UDP

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-01-23 79904]

S0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2009-01-23 33408]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure Internet Security\HIPS\drivers\fshs.sys [2009-01-23 66720]

S2 athsgt;athsgt;c:\windows\system32\drivers\athsgt.sys [2009-01-23 164992]

S2 gupdate1c9944be395417c;Usługa Google Update (gupdate1c9944be395417c);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-21 133104]

S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2007-04-05 208896]

S2 limsgt;limsgt;c:\windows\system32\drivers\limsgt.sys [2009-01-23 12544]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2009-01-23 84616]

S3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure Internet Security\ORSP Client\fsorsp.exe [2009-01-23 55904]

S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys [2009-01-23 39776]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys [2009-01-23 25184]

.

Zawartość folderu 'Zaplanowane zadania'

2009-03-05 c:\windows\Tasks\Google Software Updater.job

  • c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-21 18:42]

2009-03-05 c:\windows\Tasks\Scheduled scanning task.job

  • c:\progra~1\F-SECU~1\ANTI-V~1\fsav.exe [2008-06-25 14:41]

.

  • USUNIĘTO PUSTE WPISY - - - -

MSConfigStartUp-mspwr - c:\windows\system32\PuXpMan2.exe

MSConfigStartUp-myplaycity_WhenUSave_Installer - c:\program files\myplaycity_WhenUSave_Installer\myplaycity_WhenUSave_Installer.exe

.

------- Skan uzupełniający -------

.

IE: Eksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL

FF - ProfilePath -

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-05 14:15:55

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

Czas ukończenia: 2009-03-05 14:16:28

ComboFix-quarantined-files.txt 2009-03-05 13:16:27

Przed: 77 365 682 176 bajtów wolnych

Po: 78,700,343,296 bajtów wolnych

261 --- E O F --- 2008-12-09 21:18:19


(Leon$) #5

Log wygląda na czysty

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i ... 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html gdy będą wirusy pokaż raport

:slight_smile: