Pojawia się dziwny komunikat


(Kubametryka4444) #1

Taki komunikat pojawia się zawsze jak np. przeglądam foldery lub szukam czegoś w komputerze.I zawsze jak cofam.I skąd zna moje imię?

Attention, Kuba!

Some dangrous viruses detected in your system.Microsoft XP files corrupted.

Your personal data at the reach of anyone's hand.Internet history records and other personal information(passwords, chat sessions logs, adult

materials) easly reachable. Download protection software now!

Click OK to enable anti spyware software. (Recommended)

P.S. mam oprogramowanie antyspyware(a-squared Anti malware) oraz antywirus(f-secure anti-virus 2009) i nic nie wykrywają.Proszę o pomoc.Bardzo to przeszkadza i nie można wejść do niektórych folderów.


(Michaelp128) #2

Podaj log z HijackThis. Instrukcja :arrow: viewtopic.php?f=16&t=36654

Podaj log z Combofix. Instrukcja :arrow: viewtopic.php?f=16&t=36654

EDIT:

@ Porchekarera

Przecież nie napisałem, żeby zmienił antywirusa, tylko żeby podał logi.


(Kubametryka4444) #3

Włączyłem go gdy pojawił się komunikat.Może ma to znaczenia, bo to gdzieś pisze(nie znam się), ale zmieniłem nazwę Start na inną.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:03:18, on 2008-12-28

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\KUBUSIEK.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CacheBoost\cbsrv.exe

D:\diskmagik\DiskMgkS.exe

E:\f-secure\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

E:\f-secure\F-Secure Internet Security\Common\FSMA32.EXE

E:\f-secure\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

E:\f-secure\F-Secure Internet Security\Common\FSMB32.EXE

E:\f-secure\F-Secure Internet Security\Common\FCH32.EXE

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\Mouse Driver\KMWDSrv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\LClock\LClock.exe

C:\Program Files\CacheBoost\trayicon.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\DAEMON Tools 4.03HE\daemon.exe

C:\WINDOWS\System32\UAService7.exe

E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

E:\f-secure\F-Secure Internet Security\Common\FAMEH32.EXE

E:\f-secure\F-Secure Internet Security\Anti-Virus\fsqh.exe

C:\Program Files\CardDetector\ICON225\CardDetector.exe

C:\Program Files\Mouse Driver\StartAutorun.exe

F:\BF\Launcher\Launcher.exe

E:\f-secure\F-Secure Internet Security\Common\FSM32.EXE

C:\Program Files\Mouse Driver\KMConfig.exe

C:\Program Files\DNA\btdna.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Mouse Driver\KMProcess.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

E:\f-secure\F-Secure Internet Security\FSGUI\fsguidll.exe

E:\f-secure\F-Secure Internet Security\FSAUA\program\fsaua.exe

E:\f-secure\F-Secure Internet Security\Anti-Virus\fssm32.exe

E:\f-secure\F-Secure Internet Security\FSAUA\program\fsus.exe

F:\BF\systray\systrayapp.exe

F:\BF\PhoneTools\TextMessaging.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

E:\f-secure\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\WINDOWS\System32\wuauclt.exe

F:\BF\connectivity\connectivitymanager.exe

F:\BF\Deskboard\deskboard.exe

F:\BF\connectivity\CoreCom\CoreCom.exe

F:\BF\connectivity\CoreCom\OraConfigRecover.exe

E:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe

C:\WINDOWS\System32\svchost.exe

E:\firefox3.0.4\firefox.exe

F:\foobar2000\foobar2000.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F2 - REG:system.ini: Shell=KUBUSIEK.exe

O2 - BHO: LamasBar.Ie - {46CFEC0B-CA28-4C82-BD91-EF9C6AE197B5} - C:\WINDOWS\System32\knzg.dll

O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O4 - HKLM..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [LClock] C:\Program Files\LClock\LClock.exe

O4 - HKLM..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe

O4 - HKLM..\Run: [CacheBoost] C:\Program Files\CacheBoost\trayicon.exe

O4 - HKLM..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools 4.03HE\daemon.exe" -lang 1033

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe

O4 - HKLM..\Run: [bEWINTERNET-PLSessionManager] F:\BF\SessionManager\SessionManager.exe

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe

O4 - HKLM..\Run: [F-Secure Manager] "E:\f-secure\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM..\Run: [F-Secure TNB] "E:\f-secure\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Add to AMV Converter... - D:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O23 - Service: CacheBoost Performance Optimizer and Tuner Service (CacheBoost Service) - Systweak India - C:\Program Files\CacheBoost\cbsrv.exe

O23 - Service: DiskMagik Service (DiskMgkS) - RoseCity Software - D:\diskmagik\DiskMgkS.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - E:\f-secure\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - E:\f-secure\F-Secure Internet Security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\f-secure\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\f-secure\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - E:\f-secure\F-Secure Internet Security\ORSP Client\fsorsp.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

--

End of file - 9462 bytes


(huber2t) #4

Infekcja

Podaj log z Combofix

Logi dajesz na http://wklej.eu lub na http://wklej.org a w poście dajesz tylko link


(Kubametryka4444) #5

Ale dawno temu.


(Kubametryka4444) #6

http://wklej.eu/index.php?id=de88a28ecb log z combofix

przywrócił mi stary dobry Start :smiley:


(Leon$) #7

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri ... iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

potem nowy log HijackThis

:slight_smile:


(Kubametryka4444) #8

ComboFix 08-12-26.03 - Jakub 2008-12-28 14:57:34.2 - FAT32 x86

Microsoft Windows XP Professional 5.1.2600.0.1250.48.1045.18.1023.630 [GMT 1:00]

Uruchomiony z: c:\documents and settings\Jakub\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\Jakub\Pulpit\CFScript.txt

* Utworzono nowy punkt przywracania

* Resident AV is active

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA!!

FILE ::

c:\windows\ios.dat

c:\windows\system32\knzg.dll

c:\windows\system32\m3.ico

c:\windows\system32\sf.ico

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Dane aplikacji\1132B

c:\documents and settings\All Users\Dane aplikacji\1132B{8F1FCFF4-74C4-4479-915A-F7BA0874BA6B}.swf

c:\documents and settings\All Users\Dane aplikacji\1135A

c:\documents and settings\All Users\Dane aplikacji\1135A{59E07698-72A4-4570-9590-4E92E71AB1C9}.swf

c:\documents and settings\All Users\Dane aplikacji\17250

c:\documents and settings\All Users\Dane aplikacji\17250{8989575B-782B-4C56-83FC-D020E3662885}.swf

c:\documents and settings\All Users\Dane aplikacji\1728E

c:\documents and settings\All Users\Dane aplikacji\1728E{9E6B0204-AF79-42E4-96F8-B78F410C4EA0}.swf

c:\documents and settings\All Users\Dane aplikacji\18398

c:\documents and settings\All Users\Dane aplikacji\18398{27094B86-7E5B-47B2-B25A-A38D6E01620C}.swf

c:\documents and settings\All Users\Dane aplikacji\1C2CC

c:\documents and settings\All Users\Dane aplikacji\1C2CC{482AB8FE-87C5-4A84-8222-D60B285BF802}.swf

c:\documents and settings\All Users\Dane aplikacji\23A8

c:\documents and settings\All Users\Dane aplikacji\23A8{C3DE31EE-D840-415B-982C-BF3200F48CC5}.swf

c:\documents and settings\All Users\Dane aplikacji\242FC

c:\documents and settings\All Users\Dane aplikacji\242FC{B7BA1E33-4DF0-48AC-BD23-8BFC6B0B9067}.swf

c:\documents and settings\All Users\Dane aplikacji\24349

c:\documents and settings\All Users\Dane aplikacji\24349{8FFF959F-F87E-45D0-ABD1-DB9478D42A11}.swf

c:\documents and settings\All Users\Dane aplikacji\26165

c:\documents and settings\All Users\Dane aplikacji\26165{E062247E-C920-46AC-A5E1-37FD3BE0D2D2}.swf

c:\documents and settings\All Users\Dane aplikacji\28241

c:\documents and settings\All Users\Dane aplikacji\28241{D96C3441-A0D4-4832-BFC0-831DB64716D5}.swf

c:\documents and settings\All Users\Dane aplikacji\2F29E

c:\documents and settings\All Users\Dane aplikacji\2F29E{67669935-CCFC-4585-9CE8-4322938B08CF}.swf

c:\documents and settings\All Users\Dane aplikacji\307C

c:\documents and settings\All Users\Dane aplikacji\307C{FB81F623-82E0-40D0-A405-0AA0F8597398}.swf

c:\documents and settings\All Users\Dane aplikacji\3146

c:\documents and settings\All Users\Dane aplikacji\3146{59283CDD-92BD-4415-93DF-8F153DDD60F8}.swf

c:\documents and settings\All Users\Dane aplikacji\3211

c:\documents and settings\All Users\Dane aplikacji\3211{2C53E5B0-EF78-4999-B223-ECD7D9253D47}.swf

c:\documents and settings\All Users\Dane aplikacji\32D

c:\documents and settings\All Users\Dane aplikacji\32D{47CF115A-EEDC-4D93-9ED1-C2B24C1D2F4F}.swf

c:\documents and settings\All Users\Dane aplikacji\33C7

c:\documents and settings\All Users\Dane aplikacji\33C7{4C94F063-0516-4014-88A4-22BC5C0B299A}.swf

c:\documents and settings\All Users\Dane aplikacji\342FC

c:\documents and settings\All Users\Dane aplikacji\342FC{D9EEEC4A-8C78-4953-A2BD-54FD49F318FB}.swf

c:\documents and settings\All Users\Dane aplikacji\39194

c:\documents and settings\All Users\Dane aplikacji\39194{9B2B2263-5E9B-4324-861A-4AB112022537}.swf

c:\documents and settings\All Users\Dane aplikacji\3A29E

c:\documents and settings\All Users\Dane aplikacji\3A29E{1149F49A-5C68-481E-887A-33A6D9CEC858}.swf

c:\documents and settings\All Users\Dane aplikacji\64B

c:\documents and settings\All Users\Dane aplikacji\64B{A93839C8-B8DC-4945-8211-260B90F6A2D6}.swf

c:\documents and settings\All Users\Dane aplikacji\729D

c:\documents and settings\All Users\Dane aplikacji\729D{9C2DAEEC-4337-421D-899F-78AEE39179F1}.swf

c:\documents and settings\All Users\Dane aplikacji\93E6

c:\documents and settings\All Users\Dane aplikacji\93E6{FE7F1FB9-F70F-467B-9083-3DD3995AA16B}.swf

c:\documents and settings\All Users\Dane aplikacji\D240

c:\documents and settings\All Users\Dane aplikacji\D240{1F8CCCB3-9066-4A5E-A8E2-7E20EF98EDF8}.swf

c:\documents and settings\All Users\Dane aplikacji\E1C2

c:\documents and settings\All Users\Dane aplikacji\E1C2{6A4B6121-9387-42B8-8F5F-B39478A4B1C9}.swf

c:\documents and settings\All Users\Dane aplikacji\F220

c:\documents and settings\All Users\Dane aplikacji\F220{94762179-4C02-4C0E-9F71-0FBCEBB2841D}.swf

C:\FOUND.010

C:\FOUND.011

C:\FOUND.012

C:\FOUND.013

c:\found.013\FILE0000.CHK

c:\found.013\FILE0001.CHK

c:\found.013\FILE0002.CHK

c:\found.013\FILE0003.CHK

c:\found.013\FILE0004.CHK

c:\found.013\FILE0005.CHK

c:\found.013\FILE0006.CHK

c:\found.013\FILE0007.CHK

c:\found.013\FILE0008.CHK

c:\found.013\FILE0009.CHK

c:\found.013\FILE0010.CHK

c:\found.013\FILE0011.CHK

c:\found.013\FILE0012.CHK

c:\found.013\FILE0013.CHK

c:\found.013\FILE0014.CHK

c:\found.013\FILE0015.CHK

c:\found.013\FILE0016.CHK

c:\found.013\FILE0017.CHK

c:\found.013\FILE0018.CHK

c:\found.013\FILE0019.CHK

c:\found.013\FILE0020.CHK

c:\found.013\FILE0021.CHK

c:\found.013\FILE0022.CHK

c:\found.013\FILE0023.CHK

c:\found.013\FILE0024.CHK

c:\found.013\FILE0025.CHK

c:\found.013\FILE0026.CHK

c:\found.013\FILE0027.CHK

c:\found.013\FILE0028.CHK

c:\found.013\FILE0029.CHK

c:\found.013\FILE0030.CHK

c:\found.013\FILE0031.CHK

c:\found.013\FILE0032.CHK

c:\found.013\FILE0033.CHK

c:\found.013\FILE0034.CHK

c:\found.013\FILE0035.CHK

c:\found.013\FILE0036.CHK

c:\found.013\FILE0037.CHK

c:\found.013\FILE0038.CHK

c:\found.013\FILE0039.CHK

C:\FOUND.014

c:\found.014\FILE0000.CHK

c:\found.014\FILE0001.CHK

C:\FOUND.015

c:\found.015\FILE0000.CHK

c:\found.015\FILE0001.CHK

c:\found.015\FILE0002.CHK

c:\windows\ios.dat

c:\windows\system32\knzg.dll

c:\windows\system32\m3.ico

c:\windows\system32\sf.ico

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_OFLPYDIN

-------\Service_oflpydin

((((((((((((((((((((((((( Pliki utworzone od 2008-11-28 do 2008-12-28 )))))))))))))))))))))))))))))))

.

2008-12-28 13:00 . 2008-12-28 13:00

2008-12-25 15:26 . 2008-12-25 15:26

2008-12-14 11:03 . 2008-12-14 11:03

2008-12-13 20:44 . 2008-12-13 20:44

2008-12-13 20:38 . 2008-06-25 14:41 79,904 --a------ c:\windows\system32\drivers\fsdfw.sys

2008-12-13 20:37 . 2008-12-13 20:37

2008-12-13 20:33 . 2008-12-13 20:33

2008-12-13 13:59 . 2008-12-13 13:59

2008-12-05 23:55 . 2008-12-05 23:55 0 --a------ c:\windows\nsreg.dat

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-06 14:39 31 ----a-w c:\documents and settings\Jakub\jagex_runescape_preferences.dat

2008-11-23 11:02 --------- d-----w c:\documents and settings\Jakub\Dane aplikacji\BitTorrent

2008-11-23 11:01 --------- d-----w c:\program files\DNA

2008-11-23 11:01 --------- d-----w c:\documents and settings\Jakub\Dane aplikacji\DNA

2008-11-21 14:54 --------- d-----w c:\program files\Nowe Gadu-Gadu

2008-11-10 14:17 --------- d-----w c:\program files\Samsung

2008-11-02 12:07 --------- d-----w c:\program files\NAPI-PROJEKT

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-03-15 16:31 36,088 ----a-w c:\documents and settings\Jakub\Dane aplikacji\GDIPFONTCACHEV1.DAT

.

((((((((((((((((((((((((((((( snapshot@2008-12-28_14.00.47.61 )))))))))))))))))))))))))))))))))))))))))

.

  • 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvMediaCenter"="c:\windows\System32\NVMCTRAY.DLL" [2003-11-17 49152]

"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-19 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]

"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"LClock"="c:\program files\LClock\LClock.exe" [2004-09-20 65536]

"VisualTooltip"="c:\program files\VisualTooltip\VisualToolTip.exe" [2006-10-06 942080]

"CacheBoost"="c:\program files\CacheBoost\trayicon.exe" [2003-06-24 60928]

"DAEMON Tools"="c:\program files\DAEMON Tools 4.03HE\daemon.exe" [2005-12-10 133016]

"SunJavaUpdateSched"="e:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

"CardDetectorICON225"="c:\program files\CardDetector\ICON225\CardDetector.exe" [2007-11-14 278528]

"BEWINTERNET-PLSessionManager"="f:\bf\SessionManager\SessionManager.exe" [2007-07-24 102400]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-11-17 3022848]

"KMCONFIG"="c:\program files\Mouse Driver\StartAutorun.exe" [2007-03-06 212992]

"F-Secure Manager"="e:\f-secure\F-Secure Internet Security\Common\FSM32.EXE" [2008-06-25 182936]

"F-Secure TNB"="e:\f-secure\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2008-06-25 957024]

"nwiz"="nwiz.exe" [2003-11-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2001-10-26 13312]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoFileAssociate"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"f:\BF\Connectivity\ConnectivityManager.exe"=

"e:\bittorent\BitTorrent\bittorrent.exe"=

R0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2008-12-13 79904]

R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]

R0 VirtualK;VirtaulK;c:\windows\System32\drivers\VirtualK.sys [2006-01-07 3968]

R1 F-Secure HIPS;F-Secure HIPS Driver;\??\e:\f-secure\F-Secure Internet Security\HIPS\drivers\fshs.sys [2008-12-13 66720]

R2 CacheBoost Service;CacheBoost Performance Optimizer and Tuner Service;c:\program files\CacheBoost\cbsrv.exe [2003-06-24 77312]

R2 DiskMgkS;DiskMagik Service;d:\diskmagik\DiskMgkS.exe [2007-12-14 415768]

R2 F-Secure Filter;F-Secure File System Filter;\??\e:\f-secure\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2008-12-13 39776]

R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\e:\f-secure\F-Secure Internet Security\Anti-Virus\Win2K\FSgk.sys [2008-12-13 62176]

R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\e:\f-secure\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2008-12-13 25184]

R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2007-04-05 208896]

R3 FSORSPClient;F-Secure ORSP Client;"e:\f-secure\F-Secure Internet Security\ORSP Client\fsorsp.exe" [2008-12-13 55904]

R3 GTFFBUS;GT FF BUS;c:\windows\System32\DRIVERS\gtffbus.sys [2008-07-03 17152]

R3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;c:\windows\System32\DRIVERS\Gtm51Irp.sys [2008-06-28 122240]

R3 GTPTSER;GT PT SER;c:\windows\System32\DRIVERS\gtptser.sys [2008-07-03 8064]

R3 GTUQBUS;GT UQ BUS;c:\windows\System32\DRIVERS\gtuqbus.sys [2008-07-03 36992]

R3 skbusenum;SKBus Enumerator;c:\windows\System32\DRIVERS\skbusenum.sys [2006-01-07 10880]

S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\System32\DRIVERS\Gt51Ip.sys [2008-07-02 95744]

S3 GT72UBUS;GT 72 U BUS;c:\windows\System32\DRIVERS\gt72ubus.sys [2008-07-02 51968]

.

Zawartość folderu 'Zaplanowane zadania'

2008-11-03 c:\windows\Tasks\1-Click Maintenance.job

  • c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe []

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://search.bearshare.com/pl/

IE: Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: Add to AMV Converter... - d:\program files\MP3 Player Utilities 4.07\AMVConverter\grab.html

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: Eksport do programu Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file - d:\program files\MP3 Player Utilities 4.07\MediaManager\grab.html

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

LSP: e:\f-secure\F-Secure Internet Security\FSPS\program\FSLSP.DLL

FF - ProfilePath - c:\documents and settings\Jakub\Dane aplikacji\Mozilla\Firefox\Profiles\s7p1m35r.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/firefox

FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: e:\program files\Java\jre1.6.0_03\bin\npjava11.dll

FF - plugin: e:\program files\Java\jre1.6.0_03\bin\npjava12.dll

FF - plugin: e:\program files\Java\jre1.6.0_03\bin\npjava13.dll

FF - plugin: e:\program files\Java\jre1.6.0_03\bin\npjava14.dll

FF - plugin: e:\program files\Java\jre1.6.0_03\bin\npjava32.dll

FF - plugin: e:\program files\Java\jre1.6.0_03\bin\npjpi160_03.dll

FF - plugin: e:\program files\Java\jre1.6.0_03\bin\npoji610.dll

ATTENTION: FIREFOX POLICES IS IN FORCE

FF - user.js: network.prefetch-next - true

FF - user.js: nglayout.initialpaint.delay - 250

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: browser.urlbar.autoFill - false

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

FF - user.js: browser.urlbar.hideGoButton - false

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-28 15:00:52

Windows 5.1.2600 FAT NTAPI

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

  • 'winlogon.exe'(712)

c:\windows\system32\ODBC32.dll

  • 'lsass.exe'(768)

e:\f-secure\F-Secure Internet Security\FSPS\program\FSLSP.DLL

c:\windows\system32\mswsock.dll

c:\windows\System32\wshtcpip.dll

c:\windows\System32\dssenh.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

e:\f-secure\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

e:\f-secure\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

e:\f-secure\F-Secure Internet Security\Common\FSMA32.EXE

c:\program files\COMMON FILES\FRANCE TELECOM\SHARED MODULES\FTRTSVC\0\FTRTSVC.EXE

e:\f-secure\F-Secure Internet Security\Common\FSMB32.EXE

e:\f-secure\F-Secure Internet Security\Common\FCH32.EXE

c:\program files\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE

c:\windows\SYSTEM32\NVSVC32.EXE

c:\program files\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE

c:\windows\SYSTEM32\WDFMGR.EXE

c:\windows\SYSTEM32\UASERVICE7.EXE

e:\f-secure\F-Secure Internet Security\Common\FAMEH32.EXE

e:\f-secure\F-Secure Internet Security\Anti-Virus\fsqh.exe

e:\f-secure\F-Secure Internet Security\FSAUA\program\fsaua.exe

e:\f-secure\F-Secure Internet Security\Anti-Virus\fssm32.exe

e:\f-secure\F-Secure Internet Security\FSAUA\program\fsus.exe

c:\windows\SYSTEM32\RUNDLL32.EXE

c:\program files\MOUSE DRIVER\KMCONFIG.EXE

f:\bf\Launcher\Launcher.exe

c:\program files\MESSENGER\MSMSGS.EXE

c:\program files\MOUSE DRIVER\KMPROCESS.EXE

c:\program files\COMMON FILES\FRANCE TELECOM\SHARED MODULES\ALERTMODULE\0\ALERTMODULE.EXE

e:\f-secure\F-Secure Internet Security\FSGUI\fsguidll.exe

e:\f-secure\F-Secure Internet Security\Anti-Virus\fsav32.exe

f:\bf\systray\systrayapp.exe

f:\bf\connectivity\connectivitymanager.exe

f:\bf\PhoneTools\TextMessaging.exe

f:\bf\Deskboard\deskboard.exe

f:\bf\connectivity\CoreCom\CoreCom.exe

c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

c:\windows\System32\dwwin.exe

f:\bf\connectivity\CoreCom\OraConfigRecover.exe

.

**************************************************************************

.

Czas ukończenia: 2008-12-28 15:03:31 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2008-12-28 14:03:28

ComboFix2.txt 2008-12-28 13:01:18

Przed: 227 106 816 bajtów wolnych

Po: 126,455,808 bajtów wolnych

315 --- E O F --- 2008-07-02 08:48:27

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:15:55, on 2008-12-28

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CacheBoost\cbsrv.exe

D:\diskmagik\DiskMgkS.exe

E:\f-secure\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

E:\f-secure\F-Secure Internet Security\Anti-Virus\FSGK32.EXE

E:\f-secure\F-Secure Internet Security\Common\FSMA32.EXE

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

E:\f-secure\F-Secure Internet Security\Common\FSMB32.EXE

E:\f-secure\F-Secure Internet Security\Common\FCH32.EXE

C:\Program Files\Mouse Driver\KMWDSrv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\UAService7.exe

E:\f-secure\F-Secure Internet Security\Common\FAMEH32.EXE

E:\f-secure\F-Secure Internet Security\Anti-Virus\fsqh.exe

E:\f-secure\F-Secure Internet Security\FSAUA\program\fsaua.exe

E:\f-secure\F-Secure Internet Security\Anti-Virus\fssm32.exe

E:\f-secure\F-Secure Internet Security\FSAUA\program\fsus.exe

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\LClock\LClock.exe

C:\Program Files\VisualTooltip\VisualToolTip.exe

C:\Program Files\CacheBoost\trayicon.exe

C:\Program Files\DAEMON Tools 4.03HE\daemon.exe

E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\CardDetector\ICON225\CardDetector.exe

C:\Program Files\Mouse Driver\StartAutorun.exe

E:\f-secure\F-Secure Internet Security\Common\FSM32.EXE

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\DNA\btdna.exe

C:\Program Files\Mouse Driver\KMConfig.exe

F:\BF\Launcher\Launcher.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Mouse Driver\KMProcess.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

E:\f-secure\F-Secure Internet Security\FSGUI\fsguidll.exe

E:\f-secure\F-Secure Internet Security\Anti-Virus\fsav32.exe

C:\WINDOWS\System32\wuauclt.exe

F:\BF\systray\systrayapp.exe

F:\BF\PhoneTools\TextMessaging.exe

C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

C:\WINDOWS\explorer.exe

F:\BF\connectivity\connectivitymanager.exe

F:\BF\Deskboard\deskboard.exe

F:\BF\connectivity\CoreCom\CoreCom.exe

F:\BF\connectivity\CoreCom\OraConfigRecover.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O4 - HKLM..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [LClock] C:\Program Files\LClock\LClock.exe

O4 - HKLM..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe

O4 - HKLM..\Run: [CacheBoost] C:\Program Files\CacheBoost\trayicon.exe

O4 - HKLM..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools 4.03HE\daemon.exe" -lang 1033

O4 - HKLM..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe

O4 - HKLM..\Run: [bEWINTERNET-PLSessionManager] F:\BF\SessionManager\SessionManager.exe

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe

O4 - HKLM..\Run: [F-Secure Manager] "E:\f-secure\F-Secure Internet Security\Common\FSM32.EXE" /splash

O4 - HKLM..\Run: [F-Secure TNB] "E:\f-secure\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKCU..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

O4 - HKCU..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Add to AMV Converter... - D:\Program Files\MP3 Player Utilities 4.07\AMVConverter\grab.html

O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Program Files\MP3 Player Utilities 4.07\MediaManager\grab.html

O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O17 - HKLM\System\CCS\Services\Tcpip..{787AC769-8F78-4E0B-9673-631359DDA816}: NameServer = 217.116.100.66 217.116.100.65

O23 - Service: CacheBoost Performance Optimizer and Tuner Service (CacheBoost Service) - Systweak India - C:\Program Files\CacheBoost\cbsrv.exe

O23 - Service: DiskMagik Service (DiskMgkS) - RoseCity Software - D:\diskmagik\DiskMgkS.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - E:\f-secure\F-Secure Internet Security\Anti-Virus\fsgk32st.exe

O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - E:\f-secure\F-Secure Internet Security\FSAUA\program\fsaua.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - E:\f-secure\F-Secure Internet Security\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - E:\f-secure\F-Secure Internet Security\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - E:\f-secure\F-Secure Internet Security\ORSP Client\fsorsp.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

--

End of file - 9056 bytes

Wielkie dzięki wam za pomoc.Nie wiedziałem co mam z tym zrobić.


(boczi) #9

kuba4444 , proszę edytować te logi wrzucając je poprzez wklej.org


(Leon$) #10

usuń HijackThisem >> Fix checked

Zastosuj Malwarebytes' Anti-Malware http://cybertrash.pl/Tata/MBAM/Malwarebytes_%20Anti-Malware.html pełny skan - jak coś znajdzie to usuń zaznaczone - pokaż log

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i ... 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html gdy będą wirusy pokaż raport

:slight_smile: