Witam proszę o pomoc od kilku dni zaczął wolno działac komp i nie wiem co jest grane podsyłam logi Combofix i z Hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:29:55, on 2010-04-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\WinPortrait\wpctrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinPortrait\floater.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime
O4 - HKLM…\Run: [PivotSoftware] “C:\Program Files\WinPortrait\wpctrl.exe”
O4 - HKLM…\Run: [DT Task] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM…\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [egui] “D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [eMuleAutoStart] D:\Program Files\eMule.0.49c.Razorback3.Next.Generation.v5.21 .Mod-Binary.(fast.and.xtreme)\emule.exe -AutoStart
O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O17 - HKLM\System\CCS\Services\Tcpip…{B356C38F-BF90-45E8-A071-09C5D42DDE98}: NameServer = 194.204.159.1,194.204.152.34
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
–
End of file - 5137 bytes
i
ComboFix 09-04-13.A0 - Metal 2010-04-13 13:34.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1023.543 [GMT 2:00]
Uruchomiony z: e:\standardowe\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)
* Resident AV is active
.
- TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -
.
((((((((((((((((((((((((( Pliki utworzone od 2010-03-13 do 2010-04-13 )))))))))))))))))))))))))))))))
.
2010-04-12 22:03 . 2010-04-12 22:03 -------- d-sha-r C:\autorun.inf
2010-04-06 19:42 . 2010-04-06 19:40 737280 ----a-w c:\windows\iun6002.exe
2010-03-16 00:06 . 2010-03-16 00:06 -------- d-----w c:\documents and settings\Metal\Ustawienia lokalne\Dane aplikacji\Infonetax
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-04-13 10:43 . 2010-04-13 10:42 -------- d-----w c:\program files\HD Tune
2010-04-13 07:48 . 2008-09-16 06:13 -------- d-----w c:\documents and settings\Metal\Dane aplikacji\HPAppData
2010-04-12 22:49 . 2008-04-20 13:32 -------- d-----w c:\documents and settings\Metal\Dane aplikacji\Skype
2010-04-12 22:49 . 2008-04-20 13:33 -------- d-----w c:\documents and settings\Metal\Dane aplikacji\skypePM
2010-04-12 17:53 . 2009-03-28 17:23 174524 ----a-w C:\mksbasel.cpp.log
2010-04-11 09:57 . 2009-03-12 11:48 -------- d-----w c:\program files\Pity 2008
2010-04-06 19:34 . 2007-02-25 19:01 -------- d-----w c:\program files\VideoLAN
2010-03-30 10:25 . 2004-09-16 14:39 90422 ----a-w c:\windows\system32\perfc015.dat
2010-03-30 10:25 . 2004-09-16 14:39 504042 ----a-w c:\windows\system32\perfh015.dat
2010-03-17 10:31 . 2007-02-25 22:27 -------- d-----w c:\program files\Gadu-Gadu
2010-03-15 20:48 . 2008-11-13 23:17 -------- d-----w c:\documents and settings\Metal\Dane aplikacji\AdobeUM
2010-03-11 21:12 . 2010-03-11 21:12 -------- d-----w c:\program files\Common Files\Java
2010-03-11 21:11 . 2009-05-03 21:38 -------- d-----w c:\program files\Java
2009-07-15 14:07 . 2007-02-25 15:46 43800 ----a-w c:\documents and settings\Metal\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-05-23 12:03 . 2009-01-29 07:07 116296 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2008-04-20 13:33 . 2008-04-20 13:33 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat
2007-02-25 15:59 . 2007-02-25 15:59 130 ----a-w c:\documents and settings\Metal\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2008-02-01 22014760]
“eMuleAutoStart”=“d:\program files\eMule.0.49c.Razorback3.Next.Generation.v5.21 .Mod-Binary.(fast.and.xtreme)\emule.exe” [2009-08-01 6283264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
“ATICCC”=“c:\program files\ATI Technologies\ATI.ACE\cli.exe” [2005-08-06 61440]
“PivotSoftware”=“c:\program files\WinPortrait\wpctrl.exe” [2005-01-26 698104]
“DT Task”=“c:\program files\Portrait Displays\forteManager\DTHtml.exe” [2005-10-14 264704]
“egui”=“d:\program files\ESET\ESET NOD32 Antivirus\egui.exe” [2009-09-29 2054360]
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe” [2010-02-18 248040]
“SoundMan”=“SOUNDMAN.EXE” [2004-12-22 c:\windows\SOUNDMAN.EXE]
“Logitech Hardware Abstraction Layer”=“KHALMNPR.EXE” [2005-05-20 c:\windows\KHALMNPR.Exe]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
ATI CATALYST - pasek zadaä.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440]
HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-02-25 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
“UIHost”=“c:\windows\system32\logonuiX.exe”
“Taskman”=“c:\recycler\S-1-5-21-4534707511-7316572271-944879462-8106\wingn.exe”
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.I420”= i263_32.drv
“vidc.DIV3”= DivXc32.dll
“vidc.DIV4”= DivXc32f.dll
“msacm.l3codec”= l3codecp.acm
“vidc.3iv2”= 3ivxVfWCodec.dll
“msacm.divxa32”= divxa32.acm
“VIDC.HFYU”= huffyuv.dll
“VIDC.i263”= i263_32.drv
“msacm.imc”= imc32.acm
“VIDC.VP31”= vp31vfw.dll
“VIDC.AP41”= APmpg4v1.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe
[HKLM~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
“c:\WINDOWS\system32\sessmgr.exe”=
“c:\WINDOWS\system32\winver.exe”=
“d:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=
“d:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=
“d:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=
“d:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe”=
“d:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=
“c:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
“3587:TCP”= 3587:TCP:Grupowanie sieci równorzędnej Windows
“3540:UDP”= 3540:UDP:Protokół rozpoznawania nazw równorzędnych (PNRP)
“16199:TCP”= 16199:TCP:emule TCP
“16206:UDP”= 16206:UDP:emule UDP
[HKLM~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]
“AllowInboundEchoRequest”= 1 (0x1)
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfw tdir.sys [2009-09-29 96408]
S2 ekrn;ESET Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {B356C38F-BF90-45E8-A071-09C5D42DDE98} = 194.204.159.1,194.204.152.34
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\Metal\Dane aplikacji\Mozilla\Firefox\Profiles\caly93je.defaul t\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSignPlugin.dll
FF - plugin: d:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_colors”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_popup_windows”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.enable_click_image_resizing”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.enforce_same_site_origin”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.cache_size”, 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.ogg.enabled”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.wave.enabled”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“media.autoplay.enabled”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“accessibility.browsewithcaret_shortcut.enabl ed”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.urlbar.autocomplete.enabled”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“capability.policy.mailnews.*.wholeText”, “noAccess”);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“dom.storage.default_quota”, 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“javascript.options.mem.high_water_mark”, 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“javascript.options.mem.gc_frequency”, 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.http.prompt-temp-redirect”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.auth.force-generic-ntlm”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“layout.css.dpi”, -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“layout.css.devPixelsPerPx”, “-1”);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“gestures.enable_single_finger_input”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“svg.smil.enabled”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“ui.trackpoint_hack.enabled”, -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.debug”, false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.agedWeight”, 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.bucketSize”, 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.maxTimeGroupings”, 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.timeGroupingSize”, 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.boundaryWeight”, 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.prefixWeight”, 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.tcp.sendbuffer”, 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“geo.enabled”, true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref(“html5.enable”, false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref”, true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.renego_unrestricted_hosts”, “”);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.treat_unsafe_negotiation_as_bro ken”, false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl.require_safe_negotiation”, false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.ssl3.rsa_seed_sha”, true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref(“security.remember_cert_checkbox_default_sett ing”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“app.update.download.backgroundInterval”, 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“app.update.url.manual”, “http://www.firefox.com”);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“browser.search.param.yahoo-fr”, “moz35”);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“browser.search.param.yahoo-fr-cjkt”, “moz35”); // now unused
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“browser.search.param.yahoo-fr-ja”, “mozff”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.blocklist.level”, 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name”, “chrome://browser/locale/browser.properties”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description”, “chrome://browser/locale/browser.properties”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add”, “addons.mozilla.org”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add.36”, “getpersonas.com”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“lightweightThemes.update.enabled”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.urlbar.delay”, 50);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.urlbar.restrict.typed”, “~”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.urlbar.default.behavior”, 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.allTabs.previews”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.history”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.formdata”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.passwords”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.downloads”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.cookies”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.cache”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.sessions”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.offlineApps”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.clearOnShutdown.siteSettings”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.history”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.formdata”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.passwords”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.downloads”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.cookies”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.cache”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.sessions”, true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.offlineApps”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.cpd.siteSettings”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“privacy.sanitize.migrateFx3Prefs”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.hide_infobar_for_outdated_plugin”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.update.notifyUser”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.ssl_override_behavior”, 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“security.alternate_certificate_error_page”, “certerror”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.privatebrowsing.autostart”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“geo.wifi.uri”, “https://www.google.com/loc/json”);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“toolbar.customization.usesheet”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.enable”, false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.max”, 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.cachetime”, 20);
.
************************************************** ************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 13:35
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
PivotSoftware = “c:\program files\WinPortrait\wpctrl.exe”???w??? ???\ ?|???|??? ???( ???Dodatek Service Pack 2??? ???
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
************************************************** ************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
-
-
-
-
-
-
- > ‘winlogon.exe’(892)
-
-
-
-
-
c:\windows\system32\Ati2evxx.dll
-
-
-
-
-
-
- > ‘explorer.exe’(2868)
-
-
-
-
-
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\WinPortrait\WinpHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Czas ukończenia: 2010-04-13 13:37
ComboFix-quarantined-files.txt 2010-04-13 11:37
Przed: 1*706*754*048 bajtów wolnych
Po: 1,697,603,584 bajtów wolnych
220