Powolne działanie komputera


(Lblaszczykowski) #1

Witam proszę o pomoc od kilku dni zaczął wolno działac komp i nie wiem co jest grane podsyłam logi Combofix i z Hijack

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:29:55, on 2010-04-13

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe

C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe

D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\WinPortrait\wpctrl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\WinPortrait\floater.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

D:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM..\Run: [PivotSoftware] "C:\Program Files\WinPortrait\wpctrl.exe"

O4 - HKLM..\Run: [DT Task] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder

O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [eMuleAutoStart] D:\Program Files\eMule.0.49c.Razorback3.Next.Generation.v5.21 .Mod-Binary.(fast.and.xtreme)\emule.exe -AutoStart

O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O17 - HKLM\System\CCS\Services\Tcpip..{B356C38F-BF90-45E8-A071-09C5D42DDE98}: NameServer = 194.204.159.1,194.204.152.34

O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files\Portrait Displays\forteManager\dtsslsrv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\DTSRVC.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--

End of file - 5137 bytes

i

ComboFix 09-04-13.A0 - Metal 2010-04-13 13:34.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1023.543 [GMT 2:00]

Uruchomiony z: e:\standardowe\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)

* Resident AV is active

.

  • TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -

.

((((((((((((((((((((((((( Pliki utworzone od 2010-03-13 do 2010-04-13 )))))))))))))))))))))))))))))))

.

2010-04-12 22:03 . 2010-04-12 22:03 -------- d-sha-r C:\autorun.inf

2010-04-06 19:42 . 2010-04-06 19:40 737280 ----a-w c:\windows\iun6002.exe

2010-03-16 00:06 . 2010-03-16 00:06 -------- d-----w c:\documents and settings\Metal\Ustawienia lokalne\Dane aplikacji\Infonetax

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))

.

2010-04-13 10:43 . 2010-04-13 10:42 -------- d-----w c:\program files\HD Tune

2010-04-13 07:48 . 2008-09-16 06:13 -------- d-----w c:\documents and settings\Metal\Dane aplikacji\HPAppData

2010-04-12 22:49 . 2008-04-20 13:32 -------- d-----w c:\documents and settings\Metal\Dane aplikacji\Skype

2010-04-12 22:49 . 2008-04-20 13:33 -------- d-----w c:\documents and settings\Metal\Dane aplikacji\skypePM

2010-04-12 17:53 . 2009-03-28 17:23 174524 ----a-w C:\mksbasel.cpp.log

2010-04-11 09:57 . 2009-03-12 11:48 -------- d-----w c:\program files\Pity 2008

2010-04-06 19:34 . 2007-02-25 19:01 -------- d-----w c:\program files\VideoLAN

2010-03-30 10:25 . 2004-09-16 14:39 90422 ----a-w c:\windows\system32\perfc015.dat

2010-03-30 10:25 . 2004-09-16 14:39 504042 ----a-w c:\windows\system32\perfh015.dat

2010-03-17 10:31 . 2007-02-25 22:27 -------- d-----w c:\program files\Gadu-Gadu

2010-03-15 20:48 . 2008-11-13 23:17 -------- d-----w c:\documents and settings\Metal\Dane aplikacji\AdobeUM

2010-03-11 21:12 . 2010-03-11 21:12 -------- d-----w c:\program files\Common Files\Java

2010-03-11 21:11 . 2009-05-03 21:38 -------- d-----w c:\program files\Java

2009-07-15 14:07 . 2007-02-25 15:46 43800 ----a-w c:\documents and settings\Metal\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-05-23 12:03 . 2009-01-29 07:07 116296 ----a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2008-04-20 13:33 . 2008-04-20 13:33 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat

2007-02-25 15:59 . 2007-02-25 15:59 130 ----a-w c:\documents and settings\Metal\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 22014760]

"eMuleAutoStart"="d:\program files\eMule.0.49c.Razorback3.Next.Generation.v5.21 .Mod-Binary.(fast.and.xtreme)\emule.exe" [2009-08-01 6283264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]

"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-06 61440]

"PivotSoftware"="c:\program files\WinPortrait\wpctrl.exe" [2005-01-26 698104]

"DT Task"="c:\program files\Portrait Displays\forteManager\DTHtml.exe" [2005-10-14 264704]

"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"SoundMan"="SOUNDMAN.EXE" [2004-12-22 c:\windows\SOUNDMAN.EXE]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 c:\windows\KHALMNPR.Exe]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

ATI CATALYST - pasek zadaä.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440]

HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-02-25 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\windows\system32\logonuiX.exe"

"Taskman"="c:\recycler\S-1-5-21-4534707511-7316572271-944879462-8106\wingn.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i263_32.drv

"vidc.DIV3"= DivXc32.dll

"vidc.DIV4"= DivXc32f.dll

"msacm.l3codec"= l3codecp.acm

"vidc.3iv2"= 3ivxVfWCodec.dll

"msacm.divxa32"= divxa32.acm

"VIDC.HFYU"= huffyuv.dll

"VIDC.i263"= i263_32.drv

"msacm.imc"= imc32.acm

"VIDC.VP31"= vp31vfw.dll

"VIDC.AP41"= APmpg4v1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]

"c:\WINDOWS\system32\sessmgr.exe"=

"c:\WINDOWS\system32\winver.exe"=

"d:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"=

"d:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"=

"d:\Program Files\HP\Digital Imaging\bin\hposid01.exe"=

"d:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"=

"d:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"=

"c:\Program Files\Skype\Phone\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Grupowanie sieci równorzędnej Windows

"3540:UDP"= 3540:UDP:Protokół rozpoznawania nazw równorzędnych (PNRP)

"16199:TCP"= 16199:TCP:emule TCP

"16206:UDP"= 16206:UDP:emule UDP

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-29 108792]

S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfw tdir.sys [2009-09-29 96408]

S2 ekrn;ESET Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-29 735960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.pl/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {B356C38F-BF90-45E8-A071-09C5D42DDE98} = 194.204.159.1,194.204.152.34

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

FF - ProfilePath - c:\documents and settings\Metal\Dane aplikacji\Mozilla\Firefox\Profiles\caly93je.defaul t\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSignPlugin.dll

FF - plugin: d:\program files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", "-1");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_sett ing", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); // now unused

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.delay", 50);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter ", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

************************************************** ************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-04-13 13:35

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

PivotSoftware = "c:\program files\WinPortrait\wpctrl.exe"??????????????w???? ??????????????????\ ?|???????|?????????????????????????????????????? ????( ??????Dodatek Service Pack 2????????????????????????????????????????????????? ????????????????????????????????????????????

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

************************************************** ************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

  • > 'winlogon.exe'(892)

c:\windows\system32\Ati2evxx.dll

  • > 'explorer.exe'(2868)

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\program files\WinPortrait\WinpHook.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Czas ukończenia: 2010-04-13 13:37

ComboFix-quarantined-files.txt 2010-04-13 11:37

Przed: 1*706*754*048 bajtów wolnych

Po: 1,697,603,584 bajtów wolnych

220


(Rzodkiewkowy Potwór) #2

Logów się nie wkleja bezpośrednio na forum, :smiley: tylko tutaj http://wklej.org/ a poza tym HijackThis jest przestarzałe i wrzuć loga z OTL ;] http://forum.dobreprogramy.pl/otl-gmer-rsit-dds-inne-instrukcje-t370405.html instrukcja. A ten Service Pack 2 i Internet Exploler 6 to razi w oczy :smiley:


(Lblaszczykowski) #3

Witam ponownie w wyznaczonym miejscu wrzuciłem logi z gmera i otl.


(stream) #4

metal6699 , i daj linki na forum do nich ;]


(Lblaszczykowski) #5

http://wklej.org/id/315333/

-- Dodane 13.04.2010 (Wt) 19:32 --

http://wklej.org/id/315360/ i z gmera

-- Dodane 13.04.2010 (Wt) 20:11 --

http://wklej.org/id/315381/ i jeszcze jeden z gmera