podczas uruchamiania komputera wyskakują mi dwa okienka “moje dokumenty”. Zauważyłem również , że mój internet strasznie wolno działa. Proszę o sprawdzenie loga z Combofixa:
ComboFix 09-01-09.03 - PS 2009-01-10 13:27:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.767.490 [GMT 1:00]
Uruchomiony z: c:\documents and settings\PS\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((( Pliki utworzone od 2008-12-10 do 2009-01-10 )))))))))))))))))))))))))))))))
.
2009-01-09 20:33 . 2009-01-09 20:34
2008-12-25 23:42 . 2008-12-25 23:43
2008-12-25 23:42 . 2008-12-25 23:42
2008-12-25 23:42 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
2008-12-25 00:35 . 2008-12-25 00:35
2008-12-25 00:35 . 2008-12-25 00:35
2008-12-25 00:32 . 2008-12-25 00:32
2008-12-18 12:27 . 2008-12-18 12:30
2008-12-18 12:27 . 2008-12-18 14:07
2008-12-17 18:08 . 2008-12-17 18:08 8,192 --a------ c:\windows\d3dx.dat
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 14:35 --------- d-----w c:\program files\Leksykonia
2009-01-04 05:07 --------- d-----w c:\program files\AutoCAD 2004
2008-12-25 22:42 --------- d–h--w c:\program files\InstallShield Installation Information
2008-12-25 22:32 --------- d-----w c:\program files\Gadu-Gadu
2008-12-18 13:45 --------- d-----w c:\documents and settings\PS\Dane aplikacji\uTorrent
2008-12-17 16:57 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-10 18:05 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2008-12-06 16:52 --------- d-----w c:\program files\Avira
2008-12-06 16:52 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Avira
2008-12-04 17:45 --------- d-----w c:\program files\Deutsch Translator 2
2008-11-22 15:35 --------- d-----w c:\program files\ffdshow
2008-11-20 21:29 12,528 ----a-w c:\windows\system32\drivers\secdrv.sys
2008-11-15 20:50 --------- d-----w c:\program files\English Translator 3
2008-10-27 16:32 73,393 ----a-w c:\windows\unins000.exe
2008-04-12 18:54 6,686,520 ----a-w c:\program files\Firefox Setup 2.0.0.13.exe
2008-12-20 08:33 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-20 08:33 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-20 08:33 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-20 08:33 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-20 08:33 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2006-05-03 09:06 163,328 --sh–r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh–r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sh–r c:\windows\system32\nbDX.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Orb”=“c:\program files\Winamp Remote\bin\OrbTray.exe” [2008-03-25 507904]
“Nokia.PCSync”=“c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe” [2008-03-26 1232896]
“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2004-08-03 15360]
“ALLUpdate”=“c:\program files\ALLPlayer\ALLUpdate.exe” [2008-11-24 869888]
“EXPLORER.EXE”=“EXPLORER.EXE” [2004-08-03 c:\windows\explorer.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2007-06-28 8466432]
“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2007-06-28 81920]
“GrooveMonitor”=“c:\program files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-26 31016]
“WinampAgent”=“c:\program files\Winamp\winampa.exe” [2008-04-01 36352]
“SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 144784]
“HPDJ Taskbar Utility”=“c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe” [2001-10-15 196608]
“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]
“avgnt”=“c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-06-12 266497]
“nwiz”=“nwiz.exe” [2007-06-28 c:\windows\system32\nwiz.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-03 15360]
c:\documents and settings\PS\Menu Start\Programy\Autostart\
Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
AudioDeck.lnk - c:\program files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe [2008-04-02 581632]
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-09-05 1183744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“msacm.avis”= ff_acm.acm
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“c:\Program Files\Winamp Remote\bin\Orb.exe”=
“c:\Program Files\Winamp Remote\bin\OrbTray.exe”=
“c:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”=
“c:\Program Files\Gadu-Gadu\gg.exe”=
“c:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=
“c:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“c:\WINDOWS\system32\sessmgr.exe”=
“c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe”=
“c:\Documents and Settings\PS\Pulpit\utorrent.exe”=
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys – c:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys – c:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys – c:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;??\e:\ntglm7x.sys – e:\NTGLM7X.sys [?]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [2008-04-02 3351]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{725e232e-d8bf-11dd-ba2c-001cea7cd015}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b61c39f1-12c1-11dd-89cd-00d0d084439d}]
\Shell\AutoRun\command - G:\EXPLORER.EXE
\Shell\explore\Command - G:\EXPLORER.EXE
\Shell\open\Command - G:\EXPLORER.EXE
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
HKCU-Run-wsctf.exe - wsctf.exe
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.onet.pl/
IE: Eksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\PS\Dane aplikacji\Mozilla\Firefox\Profiles\vwag0pew.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli … ie7query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.onet.pl
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli … pabquery=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 13:29:32
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2009-01-10 13:31:18
ComboFix-quarantined-files.txt 2009-01-10 12:31:07
Przed: 9 659 760 640 bajtów wolnych
Po: 10,360,856,576 bajtów wolnych
128