Witam Serdecznie
No i stało się, od 2 lat komputer działał bez zastrzeżeń, niedawno miałem infekcję na laptopie, który także bardzo długo się uruchamiał. MKSVir (skaner online) wyleczył ją. Jednak dziś po połączeniu w sieć bezprzewodową laptopa z komputerem stacjonarnym oba komputery szlag trafił.
Po wybraniu nazwy użytkownika i zalogowaniu się do systemu pasek zadań blokuje się na 10-15 minut, system staje (dysk jest nieużywany - nic nie odczytuje).
Zaobserwowałem także iż Adobe Photoshop przestał nagle działać.
Nie mam zamiaru robić reinstalu systemu - mam tutaj wszelkie aplikacje zainstalowane potrzebne do wykonywania mojego zawodu - za dużo by ustawiać ponownie.
Dodam - wszystkie aplikacje (jak i system) mam w pełni legalne.
Skanery OnLine (PandaAntyvirus i MksVir) nic nie wykryły na dysku startowym. Innych dysków (i partycji na nich zrobionych) nie sprawdzałem dotychczas.
Poniżej logi z HijakThis, SilentRunners i ComboFix:
Logfile of HijackThis v1.99.1
Scan saved at 01:12:39, on 2007-10-01
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\Ati2evxx.exe
G:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\Tablet.exe
E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
G:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
G:\Program Files\Motherboard Monitor 5\MBM5.EXE
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\RALINK\Common\RaUI.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\WTablet\TabUserW.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\Tablet.exe
E:\WINDOWS\System32\svchost.exe
G:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\WinRAR\WinRAR.exe
G:\Temp\Rar$EX00.781\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = icm.edu.pl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TrueImageMonitor.exe] G:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MBM 5] "G:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] G:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Gadu-Gadu] "E:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Ralink Wireless Utility.lnk = E:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://G:\Program Files\Offline Explorer Pro\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://G:\Program Files\Offline Explorer Pro\Add_AllO.htm
O8 - Extra context menu item: Download All by FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - G:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Utwórz Ulubione dla urządzenia przenośnego - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - G:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {33331111-1111-1111-1111-611111193423} -
O16 - DPF: {33331111-1111-1111-1111-611111193429} -
O16 - DPF: {33331111-1111-1111-1111-615111193427} -
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AD7B517-67C3-4EDE-B68F-DC5CDD6BF752}: NameServer = 85.255.113.202,85.255.112.202
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6BB9F22-8389-40AB-8037-CE39B5683DF5}: NameServer = 194.204.159.1 217.98.63.164
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - G:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - G:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - G:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - E:\WINDOWS\system32\Tablet.exe
"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Gadu-Gadu" = ""E:\Program Files\Gadu-Gadu\gg.exe" /tray" ["sms-express.com"]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"" [file not found]
"MSMSGS" = ""E:\Program Files\Messenger\msmsgs.exe" /background" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpeedTouch USB Diagnostics" = ""E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
"TrueImageMonitor.exe" = "G:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" ["Acronis"]
"NeroFilterCheck" = "E:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"MBM 5" = ""G:\Program Files\Motherboard Monitor 5\MBM5.EXE"" ["Alex van Kaam"]
"DAEMON Tools" = ""E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"avast!" = "E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]
"AcronisTimounterMonitor" = "G:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" ["Acronis"]
"Acronis Scheduler2 Service" = ""E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"" ["Acronis"]
"SunJavaUpdateSched" = ""E:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"MSConfig" = "E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "E:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "G:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{FCF608CF-5716-47C3-A1A8-991D873AF72B}" = "Delphi Context Menu Shell Extension Example"
-> {HKLM...CLSID} = "Delphi Context Menu Shell Extension Example"
\InProcServer32\(Default) = "G:\PROGRA~1\Exifer\EXIFER~1.DLL" [null data]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "E:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "E:\WINDOWS\system32\Audiodev.dll" [MS]
"{C539A15A-3AF9-4c92-B771-50CB78F5C751}" = "Acronis True Image Shell Context Menu Extension"
-> {HKLM...CLSID} = "Acronis True Image Shell Context Menu Extension"
\InProcServer32\(Default) = "G:\Program Files\Acronis\TrueImageHome\tishell.dll" ["Acronis"]
"{C539A15B-3AF9-4c92-B771-50CB78F5C751}" = "Acronis True Image Shell Extension"
-> {HKLM...CLSID} = "Acronis True Image Shell Extension"
\InProcServer32\(Default) = "G:\Program Files\Acronis\TrueImageHome\tishell.dll" ["Acronis"]
"{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Uniwersalne urządzenia Plug and Play"
-> {HKLM...CLSID} = "Uniwersalne urządzenia Plug and Play"
\InProcServer32\(Default) = "E:\WINDOWS\system32\upnpui.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "G:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
<> "System" = "lsass.exe" [MS]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\PROTOCOLS\Filter\
<> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "E:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "E:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
ContMenu\(Default) = "{FCF608CF-5716-47C3-A1A8-991D873AF72B}"
-> {HKLM...CLSID} = "Delphi Context Menu Shell Extension Example"
\InProcServer32\(Default) = "G:\PROGRA~1\Exifer\EXIFER~1.DLL" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "E:\Program Files\WinRAR\rarext.dll" [null data]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"NoThemesTab" = (REG_DWORD) hex:0x00000000
{unrecognized setting}
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "E:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "E:\Documents and Settings\Mr Death\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"
Startup items in "Mr Death" & "All Users" startup folders:
----------------------------------------------------------
E:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Ralink Wireless Utility" -> shortcut to: "E:\Program Files\RALINK\Common\RaUI.exe" ["Ralink Technology, Corp."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "G:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "E:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_02"
\InProcServer32\(Default) = "E:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."]
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Utwórz Ulubione dla urządzenia przenośnego"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "G:\Program Files\Microsoft ActiveSync\inetrepl.dll" [MS]
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Utwórz Ulubione dla urządzenia przenośnego..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "G:\Program Files\Microsoft ActiveSync\inetrepl.dll" [MS]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "E:\Program Files\Messenger\msmsgs.exe" [MS]
HOSTS file
----------
E:\WINDOWS\System32\drivers\etc\HOSTS
maps: 1 domain name to an IP address,
1 of the IP addresses is *not* localhost!
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "E:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""E:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
BlueSoleil Hid Service, BlueSoleil Hid Service, "G:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe" [null data]
TabletService, TabletService, "E:\WINDOWS\system32\Tablet.exe" ["Wacom Technology, Corp."]
Windows User Mode Driver Framework, UMWdf, "E:\WINDOWS\system32\wdfmgr.exe" [MS]
---------- (launch time: 2007-10-01 01:15:41)
<>: Suspicious data at a malware launch point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 53 seconds, including 17 seconds for message boxes)
ComboFix 07-09-21.2 - "Mr Death" 2007-10-01 1:19:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.413 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\NPF
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-30 )))))))))))))))))))))))))))))))
.
2007-09-30 22:52
[b]Pozdrawiam Serdecznie i czekam na pomoc.[/b]
[color=darkblue][size=75][i][b]Złączono Posta[/b]: 01.10.2007 (Pon) 1:53[/i][/size][/color]
a, i takie pliki do kwarantanny dodał ComboFix - dziwne bo żaden z trzech antywirusów nie wykrył nic podejżanego :
[code] 2002-10-06 19:49 23 --a–c— E:\Qoobox\Quarantine\D\AUTORUN.INF.vir 2007-07-08 21:23 15399 --a–c— E:\Qoobox\Quarantine\E\ComboFix\FProps.vbs.vir 2007-10-01 01:20 2262 --a–c— E:\Qoobox\Quarantine\Registry_backups\services_NPF.reg.dat Zmienna PATH folderu Numer seryjny woluminu: 90A7-3719 E:\QOOBOX\QUARANTINE ±–D | AUTORUN.INF.vir | ±–E | —ComboFix | FProps.vbs.vir | —Registry_backups services_NPF.reg.dat
(od razu mówię, że na tym się nie skończy, ale to jest priorytet).
)
Już płakać mi się chce…