Prosze o sprwadzenie loga 50 cpu proces bezczynnosci

system · 3 Luty 2010 22:16

ComboFix 10-02-03.04 - mody 2010-02-03 21:10:00.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.48.1045.18.2046.1256 [GMT 0:00]

Uruchomiony z: c:\users\mody\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1335 [VPS 090618-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: avast! antivirus 4.8.1335 [VPS 090618-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:$recycle.bin\S-1-5-21-1044340984-3374458352-3868366472-500

c:$recycle.bin\S-1-5-21-1700653990-396368735-3127266353-500

c:$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

c:$recycle.bin\S-1-5-21-2163039684-3843062516-95695863-1006

c:$recycle.bin\S-1-5-21-3723424155-2836419890-3711988-500

c:$recycle.bin\S-1-5-21-4275756875-3957324713-4263332724-500

c:\programdata\hpe1738.dll

c:\recycler\S-1-5-21-1448396476-6486811264-207531212-9070

.

((((((((((((((((((((((((( Pliki utworzone od 2010-01-03 do 2010-02-03 )))))))))))))))))))))))))))))))

.

2010-02-03 21:03 . 2010-02-03 21:05 -------- d-----w- C:\32788R22FWJFW

2010-01-29 19:32 . 2010-01-29 19:32 -------- d-----w- c:\program files\ALLConverter

2010-01-29 19:32 . 2009-06-11 22:52 892928 ----a-w- c:\programdata\ALLPlayer\LIVE\DOLBY\iconv.dll

2010-01-29 19:32 . 2009-05-29 22:31 881664 ----a-w- c:\programdata\ALLPlayer\LIVE\XVID\xvidcore.dll

2010-01-29 19:32 . 2008-04-14 22:50 1291776 ----a-w- c:\programdata\ALLPlayer\LIVE\QUARTZ\quartzXP.dll

2010-01-29 19:32 . 2009-05-29 22:31 881664 ----a-w- c:\windows\system32\xvidcore.dll

2010-01-29 19:32 . 2008-11-13 04:25 740442 ----a-w- c:\programdata\ALLPlayer\LIVE\DIVX\DivX.dll

2010-01-29 19:32 . 2009-06-11 22:52 892928 ----a-w- c:\windows\system32\iconv.dll

2010-01-28 21:00 . 2010-01-28 21:00 -------- d-----w- c:\users\mody\AppData\Local\Mozilla

2010-01-23 18:27 . 2010-02-03 21:05 -------- d-----w- c:\users\mody\AppData\Roaming\Skype

2010-01-23 18:26 . 2010-01-23 18:26 -------- d-----w- c:\program files\Common Files\Skype

2010-01-23 15:59 . 2010-01-23 15:59 -------- d-----w- c:\program files\SkanerOnline

2010-01-16 20:37 . 2010-01-16 20:37 -------- d-----w- c:\users\mody\AppData\Roaming\PhotoFiltre

2010-01-13 18:21 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll

2010-01-13 18:21 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

2010-01-11 17:51 . 2010-01-11 17:51 -------- d-----w- c:\programdata\Avanquest Bluetooth SDK

2010-01-11 17:50 . 2010-01-11 17:50 -------- d-----w- c:\programdata\BVRP Software

2010-01-11 17:50 . 2010-01-11 17:50 -------- d-----w- c:\users\mody\AppData\Local\Sony Ericsson

2010-01-11 17:41 . 2010-01-11 17:41 -------- d-sh–we c:\windows\system32\config\systemprofile\Ustawienia lokalne

2010-01-07 11:30 . 2009-03-09 14:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll

2010-01-05 17:58 . 2010-01-05 18:00 66 ----a-w- c:\windows\hcs.dat

2010-01-05 17:58 . 2010-01-05 17:58 15872 ----a-w- c:\windows\system32\drivers\HMFAxCore56d706f6725c732df006697fd5ec3381.sys

2010-01-05 17:58 . 2004-08-04 00:56 11776 ----a-w- c:\windows\system32\reghmf.exe

2010-01-05 17:58 . 2007-02-12 16:55 692224 ----a-w- c:\windows\system32\hsys30.dll

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-02-03 21:14 . 2009-06-18 13:16 9724 ----a-w- c:\windows\system32\perfc015.dat

2010-02-03 21:14 . 2009-06-18 13:16 30234 ----a-w- c:\windows\system32\perfh015.dat

2010-02-03 21:05 . 2009-06-16 20:24 -------- d-----w- c:\users\mody\AppData\Roaming\uTorrent

2010-02-03 19:15 . 2009-06-16 20:46 -------- d-----w- c:\users\mody\AppData\Roaming\skypePM

2010-01-29 19:32 . 2009-10-15 16:40 -------- d-----w- c:\programdata\ALLPlayer

2010-01-29 19:32 . 2009-06-16 21:10 -------- d-----w- c:\program files\NAPI-PROJEKT

2010-01-23 18:26 . 2009-06-16 20:44 -------- d-----w- c:\programdata\Skype

2010-01-14 11:12 . 2009-10-07 08:45 181120 ------w- c:\windows\system32\MpSigStub.exe

2010-01-13 23:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-01-11 17:48 . 2010-01-11 17:48 -------- d-----w- c:\programdata\Sony Ericsson

2010-01-11 17:48 . 2007-04-13 15:34 -------- d–h--w- c:\program files\InstallShield Installation Information

2010-01-05 12:47 . 2009-11-22 14:13 -------- d-----w- c:\users\mody\AppData\Roaming\Any Video Converter

2010-01-04 19:24 . 2010-01-04 19:24 -------- d-----w- c:\programdata\TrueCrypt

2010-01-02 06:38 . 2010-01-22 19:02 916480 ----a-w- c:\windows\system32\wininet.dll

2010-01-02 06:32 . 2010-01-22 19:02 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-01-02 06:32 . 2010-01-22 19:02 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-01-02 04:57 . 2010-01-22 19:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-12-24 22:08 . 2009-12-24 22:08 -------- d-----w- c:\users\mody\AppData\Roaming\Switchball

2009-12-24 22:08 . 2009-12-24 22:08 -------- d-----w- c:\programdata\Trymedia

2009-12-23 13:50 . 2009-12-23 13:47 -------- d-----w- c:\users\mody\AppData\Roaming\dp3d

2009-12-22 17:45 . 2009-07-01 10:56 -------- d-----w- c:\programdata\OpenFM

2009-12-21 09:12 . 2009-06-28 07:41 -------- d-----w- c:\program files\Google

2009-12-14 14:49 . 2009-12-14 14:49 -------- d-----w- c:\users\mody\AppData\Roaming\Fit3DLive

2009-11-24 23:54 . 2009-06-16 19:32 1280480 ----a-w- c:\windows\system32\aswBoot.exe

2009-11-24 23:50 . 2009-06-16 19:32 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-11-24 23:50 . 2009-06-16 19:32 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-11-24 23:49 . 2009-06-16 19:32 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2009-11-24 23:49 . 2009-06-16 19:32 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-11-24 23:48 . 2009-06-16 19:32 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-11-24 23:47 . 2009-06-16 19:32 97480 ----a-w- c:\windows\system32\AvastSS.scr

2009-11-24 15:30 . 2009-06-16 05:38 113184 ----a-w- c:\users\mody\AppData\Local\GDIPFONTCACHEV1.DAT

2009-11-18 02:19 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-09 18:00 . 2009-11-24 17:12 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2009-11-09 12:31 . 2009-12-10 02:02 24064 ----a-w- c:\windows\system32\nshhttp.dll

2009-11-09 12:30 . 2009-12-10 02:02 30720 ----a-w- c:\windows\system32\httpapi.dll

2009-11-09 10:36 . 2009-12-10 02:02 411648 ----a-w- c:\windows\system32\drivers\http.sys

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Sidebar”=“c:\program files\Windows Sidebar\sidebar.exe” [2009-04-11 1233920]

“TOSCDSPD”=“c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe” [2006-11-13 413696]

“uTorrent”=“c:\users\mody\Desktop\utorrent.exe” [2010-01-17 289584]

“Nowe Gadu-Gadu”=“e:\programy\GaduGadu\Nowe Gadu-Gadu\gg.exe” [2009-08-31 11391592]

“DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\daemon.exe” [2009-04-23 691656]

“TomTomHOME.exe”=“e:\programy\TomTom\TomTom HOME 2\TomTomHOMERunner.exe” [2009-11-13 247144]

“Sony Ericsson PC Suite”=“e:\programy\sony ericsson\SEPCSuite.exe” [2009-09-24 434176]

“Skype”=“e:\programy\Phone\Skype.exe” [2009-10-09 25623336]

“ALLUpdate”=“e:\programy\ALLPlayer\ALLUpdate.exe” [2009-11-11 870400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“HWSetup”="\HWSetup.exe hwSetUP" [X]

“Windows Defender”=“c:\program files\Windows Defender\MSASCui.exe” [2008-01-19 1008184]

“HotKeysCmds”=“c:\windows\system32\hkcmd.exe” [2007-04-03 154392]

“Persistence”=“c:\windows\system32\igfxpers.exe” [2007-04-03 133912]

“KeNotify”=“c:\program files\TOSHIBA\Utilities\KeNotify.exe” [2006-11-06 34352]

“SVPWUTIL”=“c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe” [2006-03-22 438272]

“topi”=“c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe” [2007-04-02 577536]

“RtHDVCpl”=“RtHDVCpl.exe” [2007-06-13 4489216]

“TPwrMain”=“c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE” [2007-03-29 411192]

“HSON”=“c:\program files\TOSHIBA\TBS\HSON.exe” [2006-12-07 55416]

“SmoothView”=“c:\program files\Toshiba\SmoothView\SmoothView.exe” [2007-05-23 509496]

“00TCrdMain”=“c:\program files\TOSHIBA\FlashCards\TCrdMain.exe” [2007-05-22 538744]

“NDSTray.exe”=“NDSTray.exe” [bU]

“StartCCC”=“c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 90112]

“Camera Assistant Software”=“c:\program files\Camera Assistant Software for Toshiba\traybar.exe” [2007-04-10 413696]

“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe” [2009-03-20 1451304]

“Toshiba Registration”=“c:\program files\Toshiba\Registration\ToshibaRegistration.exe” [2007-02-19 571024]

“IAAnotif”=“c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe” [2007-02-12 174872]

“avast!”=“e:\programy\Avast\ashDisp.exe” [2009-11-24 81000]

“GrooveMonitor”=“e:\programy\Office 2007\Office12\GrooveMonitor.exe” [2006-10-26 31016]

“Skytel”=“Skytel.exe” [2007-05-28 1826816]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-27 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“EnableUIADesktopToggle”= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@=“Service”

[HKLM~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk

backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]

2009-11-13 11:31 247144 ----a-w- e:\programy\TomTom\TomTom HOME 2\TomTomHOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2009-07-01 16:37 37888 ----a-w- e:\programy\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

“VistaSp2”=hex(b):8b,d0,c0,90,cf,39,ca,01

R0 CplIR;Embedded IR Driver;c:\windows\System32\drivers\CplIR.sys [2007-03-06 14848]

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-06-16 114768]

R1 HMFAxCore56d706f6725c732df006697fd5ec3381;HMFAxCore56d706f6725c732df006697fd5ec3381;c:\windows\System32\drivers\HMFAxCore56d706f6725c732df006697fd5ec3381.sys [2010-01-05 15872]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-06-16 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-06-16 53328]

R2 TomTomHOMEService;TomTomHOMEService;e:\programy\TomTom\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]

R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-11-17 3668480]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\System32\drivers\seehcri.sys [2010-01-11 27632]

S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2009-07-06 721904]

S2 gupdate1c9f7c3e725fe40;Usługa Google Update (gupdate1c9f7c3e725fe40);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 133104]

S2 OMSI download service;Sony Ericsson OMSI download service;e:\programy\sony ericsson\SupServ.exe [2010-01-11 90112]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\gry\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-11-14 25832]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-06-17 21504]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\System32\drivers\libusb0.sys [2009-09-20 33792]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\System32\drivers\PPJoyBus.sys [2004-01-23 13952]

S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\System32\drivers\PPortJoy.sys [2004-01-23 28800]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\System32\drivers\s0016bus.sys [2010-01-11 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\System32\drivers\s0016mdfl.sys [2010-01-11 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\System32\drivers\s0016mdm.sys [2010-01-11 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s0016mgmt.sys [2010-01-11 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\System32\drivers\s0016nd5.sys [2010-01-11 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\System32\drivers\s0016obex.sys [2010-01-11 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\System32\drivers\s0016unic.sys [2010-01-11 115752]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [2009-03-27 23064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Zawartość folderu ‘Zaplanowane zadania’

2010-02-03 c:\windows\Tasks\Google Software Updater.job

c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-28 07:41]

2010-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 07:41]

2010-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

c:\program files\Google\Update\GoogleUpdate.exe [2009-06-28 07:41]

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.onet.pl/

mStart Page = hxxp://alawar.pl

IE: E&ksportuj do programu Microsoft Excel - e:\programy\OFFICE~1\Office12\EXCEL.EXE/3000

IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN

DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} - hxxp://slimak.onet.pl/_m/wirusy/ArcaOnline.cab

FF - ProfilePath - c:\users\mody\AppData\Roaming\Mozilla\Firefox\Profiles\l76ocu7f.default\

FF - prefs.js: browser.startup.homepage - www.onet.pl

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll

FF - plugin: e:\programy\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: e:\programy\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_colors”, true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“ui.use_native_popup_windows”, false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.enable_click_image_resizing”, true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“accessibility.browsewithcaret_shortcut.enabled”, true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“javascript.options.mem.high_water_mark”, 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“javascript.options.mem.gc_frequency”, 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“network.auth.force-generic-ntlm”, false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“svg.smil.enabled”, false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“ui.trackpoint_hack.enabled”, -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.debug”, false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.agedWeight”, 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.bucketSize”, 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.maxTimeGroupings”, 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.timeGroupingSize”, 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.boundaryWeight”, 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“browser.formfill.prefixWeight”, 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref(“html5.enable”, false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“app.update.download.backgroundInterval”, 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“app.update.url.manual”, “http://www.firefox.com”);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref(“browser.search.param.yahoo-fr-ja”, “mozff”);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name”, “chrome://browser/locale/browser.properties”);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description”, “chrome://browser/locale/browser.properties”);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add”, “addons.mozilla.org”);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“xpinstall.whitelist.add.36”, “getpersonas.com”);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“lightweightThemes.update.enabled”, true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.allTabs.previews”, false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.hide_infobar_for_outdated_plugin”, false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“plugins.update.notifyUser”, false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“toolbar.customization.usesheet”, false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.enable”, false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.max”, 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref(“browser.taskbar.previews.cachetime”, 20);

.

- - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-IgfxTray - c:\windows\system32\igfxtray.exe

MSConfigStartUp-ALLUpdate - e:\programy\ALLPlayer\ALLPlayer\ALLUpdate.exe

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-02-03 21:19

Windows 6.0.6002 Service Pack 2 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???[W ???8?9?`?9???9???9??

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

“ImagePath”=“c:\windows\system32\GameMon.des -service”

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-2163039684-3843062516-95695863-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved{86E8CA8F-5434-EF10-0568-3DD5960EC679}*]

@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2163039684-3843062516-95695863-1000\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]

“??”=hex:f5,17,ab,2e,91,47,f9,68,c8,11,36,7b,58,59,32,22,61,62,89,04,27,ca,06,

2f,07,77,59,92,26,1a,33,7a,47,8a,1a,d6,25,aa,19,0c,1b,47,0d,3b,f3,d1,24,92,\

“??”=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

[HKEY_USERS\S-1-5-21-2163039684-3843062516-95695863-1000\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

“datasecu”=hex:b7,dc,a6,84,64,61,f9,51,0b,49,44,49,ad,da,b1,54,da,ac,29,a5,12,

12,35,ea,83,5a,e2,1d,d0,41,22,34,70,9e,b0,b3,c9,6d,81,57,bb,35,a5,bb,39,3b,\

“rkeysecu”=hex:e3,4a,90,7a,fc,64,54,3a,d3,d8,4a,a4,f7,8b,12,e2

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

“BlindDial”=dword:00000000

“MSCurrentCountry”=dword:000000b4

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

“BlindDial”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

“BlindDial”=dword:00000000

.

Czas ukończenia: 2010-02-03 21:23:43

ComboFix-quarantined-files.txt 2010-02-03 21:23

Przed: 22 869 504 000 bajtów wolnych

Po: 29 997 977 600 bajtów wolnych

- End Of File - - E3138EAC6DB3AB2421539778F4944703

Gutek · 4 Luty 2010 00:24

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo.

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16t=253052

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny.

Pozdrawiam Gutek