Zacinanie się laptopa

turbin · 14 Luty 2009 21:37

Witam,

od razu opisze mój problem. Ściągnąłem z Internetu przez BitTorrenta pewien meczyk. Chciałem go włączyć tak więc uruchomiłem go i trochę przewinąłem i od tego czasu mój laptop zaczął się zacinać, np. chce przesunąć okienko z widokiem jakiegoś folderu to to nie jest to dynamiczne przesunięcie tylko takie zacinające się. W ogóle podczas włączania długo mam napis welcome i długą włączają się programy w tle (te w trayu).

Hijackthis i combofix:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:47:08, on 2009-02-14 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\Empowering Technology\admServ.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\ehome\ehtray.exe C:\Acer\Empowering Technology\admtray.exe C:\Program Files\QuickTime\qttask.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\DNA\btdna.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Documents and Settings\Greg\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://zzz.uv.ro/adver.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://zzz.uv.ro/adver.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://zzz.uv.ro/adver.html/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM…\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM…\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM…\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM…\Run: [ADMTray.exe] “C:\Acer\Empowering Technology\admtray.exe” O4 - HKLM…\Run: [iMJPMIG8.1] “C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef /Migration32 O4 - HKLM…\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM…\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM…\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM…\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM…\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM…\Run: [bJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe” O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent O4 - HKLM…\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe O4 - HKLM…\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe O4 - HKLM…\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM…\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe” O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKCU…\Run: [way tool] C:\DOCUME~1\Greg\APPLIC~1\DRIVEB~1\FunkObjSeek.exe O4 - HKCU…\Run: [CTSyncU.exe] “C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe” O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [updateMgr] “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_9 -reboot 1 O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU…\Run: [bitTorrent DNA] “C:\Program Files\DNA\btdna.exe” O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra ‘Tools’ menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europ…vex/hcImpl.cab O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof…?1165264588437 O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_49.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553546800} - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe – End of file - 9830 bytes

ComboFix 09-02-12.03 - Greg 2009-02-14 21:57:27.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1250.48.1033.18.1014.608 [GMT 1:00] Uruchomiony z: c:\documents and settings\Greg\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 090214-0] *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA . ((((((((((((((((((((((((( Pliki utworzone od 2009-01-14 do 2009-02-14 ))))))))))))))))))))))))))))))) . 2009-02-14 13:12 . 2009-02-14 13:12 2009-02-12 22:44 . 2009-02-12 22:44 2009-02-12 21:33 . 2009-02-12 21:33 2009-02-12 21:33 . 2009-02-12 21:33 2009-02-12 15:35 . 2004-08-03 23:08 25,600 --a------ c:\windows\system32\drivers\usbser.sys 2009-02-12 15:35 . 2004-08-03 23:08 25,600 --a------ c:\windows\system32\dllcache\usbser.sys 2009-02-11 14:34 . 2009-02-11 14:34 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01007_C oinstaller_Critical.Wdf 2009-02-11 14:34 . 2009-02-11 14:34 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf 2009-02-11 14:33 . 2008-03-21 13:57 14,640 --------- c:\windows\system32\spmsgXP_2k3.dll 2009-02-10 21:22 . 2009-02-10 21:22 2009-02-10 21:22 . 2008-07-23 17:50 3,596,288 --a------ c:\windows\system32\qt-dx331.dll 2009-02-10 21:22 . 2008-07-04 07:34 860,160 --a------ c:\windows\system32\lameACM.acm 2009-02-10 21:22 . 2008-01-10 13:15 755,027 --a------ c:\windows\system32\xvidcore.dll 2009-02-10 21:22 . 2008-07-25 09:34 683,520 --a------ c:\windows\system32\divx.dll 2009-02-10 21:22 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll 2009-02-10 21:22 . 2008-01-10 13:16 159,839 --a------ c:\windows\system32\xvidvfw.dll 2009-02-10 21:22 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm 2009-02-10 21:22 . 2008-07-25 09:34 81,920 --a------ c:\windows\system32\dpl100.dll 2009-02-10 21:22 . 2008-06-12 19:36 7,680 --a------ c:\windows\system32\ff_vfw.dll 2009-02-10 21:22 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest 2009-02-10 21:22 . 2007-10-03 16:03 414 --a------ c:\windows\system32\lame_acm.xml 2009-02-10 21:22 . 2008-07-30 20:09 38 --a------ c:\windows\avisplitter.ini 2009-02-09 20:17 . 2009-02-09 20:17 2009-02-09 20:17 . 2009-02-09 20:17 2009-02-09 20:17 . 2009-02-09 20:17 2009-02-09 20:16 . 2009-02-09 20:16 2009-02-09 20:16 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys 2009-02-09 20:15 . 2009-02-09 20:15 2009-02-09 20:15 . 2009-02-09 20:15 2009-02-09 20:15 . 2009-02-09 20:15 2009-02-09 20:15 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll 2009-02-09 20:15 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll 2009-02-09 20:15 . 2008-09-15 07:56 91,136 --a------ c:\windows\system32\nmwcdcls.dll 2009-02-09 20:15 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys 2009-02-09 20:15 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys 2009-02-09 20:15 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys 2009-02-09 20:15 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys 2009-02-09 20:13 . 2009-02-09 20:14 2009-02-08 16:09 . 2009-02-08 16:09 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-08 16:04 . 2009-02-08 16:04 2009-02-08 16:04 . 2009-02-08 16:04 2009-02-08 16:03 . 2009-02-08 16:03 2009-02-08 16:03 . 2009-02-08 16:03 2009-01-31 23:28 . 2009-01-31 23:28 2009-01-21 09:27 . 2008-04-14 01:12 7,680 --a------ c:\windows\system32\spdwnwxp.exe 2009-01-21 09:26 . 2006-12-28 20:01 19,569 --a------ c:\windows\003279_.tmp 2009-01-20 10:29 . 2009-01-20 10:29 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-01-16 20:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-12-19 09:10 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe 2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\dllcache\srv.sys . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] “CTSyncU.exe”=“c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe” [2006-11-23 851968] “ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2004-08-10 15360] “updateMgr”=“c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” [2006-03-30 313472] “AutoConnect”=“c:\program files\AutoConnect\AutoConnect.exe” [2006-12-03 310784] “BitTorrent DNA”=“c:\program files\DNA\btdna.exe” [2009-02-08 342848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] “igfxtray”=“c:\windows\system32\igfxtray.exe” [2006-03-23 94208] “igfxhkcmd”=“c:\windows\system32\hkcmd.exe” [2006-03-23 77824] “igfxpers”=“c:\windows\system32\igfxpers.exe” [2006-03-23 118784] “ehTray”=“c:\windows\ehome\ehtray.exe” [2005-08-05 64512] “ntiMUI”=“c:\program files\NewTech Infosystems\NTI CD DVD-Maker 7\ntiMUI.exe” [2006-05-15 45056] “ADMTray.exe”=“c:\acer\Empowering Technology\admtray.exe” [2005-10-24 2462208] “IMJPMIG8.1”=“c:\windows\IME\imjp8_1\IMJPMIG.E XE” [2004-08-10 208952] “MSPY2002”=“c:\windows\system32\IME\PINTLGNT\ImScI nst.exe” [2004-08-10 59392] “PHIME2002ASync”=“c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE” [2004-08-10 455168] “PHIME2002A”=“c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE” [2004-08-10 455168] “QuickTime Task”=“c:\program files\QuickTime\qttask.exe” [2006-10-12 98304] “ePower_DMC”=“c:\acer\Empowering Technology\ePower\ePower_DMC.exe” [2006-08-10 352256] “Acer ePower Management”=“c:\acer\Empowering Technology\ePower\Acer ePower Management.exe” [2006-05-22 3080704] “eRecoveryService”=“c:\acer\Empowering Technology\eRecovery\Monitor.exe” [2006-01-24 397312] “eDataSecurity Loader”=“c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe” [2005-12-27 69632] “BJCFD”=“c:\program files\BroadJump\Client Foundation\CFD.exe” [2003-01-27 376912] “SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-02-08 136600] “AzMixerSel”=“c:\program files\Realtek\InstallShield\AzMixerSel.exe” [2005-12-21 53248] “LManager”=“c:\progra~1\LAUNCH~1\LManager.exe” [2006-07-20 593920] “avast!”=“c:\progra~1\ALWILS~1\Avast4\ashDisp. exe” [2009-02-05 81000] “BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-04 c:\windows\system32\bthprops.cpl] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] “CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-10 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-11-24 962661] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys] @=“Driver” [HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk backup=c:\windows\pss\AOL 9.0 Tray Icon.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL Companion.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk backup=c:\windows\pss\AOL Companion.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=c:\windows\pss\BlueSoleil.lnkCommon Startup [HKLM~\startupfolder\C:^Documents and Settings^Greg^Start Menu^Programs^Startup^WallMaster.lnk] path=c:\documents and settings\Greg\Start Menu\Programs\Startup\WallMaster.lnk backup=c:\windows\pss\WallMaster.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection] --a------ 2004-03-19 14:17 78960 c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “BthServ”=2 (0x2) “AOL ACS”=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] “AntiVirusDisableNotify”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “c:\Program Files\Common Files\AOL\ACS\AOLacsd.exe”= “c:\Program Files\Common Files\AOL\ACS\AOLDial.exe”= “c:\Program Files\Messenger\MSMSGS.EXE”= “%windir%\Network Diagnostic\xpnetdiag.exe”= “c:\Program Files\AOL 9.0\waol.exe”= “c:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe”= “c:\Program Files\Gadu-Gadu\gg.exe”= “c:\WINDOWS\System32\DPVSETUP.EXE”= “c:\Program Files\Mozilla Firefox\FIREFOX.EXE”= “c:\Program Files\DNA\btdna.exe”= “c:\Program Files\BitTorrent\bittorrent.exe”= “c:\Program Files\SopCast\SopCast.exe”= “c:\Program Files\SopCast\adv\SopAdver.exe”= [HKLM~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] “25777:TCP”= 25777:TCP:BitComet 25777 TCP “25777:UDP”= 25777:UDP:BitComet 25777 UDP “22615:TCP”= 22615:TCP:BitComet 22615 TCP “22615:UDP”= 22615:UDP:BitComet 22615 UDP R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-06 114768] R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaF sLoc.sys [2005-10-15 12106] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [2008-04-06 20560] R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2005-06-30 7296] R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.s ys [2005-01-14 4010] R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2005-09-13 4392] S3 CEUSBAUDigiTech USB MIDI Driver (MIDI);c:\windows\system32\drivers\ceusbaud.sys [2003-11-01 17920] — Inne Usługi/Sterowniki w Pamięci — *NewlyCreated* - INT15.SYS [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2{36d2026e-ac1f-11dc-83b9-001167723854}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2{36d2026f-ac1f-11dc-83b9-001167723854}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2{c9dcb2f4-ac13-11dc-83b8-001167723854}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2{c9dcb2f5-ac13-11dc-83b8-001167723854}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2{c9dcb2f6-ac13-11dc-83b8-001167723854}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2{c9dcb2f7-ac13-11dc-83b8-001167723854}] \Shell\AutoRun\command - F:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2{c9dcb2f8-ac13-11dc-83b8-001167723854}] \Shell\AutoRun\command - F:\AutoRun.exe . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe HKCU-Run-way tool - c:\docume~1\Greg\APPLIC~1\DRIVEB~1\FunkObjSeek.exe HKLM-Run-AVFX Engine - c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe HKLM-Run-OCAudioIni - c:\program files\One-click Audio Converter\OCAudioIni.exe HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe MSConfigStartUp-Motive SmartBridge - c:\progra~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe MSConfigStartUp-Run - c:\windows\system32\include\vsserv.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.ask.com/?o=101764l=dis uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}sourceid=ie7rls=com.micros oft:en-USie=utf8oe=utf8 mStart Page = hxxp://zzz.uv.ro/adver.html/ mSearch Bar = hxxp://zzz.uv.ro/adver.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://eu-housecall.trendmicro-europe.c … hcImpl.cab DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} - hxxp://www.king.com/ctl/kingcomie.cab DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} - hxxp://67.15.101.3/g_bin/pl/words_2_0_0_49.cab FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\qvt9wnx4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=ie=UTF-8oe=UTF-8q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - http://www.google.pl FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi … t=gc=1q= FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ---- FIREFOX - SPOSÓB POSTĘPOWANIA ---- . ************************************************** ************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-14 22:03:35 Windows 5.1.2600 Service Pack 2 FAT NTAPI skanowanie ukrytych procesów … skanowanie ukrytych wpisów autostartu … skanowanie ukrytych plików … skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************** ************************ . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-3823592994-2320634651-661099925-1005\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved{F2EFC84F-9B1F-A015-B452-7E3094BF85BD}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) “iakeheddncmbcjnldh”=hex:6b,61,6f,63,62,70,6e,70,6 8,6f,61,63,6c,6c,6b,66,6a,6e, 69,67,69,6b,00,00 “haednkbgnlnhaahm”=hex:6b,61,61,64,6a,6f,62,6f,6a, 70,70,65,67,62,63,69,64,6e, 6b,68,6c,6c,00,00 [HKEY_USERS\S-1-5-21-3823592994-2320634651-661099925-1005\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*] “??”=hex:16,dc,06,33,6d,1c,79,1d,ff,d6,91,88,f9,0d ,5e,25,38,e2,0f,5a,47,89,57, 6b,42,aa,c1,a9,da,12,aa,5c,e4,09,55,62,16,af,87,2f ,41,c7,33,d9,8d,e6,7d,43,\ “??”=hex:ec,ab,78,26,4d,f4,9c,fc,3f,fe,1c,dc,be,67 ,74,64 . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - ‘explorer.exe’(2716) c:\windows\system32\MSNChatHook.dll c:\windows\system32\sysenv.dll c:\windows\system32\MSVCR71.dll . Czas ukończenia: 2009-02-14 22:08:35 ComboFix-quarantined-files.txt 2009-02-14 21:08:28 Przed: 8˙588˙476˙416 bytes free Po: 9,049,686,016 bytes free 236 — E O F — 2009-02-12 22:00:38 Mił ktoś taki problem, proszę o pomoc, nie chcę robić formata, usunąłem już całą zawartość folderu TEMP. Ps. mam jeszcze jedne pytanie, ten laptop dostałem prawie 2 lata temu od cioci z Anglii i jest w nim oryginalny system Windows XP, jak mogę zrobić aby po formatowanie mieć nadal legalny system. Nie mam żadnej płytki z windowsem. Pod laptopem jest naklejka: Windows XP Media Center Edition 2005 i klucz do windows. Dziękuję z pomoc i odpowiedź, pozdrawiam, turbin

mar147 · 14 Luty 2009 21:50

W trakcie instalacji podaj ten klucz z naklejki i po kłopocie. Jeśli nie masz oryginalnej płytki to ściągnij i z niej zainstaluj. Atrybutem legalności jest właśnie ta nalepka a tak swoją drogą jak wytrzymałeś 2 lata bez formata?? :o ja bym na windowsie nie wytrzymał, na linuxie tak na windowsie nie… 8)

turbin · 15 Luty 2009 06:51

Chcę zrobić formatowanie dysku ale przy moich dyskach w laptopie mam napisane File system: FAT32, mam też tak ustawić podczas instalacji?

huber2t · 15 Luty 2009 07:32

Skorzystaj z Malwarebytes’ Anti-Malware

Po tym podajesz nowy log z comboFiX