Znikajaca tapeta z pulpitu i spowolniony komp

Oprogramowanie komputerowe Problemy z oprogramowaniem
#1

zeskanowaam komp hijack this i oto logo

Logfile of HijackThis v1.99.1

Scan saved at 19:43:44, on 2008-11-21

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe

C:\WINDOWS\System32\TuneUpDefragService.exe

C:\Program Files\Winamp\winamp.exe

C:\DOCUME~1\Alicja\USTAWI~1\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM…\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [skyTel] SkyTel.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [Toshiba Hotkey Utility] “C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe” /lang PL

O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime

O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Usługa konfiguracji Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

czy tos moe mi pomoc ??

#2

log czysty.Jakimi programami skanowałeś kompa na obecność wirusów?

#3

Spybot - Search & Destroy i nod 32 antywirus!!

#4

podaj log z combo fix

#5

ComboFix 08-11-21.03 - Alicja 2008-11-21 20:47:15.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.377 [GMT 1:00]

Uruchomiony z: c:\documents and settings\Alicja\Pulpit\ComboFix.exe

* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\IE4 Error Log.txt

.

((((((((((((((((((((((((( Pliki utworzone od 2008-10-21 do 2008-11-21 )))))))))))))))))))))))))))))))

.

2008-11-19 10:32 . 2008-11-19 10:32

2008-11-19 10:22 . 2008-11-19 10:22

2008-11-18 22:26 . 2008-11-18 22:26

2008-11-18 14:03 . 2008-11-18 14:03

2008-11-13 00:51 . 2008-10-24 12:10 453,632 -----c— c:\windows\system32\dllcache\mrxsmb.sys

2008-11-02 20:10 . 2008-11-02 20:13

2008-11-02 20:09 . 2008-11-02 20:09

2008-11-02 20:09 . 2008-11-02 20:09

2008-11-02 20:09 . 2008-11-02 20:09

2008-11-02 20:09 . 2008-04-17 13:12 107,368 --a------ c:\windows\system32\GEARAspi.dll

2008-11-02 20:09 . 2008-04-17 13:12 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys

2008-11-02 20:08 . 2008-11-02 20:09

2008-11-02 20:08 . 2008-11-02 20:08

2008-11-02 20:08 . 2008-11-02 20:09

2008-11-02 20:07 . 2008-11-02 20:07

2008-11-02 20:07 . 2008-11-02 20:07

2008-10-27 18:51 . 2004-09-22 11:13 12,160 --a------ c:\windows\system32\drivers\mouhid.sys

2008-10-27 18:51 . 2004-09-22 11:13 12,160 --a–c— c:\windows\system32\dllcache\mouhid.sys

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-19 09:33 --------- d-----w c:\program files\Common Files\Adobe

2008-11-18 20:48 --------- d-----w c:\documents and settings\Alicja\Dane aplikacji\Skype

2008-11-18 20:43 --------- d-----w c:\program files\Common Files\Autodesk Shared

2008-11-18 20:43 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Autodesk

2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys

2008-10-19 16:02 --------- d-----w c:\program files\Java

2008-10-19 15:54 --------- d-----w c:\program files\Common Files\Java

2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll

2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll

2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll

2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll

2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll

2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe

2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll

2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll

2008-10-14 18:03 --------- d–h--w c:\program files\InstallShield Installation Information

2008-10-14 18:03 --------- d-----w c:\program files\Google

2008-10-12 16:56 --------- d-----w c:\documents and settings\Alicja\Dane aplikacji\Nokia Multimedia Player

2008-10-12 16:52 --------- d-----w c:\documents and settings\Alicja\Dane aplikacji\Nokia

2008-10-06 11:25 --------- d-----w c:\program files\TuneUp Utilities 2008

2008-10-04 21:05 --------- d-----w c:\program files\MSXML 4.0

2008-10-03 22:46 --------- d-----w c:\documents and settings\Alicja\Dane aplikacji\Autodesk

2008-10-03 22:32 --------- d-----w c:\program files\Autodesk

2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll

2008-09-28 17:08 --------- d-----w c:\program files\weblin

2008-09-28 17:08 --------- d-----w c:\documents and settings\Alicja\Dane aplikacji\zweitgeist

2008-09-15 15:40 1,846,272 ----a-w c:\windows\system32\win32k.sys

2008-09-04 16:46 1,106,944 ----a-w c:\windows\system32\msxml3.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“MSMSGS”=“c:\program files\Messenger\msmsgs.exe” [2004-08-03 1667584]

“SpybotSD TeaTimer”=“c:\program files\Spybot - Search & Destroy\TeaTimer.exe” [2008-07-07 2156368]

“ctfmon.exe”=“c:\windows\system32\ctfmon.exe” [2002-12-31 15360]

“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2007-05-10 2111176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ATIPTA”=“c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2005-12-11 344064]

“Toshiba Hotkey Utility”=“c:\program files\Toshiba\Windows Utilities\Hotkey.exe” [2007-06-17 1773568]

“WinampAgent”=“c:\program files\Winamp\winampa.exe” [2007-05-14 35328]

“egui”=“c:\program files\ESET\ESET NOD32 Antivirus\egui.exe” [2008-06-10 1447168]

“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]

“PCSuiteTrayApplication”=“c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2007-06-18 271360]

“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” [2008-09-06 413696]

“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe” [2008-10-01 289576]

“RTHDCPL”=“RTHDCPL.EXE” [2007-06-17 c:\windows\RTHDCPL.exe]

“SkyTel”=“SkyTel.EXE” [2007-06-17 c:\windows\SkyTel.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“Nokia.PCSync”=“c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-06-19 1241088]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

“tscuninstall”=“c:\windows\system32\tscupgrd.exe” [2002-12-31 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

“ForceClassicControlPanel”= 1 (0x1)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“c:\Program Files\Gadu-Gadu\gg.exe”=

“c:\Program Files\iTunes\iTunes.exe”=

“c:\Program Files\Skype\Phone\Skype.exe”=

“c:\Program Files\Bonjour\mDNSResponder.exe”=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]

R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2002-12-31 14336]

R3 BoiHwsetup;Access 32bits INT15 routine;c:\windows\system32\drivers\BoiHwSetup.sys [2007-06-17 5504]

R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;c:\windows\system32\drivers\qkbfiltr.sys [2006-01-12 31872]

R3 qmofiltr;Quanta HotKey Mouse Filter Driver;c:\windows\system32\drivers\qmofiltr.sys [2005-05-05 7936]

R3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-08-17 355584]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2002-12-31 3584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

*Newly Created Service* - PROCEXP90

.

Zawartość folderu ‘Zaplanowane zadania’

2008-11-21 c:\windows\Tasks\1-Click Maintenance.job

  • c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2008-11-02 c:\windows\Tasks\AppleSoftwareUpdate.job

  • c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-21 20:49:15

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

Czas ukończenia: 2008-11-21 20:50:32

ComboFix-quarantined-files.txt 2008-11-21 19:49:49

Przed: 13,800,656,896 bajtów wolnych

Po: 14,803,337,216 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect

134 — E O F — 2008-11-15 17:51:14

#6

W logu nic nie widzę

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar całego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!