Zużycie procesora 100%

slodka · 21 Kwiecień 2009 19:20

komputer chodzi strasznie powoli.często się zawiesza,zużycie procesora jest 100% a na dodatek robi screeny stron przeglądanych przeglądarką czy to jakiś wirus???

Logfile of HijackThis v1.99.1

Scan saved at 20:59:23, on 2009-04-21

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\Explorer.EXE

D:\Program Files\bin\btwdins.exe

C:\Documents and Settings\Admin\Moje dokumenty\Odebrane pliki\progamy\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogle.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66024

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000

O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - D:\Program Files\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O15 - Trusted Zone: http://*.mks.com.pl

O15 - Trusted Zone: www.gry.pl

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\bin\btwdins.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe


[code]

Leon1 · 21 Kwiecień 2009 19:40

usuń HijackThisem >> Fix checked

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 uruchom dwuklikiem

pokaż log

Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy

Menadżer zadań >> procesy

podaj jaki proces pobiera 100%

Frog · 21 Kwiecień 2009 20:09

OT --> Kosz

slodka · 21 Kwiecień 2009 20:12

ComboFix 09-04-21.A8 - Admin 2009-04-21 21:59.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.383.58 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe

AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)

FW: Zapora osobista *enabled*

 * Utworzono nowy punkt przywracania

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\documents and settings\All Users\Dane aplikacji\WinAntiVirus Pro 2006

c:\windows\system32\Process.exe


.

((((((((((((((((((((((((( Pliki utworzone od 2009-03-21 do 2009-04-21 )))))))))))))))))))))))))))))))

.


2009-04-21 19:56 . 2009-04-21 19:56	231441	----a-w	C:\Apr_21_2009__21_48_29.jpg

2009-04-21 19:55 . 2009-04-21 19:55	178262	----a-w	C:\Apr_21_2009__21_34_20.jpg

2009-04-21 19:54 . 2009-04-21 19:54	277149	----a-w	C:\Apr_21_2009__21_21_50.jpg

2009-04-21 19:53 . 2009-04-21 19:53	207325	----a-w	C:\Apr_21_2009__21_08_12.jpg

2009-04-21 19:52 . 2009-04-21 19:52	520785	----a-w	C:\Apr_21_2009__20_59_31.jpg

2009-04-21 19:51 . 2009-04-21 19:51	439734	----a-w	C:\Apr_21_2009__20_53_11.jpg

2009-04-19 18:57 . 2009-04-19 18:57	3072	--sha-w	c:\windows\system32\Thumbs.db

2009-04-19 18:55 . 2009-04-19 18:55	354560	----a-w	c:\windows\system32\TuneUpDefragService.exe

2009-04-19 18:55 . 2008-04-04 12:51	28416	----a-w	c:\windows\system32\uxtuneup.dll

2009-04-18 07:12 . 2009-04-21 19:57	--------	d-sh--w	c:\windows\system32\Sys32


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-21 19:56 . 2009-04-21 19:56	231357	----a-w	C:\Apr_21_2009__21_48_34.jpg

2009-04-21 19:55 . 2009-04-21 19:55	178194	----a-w	C:\Apr_21_2009__21_34_25.jpg

2009-04-21 19:54 . 2009-04-21 19:54	267256	----a-w	C:\Apr_21_2009__21_21_44.jpg

2009-04-21 19:53 . 2009-04-21 19:53	204310	----a-w	C:\Apr_21_2009__21_08_07.jpg

2009-04-21 19:52 . 2009-04-21 19:52	475746	----a-w	C:\Apr_21_2009__20_59_26.jpg

2009-04-21 19:51 . 2009-04-21 19:51	439734	----a-w	C:\Apr_21_2009__20_53_06.jpg

2009-04-21 18:10 . 2008-12-12 06:19	--------	d-----w	c:\documents and settings\Admin\Dane aplikacji\Skype

2009-04-19 18:55 . 2008-06-25 14:48	--------	d-----w	c:\program files\TuneUp Utilities 2008

2009-04-19 17:14 . 2007-09-25 10:35	--------	d-----w	c:\program files\SpywareBlaster

2009-03-31 14:00 . 2001-10-26 15:15	598058	----a-w	c:\windows\system32\perfh015.dat

2009-03-31 14:00 . 2001-10-26 15:15	123660	----a-w	c:\windows\system32\perfc015.dat

2009-03-22 16:37 . 2007-02-23 19:15	--------	d-----w	c:\program files\mIRC

2009-02-26 18:56 . 2005-06-10 13:55	--------	d-----w	c:\program files\OpenOffice.org1.1.4

2009-02-25 21:10 . 2005-06-10 13:35	--------	d--h--w	c:\program files\InstallShield Installation Information

2009-02-25 21:08 . 2005-06-18 15:54	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\BVRP Software

2008-09-24 18:03 . 2007-03-17 19:03	47360	-c--a-w	c:\documents and settings\Admin\Dane aplikacji\pcouffin.sys

2008-06-26 14:31 . 2008-06-26 14:31	1269760	----a-w	c:\documents and settings\NetworkService\NTUSER.DAT.tmp

2008-06-26 14:31 . 2008-06-26 14:28	1273856	----a-w	c:\documents and settings\LocalService\NTUSER.DAT.tmp

2008-06-21 08:13 . 2006-01-20 16:25	30520	-c--a-w	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-06-20 19:22 . 2005-06-18 13:48	30520	-c--a-w	c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-02-16 20:05 . 2007-03-17 19:03	87608	-c--a-w	c:\documents and settings\Admin\Dane aplikacji\ezpinst.exe

2007-06-02 14:51 . 2007-06-02 14:51	70728	-c--a-w	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\jar50.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\jsd3250.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\myspell.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\spellchk.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\xpinstal.dll

2008-06-26 14:15 . 2008-06-26 14:15	23	--sha-w	c:\windows\system32\afecd_d.dll

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]

"TAOL Agent"="c:\windows\system32\Sys32\TAOL.exe" [2009-04-18 486912]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]


[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Gadu-Gadu\\GG.EXE"=

"e:\\eMule\\eMule\\emule.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\Gry\\Metin2.us\\Metin2.us\\metin2.bin"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"d:\\Gry\\Metin2.pl\\metin2.bin"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009


R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-26 3584]

R3 jswmidin;jswmidin; [x]

R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]

R3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\DRIVERS\hmumdm.sys [2007-03-27 88960]

R3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\YH-820.sys [2004-09-09 7552]

R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]

R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]

R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]

R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]

R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]

R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]

R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]

R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]

R3 SER120;OTI Serial port driver;c:\windows\system32\DRIVERS\SER120.sys [2005-03-22 32910]

R4 getPlus(R) Helper;getPlus(R) Helper; [x]

S1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]

S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]

S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320]

S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]

S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-08 603904]

S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\Drivers\aexpamdrv.sys [2004-09-01 21824]

S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2003-04-08 820133]



--- Inne Usługi/Sterowniki w Pamięci ---


*NewlyCreated* - TUNEUP.DEFRAG


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\LaunchU3.exe -a


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2436293b-ed4a-11dd-95f2-00e04cff5839}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

.

Zawartość folderu 'Zaplanowane zadania'


2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.gogle.pl/

uDefault_Search_URL = hxxp://ie.search.msn.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

IE: &Google Search

IE: Backward &Links

IE: Cac&hed Snapshot of Page

IE: Si&milar Pages

IE: Translate into English

Trusted Zone: com.pl\*.mks

Trusted Zone: gry.pl\www

Trusted Zone: mojegry.pl\www

Trusted Zone: www.jn.pl

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\uduy3fhp.default\

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-21 22:02

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'winlogon.exe'(940)

c:\windows\system32\Ati2evxx.dll

.

Czas ukończenia: 2009-04-21 22:05

ComboFix-quarantined-files.txt 2009-04-21 20:04


Przed: 992 903 168 bajtów wolnych

Po: 988 987 392 bajtów wolnych


WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect


166

[code]

– Dodane 21.04.2009 (Wt) 22:13 –

najwięcej użycie pamięci pobiera firefox

– Dodane 21.04.2009 (Wt) 22:25 –

http://wstaw.org/p/795c/

– Dodane 21.04.2009 (Wt) 22:28 –

i takich obrazków jest mnóstwo po ponad 1000 pare razy dziennie

Leon1 · 21 Kwiecień 2009 20:37

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

CPU - dużo pobiera Combofix

natomiast dużo pamięci zajmuje FF - to normalne

nic nie widę

slodka · 21 Kwiecień 2009 21:13

ComboFix 09-04-21.A8 - Admin 2009-04-21 23:02.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.383.50 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\CFScript.txt

AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)

FW: Zapora osobista *enabled*

 * Utworzono nowy punkt przywracania


FILE ::

c:\windows\system32\afecd_d.dll

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\windows\system32\afecd_d.dll


.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.


-------\Legacy_JSWMIDIN

-------\Service_jswmidin



((((((((((((((((((((((((( Pliki utworzone od 2009-03-21 do 2009-04-21 )))))))))))))))))))))))))))))))

.


2009-04-19 18:57 . 2009-04-19 18:57	3072	--sha-w	c:\windows\system32\Thumbs.db

2009-04-19 18:55 . 2009-04-19 18:55	354560	----a-w	c:\windows\system32\TuneUpDefragService.exe

2009-04-19 18:55 . 2008-04-04 12:51	28416	----a-w	c:\windows\system32\uxtuneup.dll

2009-04-18 07:12 . 2009-04-21 21:06	--------	d-sh--w	c:\windows\system32\Sys32


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-21 18:10 . 2008-12-12 06:19	--------	d-----w	c:\documents and settings\Admin\Dane aplikacji\Skype

2009-04-19 18:55 . 2008-06-25 14:48	--------	d-----w	c:\program files\TuneUp Utilities 2008

2009-04-19 17:14 . 2007-09-25 10:35	--------	d-----w	c:\program files\SpywareBlaster

2009-03-31 14:00 . 2001-10-26 15:15	598058	----a-w	c:\windows\system32\perfh015.dat

2009-03-31 14:00 . 2001-10-26 15:15	123660	----a-w	c:\windows\system32\perfc015.dat

2009-03-22 16:37 . 2007-02-23 19:15	--------	d-----w	c:\program files\mIRC

2009-02-26 18:56 . 2005-06-10 13:55	--------	d-----w	c:\program files\OpenOffice.org1.1.4

2009-02-25 21:10 . 2005-06-10 13:35	--------	d--h--w	c:\program files\InstallShield Installation Information

2009-02-25 21:08 . 2005-06-18 15:54	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\BVRP Software

2008-09-24 18:03 . 2007-03-17 19:03	47360	-c--a-w	c:\documents and settings\Admin\Dane aplikacji\pcouffin.sys

2008-06-26 14:31 . 2008-06-26 14:31	1269760	----a-w	c:\documents and settings\NetworkService\NTUSER.DAT.tmp

2008-06-26 14:31 . 2008-06-26 14:28	1273856	----a-w	c:\documents and settings\LocalService\NTUSER.DAT.tmp

2008-06-21 08:13 . 2006-01-20 16:25	30520	-c--a-w	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-06-20 19:22 . 2005-06-18 13:48	30520	-c--a-w	c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-02-16 20:05 . 2007-03-17 19:03	87608	-c--a-w	c:\documents and settings\Admin\Dane aplikacji\ezpinst.exe

2007-06-02 14:51 . 2007-06-02 14:51	70728	-c--a-w	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\jar50.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\jsd3250.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\myspell.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\spellchk.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\xpinstal.dll

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]

"TAOL Agent"="c:\windows\system32\Sys32\TAOL.exe" [2009-04-18 486912]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Gadu-Gadu\\GG.EXE"=

"e:\\eMule\\eMule\\emule.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\Gry\\Metin2.us\\Metin2.us\\metin2.bin"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"d:\\Gry\\Metin2.pl\\metin2.bin"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009


R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-26 3584]

R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]

R3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\DRIVERS\hmumdm.sys [2007-03-27 88960]

R3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\YH-820.sys [2004-09-09 7552]

R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]

R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]

R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]

R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]

R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]

R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]

R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]

R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]

R3 SER120;OTI Serial port driver;c:\windows\system32\DRIVERS\SER120.sys [2005-03-22 32910]

R4 getPlus(R) Helper;getPlus(R) Helper; [x]

S1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]

S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]

S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320]

S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]

S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-08 603904]

S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\Drivers\aexpamdrv.sys [2004-09-01 21824]

S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2003-04-08 820133]



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\LaunchU3.exe -a


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2436293b-ed4a-11dd-95f2-00e04cff5839}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

.

Zawartość folderu 'Zaplanowane zadania'


2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.gogle.pl/

uDefault_Search_URL = hxxp://ie.search.msn.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

IE: &Google Search

IE: Backward &Links

IE: Cac&hed Snapshot of Page

IE: Si&milar Pages

IE: Translate into English

Trusted Zone: com.pl\*.mks

Trusted Zone: gry.pl\www

Trusted Zone: mojegry.pl\www

Trusted Zone: www.jn.pl

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\uduy3fhp.default\

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-21 23:08

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'winlogon.exe'(912)

c:\windows\system32\Ati2evxx.dll


- - - - - - - > 'explorer.exe'(1656)

c:\windows\system32\Sys32\TAOL.007

c:\windows\system32\Sys32\TAOL.006

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

d:\program files\bin\btwdins.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\MsPMSPSv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Czas ukończenia: 2009-04-21 23:12 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-04-21 21:12


Przed: 987 189 248 bajtów wolnych

Po: 942 284 800 bajtów wolnych


161

[code]

ComboFix 09-04-21.A8 - Admin 2009-04-21 23:02.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.383.50 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\CFScript.txt

AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)

FW: Zapora osobista *enabled*

 * Utworzono nowy punkt przywracania


FILE ::

c:\windows\system32\afecd_d.dll

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\windows\system32\afecd_d.dll


.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.


-------\Legacy_JSWMIDIN

-------\Service_jswmidin



((((((((((((((((((((((((( Pliki utworzone od 2009-03-21 do 2009-04-21 )))))))))))))))))))))))))))))))

.


2009-04-19 18:57 . 2009-04-19 18:57	3072	--sha-w	c:\windows\system32\Thumbs.db

2009-04-19 18:55 . 2009-04-19 18:55	354560	----a-w	c:\windows\system32\TuneUpDefragService.exe

2009-04-19 18:55 . 2008-04-04 12:51	28416	----a-w	c:\windows\system32\uxtuneup.dll

2009-04-18 07:12 . 2009-04-21 21:06	--------	d-sh--w	c:\windows\system32\Sys32


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-21 18:10 . 2008-12-12 06:19	--------	d-----w	c:\documents and settings\Admin\Dane aplikacji\Skype

2009-04-19 18:55 . 2008-06-25 14:48	--------	d-----w	c:\program files\TuneUp Utilities 2008

2009-04-19 17:14 . 2007-09-25 10:35	--------	d-----w	c:\program files\SpywareBlaster

2009-03-31 14:00 . 2001-10-26 15:15	598058	----a-w	c:\windows\system32\perfh015.dat

2009-03-31 14:00 . 2001-10-26 15:15	123660	----a-w	c:\windows\system32\perfc015.dat

2009-03-22 16:37 . 2007-02-23 19:15	--------	d-----w	c:\program files\mIRC

2009-02-26 18:56 . 2005-06-10 13:55	--------	d-----w	c:\program files\OpenOffice.org1.1.4

2009-02-25 21:10 . 2005-06-10 13:35	--------	d--h--w	c:\program files\InstallShield Installation Information

2009-02-25 21:08 . 2005-06-18 15:54	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\BVRP Software

2008-09-24 18:03 . 2007-03-17 19:03	47360	-c--a-w	c:\documents and settings\Admin\Dane aplikacji\pcouffin.sys

2008-06-26 14:31 . 2008-06-26 14:31	1269760	----a-w	c:\documents and settings\NetworkService\NTUSER.DAT.tmp

2008-06-26 14:31 . 2008-06-26 14:28	1273856	----a-w	c:\documents and settings\LocalService\NTUSER.DAT.tmp

2008-06-21 08:13 . 2006-01-20 16:25	30520	-c--a-w	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-06-20 19:22 . 2005-06-18 13:48	30520	-c--a-w	c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-02-16 20:05 . 2007-03-17 19:03	87608	-c--a-w	c:\documents and settings\Admin\Dane aplikacji\ezpinst.exe

2007-06-02 14:51 . 2007-06-02 14:51	70728	-c--a-w	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\jar50.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\jsd3250.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\myspell.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\spellchk.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\xpinstal.dll

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]

"TAOL Agent"="c:\windows\system32\Sys32\TAOL.exe" [2009-04-18 486912]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Gadu-Gadu\\GG.EXE"=

"e:\\eMule\\eMule\\emule.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\Gry\\Metin2.us\\Metin2.us\\metin2.bin"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"d:\\Gry\\Metin2.pl\\metin2.bin"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009


R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-26 3584]

R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]

R3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\DRIVERS\hmumdm.sys [2007-03-27 88960]

R3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\YH-820.sys [2004-09-09 7552]

R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]

R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]

R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]

R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]

R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]

R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]

R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]

R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]

R3 SER120;OTI Serial port driver;c:\windows\system32\DRIVERS\SER120.sys [2005-03-22 32910]

R4 getPlus(R) Helper;getPlus(R) Helper; [x]

S1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]

S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]

S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320]

S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]

S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-08 603904]

S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\Drivers\aexpamdrv.sys [2004-09-01 21824]

S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2003-04-08 820133]



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\LaunchU3.exe -a


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2436293b-ed4a-11dd-95f2-00e04cff5839}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

.

Zawartość folderu 'Zaplanowane zadania'


2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.gogle.pl/

uDefault_Search_URL = hxxp://ie.search.msn.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

IE: &Google Search

IE: Backward &Links

IE: Cac&hed Snapshot of Page

IE: Si&milar Pages

IE: Translate into English

Trusted Zone: com.pl\*.mks

Trusted Zone: gry.pl\www

Trusted Zone: mojegry.pl\www

Trusted Zone: www.jn.pl

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\uduy3fhp.default\

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-21 23:08

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'winlogon.exe'(912)

c:\windows\system32\Ati2evxx.dll


- - - - - - - > 'explorer.exe'(1656)

c:\windows\system32\Sys32\TAOL.007

c:\windows\system32\Sys32\TAOL.006

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

d:\program files\bin\btwdins.exe

c:\windows\system32\wdfmgr.exe

c:\windows\system32\MsPMSPSv.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Czas ukończenia: 2009-04-21 23:12 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-04-21 21:12


Przed: 987 189 248 bajtów wolnych

Po: 942 284 800 bajtów wolnych


161

– Dodane 21.04.2009 (Wt) 23:25 – to spowolnione działanie komputera(przechodzenie z jednej zakładki na drugą to trzeba czasem czekać około 1 minuty) i robienie mnóstwo screenów to chyba nie jest normalne działanie komputera? I wogóle pisanie na tym komputerze graniczy z cudem i gdzie go boli??? – Dodane 22.04.2009 (Śr) 9:52 – nic to nie pomogło dalej wariuje wiesza sie robi screeny tyle ze dziś zrobił sobie z wczorajszego dnia:))))) – Dodane 22.04.2009 (Śr) 9:54 – pomocy plis – Dodane 22.04.2009 (Śr) 11:10 – -- Dodane 22.04.2009 (Śr) 13:16 – pomoze mi ktos z tym logiem???

Leon1 · 22 Kwiecień 2009 13:33

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

slodka · 22 Kwiecień 2009 13:57

ComboFix 09-04-22.A23 - Admin 2009-04-22 15:48.6 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.383.48 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\CFScript.txt

AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)

FW: Zapora osobista *enabled*

 * Utworzono nowy punkt przywracania

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\windows\system32\Sys32

c:\windows\system32\Sys32\AKV.exe

c:\windows\system32\Sys32\Apr_18_2009__09_13_10.jpg

c:\windows\system32\Sys32\TAOL.001

c:\windows\system32\Sys32\TAOL.002

c:\windows\system32\Sys32\TAOL.006

c:\windows\system32\Sys32\TAOL.007

c:\windows\system32\Sys32\TAOL.009

c:\windows\system32\Sys32\TAOL.009.tmp

c:\windows\system32\Sys32\TAOL.exe

c:\windows\system32\Sys32\VAKK.001

c:\windows\system32\Sys32\VAKK.002

c:\windows\system32\Sys32\VAKK.006

c:\windows\system32\Sys32\VAKK.007

c:\windows\system32\Sys32\VAKK.009

c:\windows\system32\Sys32\VAKK.009.tmp

c:\windows\system32\Sys32\VAKK.exe


.

((((((((((((((((((((((((( Pliki utworzone od 2009-03-22 do 2009-04-22 )))))))))))))))))))))))))))))))

.


2009-04-22 12:58 . 2009-04-22 12:58	228600	----a-w	C:\Apr_22_2009__14_42_37.jpg

2009-04-22 12:57 . 2009-04-22 12:57	230687	----a-w	C:\Apr_22_2009__14_28_56.jpg

2009-04-22 12:56 . 2009-04-22 12:56	177736	----a-w	C:\Apr_22_2009__14_19_42.jpg

2009-04-22 12:55 . 2009-04-22 12:55	272555	----a-w	C:\Apr_22_2009__14_12_02.jpg

2009-04-22 12:54 . 2009-04-22 12:54	230069	----a-w	C:\Apr_22_2009__13_59_27.jpg

2009-04-22 12:53 . 2009-04-22 12:53	307242	----a-w	C:\Apr_22_2009__13_53_21.jpg

2009-04-22 12:53 . 2009-04-22 12:53	305509	----a-w	C:\Apr_22_2009__13_53_16.jpg

2009-04-22 12:53 . 2009-04-22 12:53	304578	----a-w	C:\Apr_22_2009__13_53_10.jpg

2009-04-22 12:51 . 2009-04-22 12:51	238829	----a-w	C:\Apr_22_2009__13_43_26.jpg

2009-04-22 12:50 . 2009-04-22 12:50	303382	----a-w	C:\Apr_22_2009__13_36_39.jpg

2009-04-22 12:49 . 2009-04-22 12:49	244929	----a-w	C:\Apr_22_2009__13_24_14.jpg

2009-04-22 12:48 . 2009-04-22 12:48	145497	----a-w	C:\Apr_22_2009__13_11_18.jpg

2009-04-22 12:47 . 2009-04-22 12:47	15394	----a-w	C:\Keys_Apr_22_2009__14_47.html

2009-04-22 11:00 . 2009-04-22 11:00	310651	----a-w	C:\Apr_22_2009__12_30_24.jpg

2009-04-22 10:59 . 2009-04-22 10:59	414615	----a-w	C:\Apr_22_2009__12_13_07.jpg

2009-04-22 10:58 . 2009-04-22 10:58	185954	----a-w	C:\Apr_22_2009__11_59_28.jpg

2009-04-22 10:57 . 2009-04-22 10:57	248258	----a-w	C:\Apr_22_2009__11_46_34.jpg

2009-04-22 10:56 . 2009-04-22 10:56	183462	----a-w	C:\Apr_22_2009__11_37_47.jpg

2009-04-22 09:35 . 2009-04-22 09:35	183477	----a-w	C:\Apr_22_2009__11_33_20.jpg

2009-04-22 09:34 . 2009-04-22 09:34	201306	----a-w	C:\Apr_22_2009__11_09_04.jpg

2009-04-22 09:33 . 2009-04-22 09:33	201247	----a-w	C:\Apr_22_2009__10_51_05.jpg

2009-04-22 08:41 . 2009-04-22 08:41	219159	----a-w	C:\Apr_22_2009__10_36_22.jpg

2009-04-22 08:41 . 2009-04-22 08:41	267907	----a-w	C:\Apr_22_2009__10_30_55.jpg

2009-04-22 08:41 . 2009-04-22 08:41	237618	----a-w	C:\Apr_22_2009__10_30_50.jpg

2009-04-22 08:41 . 2009-04-22 08:41	191128	----a-w	C:\Apr_22_2009__10_30_44.jpg

2009-04-22 08:41 . 2009-04-22 08:41	183601	----a-w	C:\Apr_22_2009__10_30_37.jpg

2009-04-22 08:41 . 2009-04-22 08:41	155412	----a-w	C:\Apr_22_2009__10_30_32.jpg

2009-04-22 08:41 . 2009-04-22 08:41	314127	----a-w	C:\Apr_22_2009__10_30_21.jpg

2009-04-22 08:41 . 2009-04-22 08:41	283568	----a-w	C:\Apr_22_2009__10_30_26.jpg

2009-04-22 08:41 . 2009-04-22 08:41	265895	----a-w	C:\Apr_22_2009__10_30_15.jpg

2009-04-22 08:41 . 2009-04-22 08:41	318333	----a-w	C:\Apr_22_2009__10_30_09.jpg

2009-04-22 08:39 . 2009-04-22 08:39	315991	----a-w	C:\Apr_22_2009__10_19_23.jpg

2009-04-22 08:38 . 2009-04-22 08:38	278858	----a-w	C:\Apr_22_2009__10_08_39.jpg

2009-04-22 08:37 . 2009-04-22 08:37	249483	----a-w	C:\Apr_22_2009__09_55_39.jpg

2009-04-22 08:36 . 2009-04-22 08:36	214263	----a-w	C:\Apr_22_2009__09_39_11.jpg

2009-04-22 07:48 . 2009-04-22 07:48	--------	d-----w	c:\documents and settings\Admin\Dane aplikacji\Malwarebytes

2009-04-22 07:47 . 2009-04-06 13:32	15504	----a-w	c:\windows\system32\drivers\mbam.sys

2009-04-22 07:47 . 2009-04-06 13:32	38496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-22 07:47 . 2009-04-22 07:47	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes

2009-04-22 07:29 . 2009-04-22 07:29	193517	----a-w	C:\Apr_22_2009__09_17_26.jpg

2009-04-22 07:28 . 2009-04-22 07:28	212525	----a-w	C:\Apr_22_2009__09_07_32.jpg

2009-04-22 07:27 . 2009-04-22 07:27	235260	----a-w	C:\Apr_21_2009__23_20_49.jpg

2009-04-22 07:26 . 2009-04-22 07:26	263563	----a-w	C:\Apr_21_2009__22_50_53.jpg

2009-04-22 07:25 . 2009-04-22 07:25	257464	----a-w	C:\Apr_21_2009__22_37_02.jpg

2009-04-22 07:24 . 2009-04-22 07:24	171283	----a-w	C:\Apr_21_2009__22_24_52.jpg

2009-04-22 07:23 . 2009-04-22 07:23	205721	----a-w	C:\Apr_21_2009__22_12_01.jpg

2009-04-19 18:57 . 2009-04-19 18:57	3072	--sha-w	c:\windows\system32\Thumbs.db

2009-04-19 18:55 . 2009-04-19 18:55	354560	----a-w	c:\windows\system32\TuneUpDefragService.exe

2009-04-19 18:55 . 2008-04-04 12:51	28416	----a-w	c:\windows\system32\uxtuneup.dll


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-22 12:58 . 2009-04-22 12:58	228589	----a-w	C:\Apr_22_2009__14_42_32.jpg

2009-04-22 12:57 . 2009-04-22 12:57	230687	----a-w	C:\Apr_22_2009__14_28_51.jpg

2009-04-22 12:56 . 2009-04-22 12:56	177716	----a-w	C:\Apr_22_2009__14_19_36.jpg

2009-04-22 12:55 . 2009-04-22 12:55	299470	----a-w	C:\Apr_22_2009__14_11_55.jpg

2009-04-22 12:54 . 2009-04-22 12:54	228152	----a-w	C:\Apr_22_2009__13_59_21.jpg

2009-04-22 12:52 . 2009-04-22 12:52	304623	----a-w	C:\Apr_22_2009__13_53_05.jpg

2009-04-22 12:51 . 2009-04-22 12:51	238644	----a-w	C:\Apr_22_2009__13_43_34.jpg

2009-04-22 12:50 . 2009-04-22 12:50	332499	----a-w	C:\Apr_22_2009__13_36_33.jpg

2009-04-22 12:49 . 2009-04-22 12:49	244649	----a-w	C:\Apr_22_2009__13_24_19.jpg

2009-04-22 12:48 . 2009-04-22 12:48	145354	----a-w	C:\Apr_22_2009__13_11_23.jpg

2009-04-22 11:01 . 2009-04-22 11:01	105595	----a-w	C:\Apr_22_2009__12_56_46.jpg

2009-04-22 11:00 . 2009-04-22 11:00	307577	----a-w	C:\Apr_22_2009__12_30_17.jpg

2009-04-22 10:59 . 2009-04-22 10:59	370732	----a-w	C:\Apr_22_2009__12_13_01.jpg

2009-04-22 10:58 . 2009-04-22 10:58	138180	----a-w	C:\Apr_22_2009__11_59_33.jpg

2009-04-22 10:57 . 2009-04-22 10:57	232572	----a-w	C:\Apr_22_2009__11_46_40.jpg

2009-04-22 10:56 . 2009-04-22 10:56	183462	----a-w	C:\Apr_22_2009__11_37_42.jpg

2009-04-22 09:35 . 2009-04-22 09:35	183477	----a-w	C:\Apr_22_2009__11_33_15.jpg

2009-04-22 09:34 . 2009-04-22 09:34	199393	----a-w	C:\Apr_22_2009__11_08_59.jpg

2009-04-22 09:33 . 2009-04-22 09:33	198468	----a-w	C:\Apr_22_2009__10_51_00.jpg

2009-04-22 08:40 . 2009-04-22 08:40	319398	----a-w	C:\Apr_22_2009__10_30_03.jpg

2009-04-22 08:39 . 2009-04-22 08:39	315991	----a-w	C:\Apr_22_2009__10_19_17.jpg

2009-04-22 08:38 . 2009-04-22 08:38	278858	----a-w	C:\Apr_22_2009__10_08_34.jpg

2009-04-22 08:37 . 2009-04-22 08:37	249483	----a-w	C:\Apr_22_2009__09_55_33.jpg

2009-04-22 08:36 . 2009-04-22 08:36	173427	----a-w	C:\Apr_22_2009__09_39_16.jpg

2009-04-22 07:30 . 2009-04-22 07:30	208048	----a-w	C:\Apr_22_2009__09_23_01.jpg

2009-04-22 07:29 . 2009-04-22 07:29	193516	----a-w	C:\Apr_22_2009__09_17_32.jpg

2009-04-22 07:28 . 2009-04-22 07:28	213511	----a-w	C:\Apr_22_2009__09_07_27.jpg

2009-04-22 07:27 . 2009-04-22 07:27	232466	----a-w	C:\Apr_21_2009__23_20_43.jpg

2009-04-22 07:26 . 2009-04-22 07:26	257955	----a-w	C:\Apr_21_2009__22_50_59.jpg

2009-04-22 07:25 . 2009-04-22 07:25	247397	----a-w	C:\Apr_21_2009__22_36_56.jpg

2009-04-22 07:24 . 2009-04-22 07:24	216367	----a-w	C:\Apr_21_2009__22_24_47.jpg

2009-04-22 07:23 . 2009-04-22 07:23	211589	----a-w	C:\Apr_21_2009__22_11_54.jpg

2009-04-21 18:10 . 2008-12-12 06:19	--------	d-----w	c:\documents and settings\Admin\Dane aplikacji\Skype

2009-04-19 18:55 . 2008-06-25 14:48	--------	d-----w	c:\program files\TuneUp Utilities 2008

2009-04-19 17:14 . 2007-09-25 10:35	--------	d-----w	c:\program files\SpywareBlaster

2009-03-31 14:00 . 2001-10-26 15:15	598058	----a-w	c:\windows\system32\perfh015.dat

2009-03-31 14:00 . 2001-10-26 15:15	123660	----a-w	c:\windows\system32\perfc015.dat

2009-03-22 16:37 . 2007-02-23 19:15	--------	d-----w	c:\program files\mIRC

2009-02-26 18:56 . 2005-06-10 13:55	--------	d-----w	c:\program files\OpenOffice.org1.1.4

2009-02-25 21:10 . 2005-06-10 13:35	--------	d--h--w	c:\program files\InstallShield Installation Information

2009-02-25 21:08 . 2005-06-18 15:54	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\BVRP Software

2008-09-24 18:03 . 2007-03-17 19:03	47360	-c--a-w	c:\documents and settings\Admin\Dane aplikacji\pcouffin.sys

2008-06-26 14:31 . 2008-06-26 14:31	1269760	----a-w	c:\documents and settings\NetworkService\NTUSER.DAT.tmp

2008-06-26 14:31 . 2008-06-26 14:28	1273856	----a-w	c:\documents and settings\LocalService\NTUSER.DAT.tmp

2008-06-21 08:13 . 2006-01-20 16:25	30520	-c--a-w	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-06-20 19:22 . 2005-06-18 13:48	30520	-c--a-w	c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-02-16 20:05 . 2007-03-17 19:03	87608	-c--a-w	c:\documents and settings\Admin\Dane aplikacji\ezpinst.exe

2007-06-02 14:51 . 2007-06-02 14:51	70728	-c--a-w	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\jar50.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\jsd3250.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\myspell.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\spellchk.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\xpinstal.dll

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Gadu-Gadu\\GG.EXE"=

"e:\\eMule\\eMule\\emule.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\Gry\\Metin2.us\\Metin2.us\\metin2.bin"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"d:\\Gry\\Metin2.pl\\metin2.bin"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009


R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-26 3584]

R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]

R3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\DRIVERS\hmumdm.sys [2007-03-27 88960]

R3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\YH-820.sys [2004-09-09 7552]

R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]

R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]

R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]

R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]

R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]

R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]

R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]

R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]

R3 SER120;OTI Serial port driver;c:\windows\system32\DRIVERS\SER120.sys [2005-03-22 32910]

R4 getPlus(R) Helper;getPlus(R) Helper; [x]

S1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]

S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]

S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320]

S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]

S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-08 603904]

S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\Drivers\aexpamdrv.sys [2004-09-01 21824]

S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2003-04-08 820133]



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\LaunchU3.exe -a


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2436293b-ed4a-11dd-95f2-00e04cff5839}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

.

Zawartość folderu 'Zaplanowane zadania'


2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.gogle.pl/

uDefault_Search_URL = hxxp://ie.search.msn.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

IE: &Google Search

IE: Backward &Links

IE: Cac&hed Snapshot of Page

IE: Si&milar Pages

IE: Translate into English

Trusted Zone: com.pl\*.mks

Trusted Zone: gry.pl\www

Trusted Zone: mojegry.pl\www

Trusted Zone: www.jn.pl

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\uduy3fhp.default\

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-22 15:52

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'winlogon.exe'(912)

c:\windows\system32\Ati2evxx.dll

.

Czas ukończenia: 2009-04-22 15:55

ComboFix-quarantined-files.txt 2009-04-22 13:54

ComboFix2.txt 2009-04-21 21:12


Przed: 240 816 128 bajtów wolnych

Po: 228 130 816 bajtów wolnych


232

[code]

Leon1 · 22 Kwiecień 2009 14:22

Otwórz notatnik i wklej

File:: C:\Apr_22_2009__14_42_37.jpg C:\Apr_22_2009__14_28_56.jpg C:\Apr_22_2009__14_19_42.jpg C:\Apr_22_2009__14_12_02.jpg C:\Apr_22_2009__13_59_27.jpg C:\Apr_22_2009__13_53_21.jpg C:\Apr_22_2009__13_53_16.jpg C:\Apr_22_2009__13_53_10.jpg C:\Apr_22_2009__13_43_26.jpg C:\Apr_22_2009__13_36_39.jpg C:\Apr_22_2009__13_24_14.jpg C:\Apr_22_2009__13_11_18.jpg C:\Keys_Apr_22_2009__14_47.html C:\Apr_22_2009__12_30_24.jpg C:\Apr_22_2009__12_13_07.jpg C:\Apr_22_2009__11_59_28.jpg C:\Apr_22_2009__11_46_34.jpg C:\Apr_22_2009__11_37_47.jpg C:\Apr_22_2009__11_33_20.jpg C:\Apr_22_2009__11_09_04.jpg C:\Apr_22_2009__10_51_05.jpg C:\Apr_22_2009__10_36_22.jpg C:\Apr_22_2009__10_30_55.jpg C:\Apr_22_2009__10_30_50.jpg C:\Apr_22_2009__10_30_44.jpg C:\Apr_22_2009__10_30_37.jpg C:\Apr_22_2009__10_30_32.jpg C:\Apr_22_2009__10_30_21.jpg C:\Apr_22_2009__10_30_26.jpg C:\Apr_22_2009__10_30_15.jpg C:\Apr_22_2009__10_30_09.jpg C:\Apr_22_2009__10_19_23.jpg C:\Apr_22_2009__10_08_39.jpg C:\Apr_22_2009__09_55_39.jpg C:\Apr_22_2009__09_39_11.jpg C:\Apr_22_2009__09_17_26.jpg C:\Apr_22_2009__09_07_32.jpg C:\Apr_21_2009__23_20_49.jpg C:\Apr_21_2009__22_50_53.jpg C:\Apr_21_2009__22_37_02.jpg C:\Apr_21_2009__22_24_52.jpg C:\Apr_21_2009__22_12_01.jpg C:\Apr_22_2009__14_42_32.jpg C:\Apr_22_2009__14_28_51.jpg C:\Apr_22_2009__14_19_36.jpg C:\Apr_22_2009__14_11_55.jpg C:\Apr_22_2009__13_59_21.jpg C:\Apr_22_2009__13_53_05.jpg C:\Apr_22_2009__13_43_34.jpg C:\Apr_22_2009__13_36_33.jpg C:\Apr_22_2009__13_24_19.jpg C:\Apr_22_2009__13_11_23.jpg C:\Apr_22_2009__12_56_46.jpg C:\Apr_22_2009__12_30_17.jpg C:\Apr_22_2009__12_13_01.jpg C:\Apr_22_2009__11_59_33.jpg C:\Apr_22_2009__11_46_40.jpg C:\Apr_22_2009__11_37_42.jpg C:\Apr_22_2009__11_33_15.jpg C:\Apr_22_2009__11_08_59.jpg C:\Apr_22_2009__10_51_00.jpg C:\Apr_22_2009__10_30_03.jpg C:\Apr_22_2009__10_19_17.jpg C:\Apr_22_2009__10_08_34.jpg C:\Apr_22_2009__09_55_33.jpg C:\Apr_22_2009__09_39_16.jpg C:\Apr_22_2009__09_23_01.jpg C:\Apr_22_2009__09_17_32.jpg C:\Apr_22_2009__09_07_27.jpg C:\Apr_21_2009__23_20_43.jpg C:\Apr_21_2009__22_50_59.jpg C:\Apr_21_2009__22_36_56.jpg C:\Apr_21_2009__22_24_47.jpg C:\Apr_21_2009__22_11_54.jpg

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

Pobierz HijackThis viewtopic.php?f=16&t=36654 przeskanuj system daj log

slodka · 22 Kwiecień 2009 14:37

ComboFix 09-04-22.A23 - Admin 2009-04-22 16:30.7 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.383.73 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\CFScript.txt

AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)

FW: Zapora osobista *enabled*

 * Utworzono nowy punkt przywracania


FILE ::

C:\Apr_21_2009__22_11_54.jp

C:\Apr_21_2009__22_12_01.jpg

C:\Apr_21_2009__22_24_47.jpg

C:\Apr_21_2009__22_24_52.jpg

C:\Apr_21_2009__22_36_56.jpg

C:\Apr_21_2009__22_37_02.jpg

C:\Apr_21_2009__22_50_53.jpg

C:\Apr_21_2009__22_50_59.jpg

C:\Apr_21_2009__23_20_43.jpg

C:\Apr_21_2009__23_20_49.jpg

C:\Apr_22_2009__09_07_27.jpg

C:\Apr_22_2009__09_07_32.jpg

C:\Apr_22_2009__09_17_26.jpg

C:\Apr_22_2009__09_17_32.jpg

C:\Apr_22_2009__09_23_01.jpg

C:\Apr_22_2009__09_39_11.jpg

C:\Apr_22_2009__09_39_16.jpg

C:\Apr_22_2009__09_55_33.jpg

C:\Apr_22_2009__09_55_39.jpg

C:\Apr_22_2009__10_08_34.jpg

C:\Apr_22_2009__10_08_39.jpg

C:\Apr_22_2009__10_19_17.jpg

C:\Apr_22_2009__10_19_23.jpg

C:\Apr_22_2009__10_30_03.jpg

C:\Apr_22_2009__10_30_09.jpg

C:\Apr_22_2009__10_30_15.jpg

C:\Apr_22_2009__10_30_21.jpg

C:\Apr_22_2009__10_30_26.jpg

C:\Apr_22_2009__10_30_32.jpg

C:\Apr_22_2009__10_30_37.jpg

C:\Apr_22_2009__10_30_44.jpg

C:\Apr_22_2009__10_30_50.jpg

C:\Apr_22_2009__10_30_55.jpg

C:\Apr_22_2009__10_36_22.jpg

C:\Apr_22_2009__10_51_00.jpg

C:\Apr_22_2009__10_51_05.jpg

C:\Apr_22_2009__11_08_59.jpg

C:\Apr_22_2009__11_09_04.jpg

C:\Apr_22_2009__11_33_15.jpg

C:\Apr_22_2009__11_33_20.jpg

C:\Apr_22_2009__11_37_42.jpg

C:\Apr_22_2009__11_37_47.jpg

C:\Apr_22_2009__11_46_34.jpg

C:\Apr_22_2009__11_46_40.jpg

C:\Apr_22_2009__11_59_28.jpg

C:\Apr_22_2009__11_59_33.jpg

C:\Apr_22_2009__12_13_01.jpg

C:\Apr_22_2009__12_13_07.jpg

C:\Apr_22_2009__12_30_17.jpg

C:\Apr_22_2009__12_30_24.jpg

C:\Apr_22_2009__12_56_46.jpg

C:\Apr_22_2009__13_11_18.jpg

C:\Apr_22_2009__13_11_23.jpg

C:\Apr_22_2009__13_24_14.jpg

C:\Apr_22_2009__13_24_19.jpg

C:\Apr_22_2009__13_36_33.jpg

C:\Apr_22_2009__13_36_39.jpg

C:\Apr_22_2009__13_43_26.jpg

C:\Apr_22_2009__13_43_34.jpg

C:\Apr_22_2009__13_53_05.jpg

C:\Apr_22_2009__13_53_10.jpg

C:\Apr_22_2009__13_53_16.jpg

C:\Apr_22_2009__13_53_21.jpg

C:\Apr_22_2009__13_59_21.jpg

C:\Apr_22_2009__13_59_27.jpg

C:\Apr_22_2009__14_11_55.jpg

C:\Apr_22_2009__14_12_02.jpg

C:\Apr_22_2009__14_19_36.jpg

C:\Apr_22_2009__14_19_42.jpg

C:\Apr_22_2009__14_28_51.jpg

C:\Apr_22_2009__14_28_56.jpg

C:\Apr_22_2009__14_42_32.jpg

C:\Apr_22_2009__14_42_37.jpg

C:\Keys_Apr_22_2009__14_47.html

.


((((((((((((((((((((((((( Pliki utworzone od 2009-03-22 do 2009-04-22 )))))))))))))))))))))))))))))))

.


2009-04-22 07:48 . 2009-04-22 07:48	--------	d-----w	c:\documents and settings\Admin\Dane aplikacji\Malwarebytes

2009-04-22 07:47 . 2009-04-06 13:32	15504	----a-w	c:\windows\system32\drivers\mbam.sys

2009-04-22 07:47 . 2009-04-06 13:32	38496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys

2009-04-22 07:47 . 2009-04-22 07:47	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes

2009-04-19 18:57 . 2009-04-19 18:57	3072	--sha-w	c:\windows\system32\Thumbs.db

2009-04-19 18:55 . 2009-04-19 18:55	354560	----a-w	c:\windows\system32\TuneUpDefragService.exe

2009-04-19 18:55 . 2008-04-04 12:51	28416	----a-w	c:\windows\system32\uxtuneup.dll


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-04-21 18:10 . 2008-12-12 06:19	--------	d-----w	c:\documents and settings\Admin\Dane aplikacji\Skype

2009-04-19 18:55 . 2008-06-25 14:48	--------	d-----w	c:\program files\TuneUp Utilities 2008

2009-04-19 17:14 . 2007-09-25 10:35	--------	d-----w	c:\program files\SpywareBlaster

2009-03-31 14:00 . 2001-10-26 15:15	598058	----a-w	c:\windows\system32\perfh015.dat

2009-03-31 14:00 . 2001-10-26 15:15	123660	----a-w	c:\windows\system32\perfc015.dat

2009-03-22 16:37 . 2007-02-23 19:15	--------	d-----w	c:\program files\mIRC

2009-02-26 18:56 . 2005-06-10 13:55	--------	d-----w	c:\program files\OpenOffice.org1.1.4

2009-02-25 21:10 . 2005-06-10 13:35	--------	d--h--w	c:\program files\InstallShield Installation Information

2009-02-25 21:08 . 2005-06-18 15:54	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\BVRP Software

2008-09-24 18:03 . 2007-03-17 19:03	47360	-c--a-w	c:\documents and settings\Admin\Dane aplikacji\pcouffin.sys

2008-06-26 14:31 . 2008-06-26 14:31	1269760	----a-w	c:\documents and settings\NetworkService\NTUSER.DAT.tmp

2008-06-26 14:31 . 2008-06-26 14:28	1273856	----a-w	c:\documents and settings\LocalService\NTUSER.DAT.tmp

2008-06-21 08:13 . 2006-01-20 16:25	30520	-c--a-w	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-06-20 19:22 . 2005-06-18 13:48	30520	-c--a-w	c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2008-02-16 20:05 . 2007-03-17 19:03	87608	-c--a-w	c:\documents and settings\Admin\Dane aplikacji\ezpinst.exe

2007-06-02 14:51 . 2007-06-02 14:51	70728	-c--a-w	c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\jar50.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\jsd3250.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\myspell.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\spellchk.dll

2008-12-19 18:2007-06-11 14:12 39:32 .	c:\program files\mozilla firefox\components\xpinstal.dll

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Gadu-Gadu\\GG.EXE"=

"e:\\eMule\\eMule\\emule.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"d:\\Gry\\Metin2.us\\Metin2.us\\metin2.bin"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"d:\\Gry\\Metin2.pl\\metin2.bin"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009


R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-26 3584]

R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]

R3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\DRIVERS\hmumdm.sys [2007-03-27 88960]

R3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\YH-820.sys [2004-09-09 7552]

R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]

R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]

R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]

R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]

R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]

R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]

R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]

R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]

R3 SER120;OTI Serial port driver;c:\windows\system32\DRIVERS\SER120.sys [2005-03-22 32910]

R4 getPlus(R) Helper;getPlus(R) Helper; [x]

S1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]

S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]

S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320]

S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]

S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-08 603904]

S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\Drivers\aexpamdrv.sys [2004-09-01 21824]

S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2003-04-08 820133]



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

\Shell\AutoRun\command - H:\LaunchU3.exe -a


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2436293b-ed4a-11dd-95f2-00e04cff5839}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

.

Zawartość folderu 'Zaplanowane zadania'


2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.gogle.pl/

uDefault_Search_URL = hxxp://ie.search.msn.com

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

IE: &Google Search

IE: Backward &Links

IE: Cac&hed Snapshot of Page

IE: Si&milar Pages

IE: Translate into English

Trusted Zone: com.pl\*.mks

Trusted Zone: gry.pl\www

Trusted Zone: mojegry.pl\www

Trusted Zone: www.jn.pl

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\uduy3fhp.default\

FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-04-22 16:33

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'winlogon.exe'(912)

c:\windows\system32\Ati2evxx.dll

.

Czas ukończenia: 2009-04-22 16:36

ComboFix-quarantined-files.txt 2009-04-22 14:36

ComboFix2.txt 2009-04-22 13:55

ComboFix3.txt 2009-04-21 21:12


Przed: 1 005 535 232 bajtów wolnych

Po: 994 828 288 bajtów wolnych


214

[code]

Leon1 · 22 Kwiecień 2009 15:01

Log wygląda na czysty

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i … 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html gdy będą wirusy pokaż raport

slodka · 22 Kwiecień 2009 15:01

Logfile of HijackThis v1.99.1

Scan saved at 16:59:49, on 2009-04-22

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

D:\Program Files\bin\btwdins.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Admin\Moje dokumenty\Odebrane pliki\progamy\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogle.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66024

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O15 - Trusted Zone: http://*.mks.com.pl

O15 - Trusted Zone: www.gry.pl

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\bin\btwdins.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe


[code]

niezDarek · 22 Kwiecień 2009 15:03

log HijackThis czysty

Leon1 · 22 Kwiecień 2009 15:04

log czysty zrób co zaleciłem poprzednio