Oto logi:
ComboFix 10-07-09.02 - Golima1 2010-07-11 12:24:45.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1023.756 [GMT 2:00]
Uruchomiony z: J:\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and
settings\Golima1\Dane aplikacji\avdrn.dat
c:\documents and settings\Golima1\Menu Start\Programy\Autostart\siszpe32.exe
c:\windows\OPTIONS\CABS\_desktop.ini
d:\muzyka\PO FORMACIE\01 SKŁADANKI\001 RMF FM\VA-To_Jest_Maxxx_The_Best_Of_RMF_Maxxx_Vol.6-2CD-2009-BFHMP3\kzklogo\Desktop_.ini
.
((((((((((((((((((((((((( Pliki utworzone od 2010-06-11 do 2010-07-11 )))))))))))))))))))))))))))))))
.
2010-07-11 10:36 . 2010-07-11 10:36 -------- d-----w- c:\windows\system32\xircom
2010-07-11 10:36 . 2010-07-11 10:36 -------- d-----w- c:\windows\system32\wbem\snmp
2010-07-11 10:36 . 2010-07-11 10:36 -------- d-----w- c:\program files\microsoft frontpage
2010-07-10 14:25 . 2010-07-11 10:37 540672 ----a-w- c:\windows\system32\drivers\jsrhg.sys
2010-07-03 14:21 . 2010-07-03 14:21 -------- d-----w- c:\program files\Lavalys
2010-06-30 11:24 . 1998-11-26 17:00 497664 ------w- c:\windows\system32\1602Unst.exe
2010-06-29 20:50 . 2010-06-29 20:50 -------- d-----w- c:\program files\Sierra On-Line
2010-06-29 20:50 . 2010-06-29 20:50 -------- d-----w- C:\Impressions Games
2010-06-24 19:17 . 2010-06-24 19:17 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-24 19:06 . 2010-07-05 10:31 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Lavasoft
2010-06-15 15:43 . 2010-06-15 15:43 54272 ----a-w- c:\documents and settings\Golima1\Dane aplikacji\GanymedeNet\Online Games\Common\ielauncher.exe
2010-06-15 15:43 . 2010-06-15 15:43 4 ----a-w- c:\windows\system32\proc625010911.bin
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 10:35 . 2009-11-14 10:07 532112 ----a-w- c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2010-07-10 14:50 . 2009-10-22 17:00 -------- d-----w- c:\program files\SpeedFan
2010-07-10 14:25 . 2010-06-23 12:45 16 ----a-w- c:\documents and settings\NetworkService\Dane aplikacji\qcopjv.dat
2010-07-07 16:57 . 2010-01-10 14:56 -------- d-----w- c:\documents and settings\Golima1\Dane aplikacji\BESTplayer
2010-06-30 08:57 . 2009-10-22 16:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-25 12:46 . 2010-01-30 12:02 -------- d-----w- c:\documents and settings\Golima1\Dane aplikacji\Skype
2010-06-22 21:15 . 2010-06-22 21:15 8 ----a-w- c:\documents and settings\Golima1\Dane aplikacji\qcopjv.dat
2010-06-17 14:02 . 2010-01-01 20:45 -------- d-----w- c:\documents and settings\Golima1\Dane aplikacji\Gadu-Gadu 10
2010-06-15 15:43 . 2009-12-15 21:04 -------- d-----w- c:\documents and settings\Golima1\Dane aplikacji\GanymedeNet
2010-06-11 17:50 . 2010-02-24 20:13 -------- d-----w- c:\documents and settings\Golima1\Dane aplikacji\Ventrilo
2010-06-10 11:52 . 2009-11-04 16:24 -------- d-----w- c:\documents and settings\Golima1\Dane aplikacji\BitTorrent
2010-06-07 16:01 . 2009-11-04 16:24 -------- d-----w- c:\program files\Ask.com
2010-06-07 11:59 . 2010-06-07 11:59 2944904 ----a-w- c:\documents and settings\Golima1\Dane aplikacji\Mozilla\Firefox\Profiles\kja8u8zl.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-05-19 13:30 . 2009-10-22 17:30 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2010-05-17 18:16 . 2010-05-17 18:16 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NVIDIA
2010-05-15 11:49 . 2010-01-31 16:45 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10
2010-05-15 11:49 . 2010-01-01 20:45 -------- d-----w- c:\program files\Gadu-Gadu 10
2010-05-04 14:05 . 2010-05-04 14:05 42080 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\ggbho.2.dll
2010-05-04 14:05 . 2010-05-04 14:05 11776 ----a-w- c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2009-11-16 163144]
"Gadu-Gadu 10"="c:\program files\Gadu-Gadu 10\gg.exe" [2010-05-04 11981408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\program files\XpertVision\TBPanel.exe" [2006-08-02 2146304]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 16143872]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\Golima1\Menu Start\Programy\Autostart\
CurseClientStartup.ccip [2010-1-30 0]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Wireless Utility.lnk - c:\program files\EDIMAX\Common\RaUI.exe [2010-1-30 716800]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2009-06-04 20:56 869888 ----a-w- c:\program files\ALLPlayer\ALLUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-07-27 02:37 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
2005-11-23 02:12 1060864 ----a-r- c:\program files\VIA\RAID\raid_tool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\WINDOWS\\system32\\services.exe"=
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-11-22 136704]
--- Inne Usługi/Sterowniki w Pamięci ---
*Deregistered* - jsrhg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Zawartość folderu 'Zaplanowane zadania'
2010-07-11 c:\windows\Tasks\Konserwacja 1 kliknięciem.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 16:49]
2010-07-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.ask.com?o=14978&l=dis
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {8EADA1B6-C447-49B1-9096-3C01EF43E6C1} = 217.30.129.149 217.30.137.200
FF - ProfilePath - c:\documents and settings\Golima1\Dane aplikacji\Mozilla\Firefox\Profiles\kja8u8zl.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT3&o=14979&locale=en_US&apn_uid=316D992F-EEE0-4CBF-8598-14B9929CBA4C&apn_ptnrs=J7&apn_sauid=7D23DF43-11D9-49A3-B285-91137060511C&apn_dtid=&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - USUNIĘTO PUSTE WPISY - - - -
AddRemove-Frets on Fire - d:\frets on fire\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-11 12:37
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\jsrhg]
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-789336058-1580436667-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RunDLL32.exe
c:\windows\RTHDCPL.EXE
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
.
**************************************************************************
.
Czas ukończenia: 2010-07-11 12:39:27 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2010-07-11 10:39
Przed: 775*016*448 bajtów wolnych
Po: 2*555*129*856 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=RVYAB0 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=RVYAB0-BAK
- - End Of File - - C9F56519DAD9DF17C6710CC8BEDBD15C
Mam internet 8mb, a chodzi jakbym miał 128kb strony ładują się minutami, potężne pingi... Nie wiem co się dzieje, czy to wina dostawcy, czy jakiś złośliwy wirus... Proszę o jak najszybszą pomoc.
Użytkownik Katarina edytował ten post 19 07 2010 - 22:15