06.01.2009, 14:07
Bardzo bym prosił o sprawdzenie poniższego logu, bo już nie mam pojęcia co się dzieje z przeglądarką IE - zużywa dużo zasobów
Kod:
ComboFix 09-01-05.02 - Marcin 2009-01-05 22:02:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.3582.3000 [GMT 1:00]
Uruchomiony z: c:documents and settingsMarcinPulpitComboFix.exe
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:windowssystem32cbdddeb7_z.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2008-12-05 do 2009-01-05 )))))))))))))))))))))))))))))))
.
2009-01-05 18:34 . 2009-01-05 18:34 <DIR> d-------- c:documents and settingsMarcinDane aplikacjiAvira
2009-01-05 18:31 . 2009-01-05 18:31 <DIR> d-------- c:program filesAvira
2009-01-05 15:35 . 2009-01-05 15:36 82,108 --a------ C:2009-01-05_153525_cr.jpg
2009-01-04 14:23 . 2009-01-04 14:23 <DIR> d-------- c:windowsPerformance
2009-01-04 14:23 . 2009-01-04 14:23 <DIR> d-------- c:documents and settingsAll UsersDane aplikacjiMicrosoft Corporation
2009-01-03 20:58 . 2009-01-03 20:58 <DIR> d-------- c:program filesuTorrent
2009-01-03 20:58 . 2009-01-05 19:13 <DIR> d-------- c:documents and settingsMarcinDane aplikacjiuTorrent
2009-01-03 16:38 . 2006-09-18 14:58 97,184 -ra------ c:windowssystem32driversSE27mdm.sys
2009-01-03 16:38 . 2006-09-18 14:58 9,360 -ra------ c:windowssystem32driversSE27mdfl.sys
2009-01-03 16:38 . 2006-09-18 14:58 6,240 -ra------ c:windowssystem32driversSE27cmnt.sys
2009-01-03 16:38 . 2006-09-18 14:58 6,240 -ra------ c:windowssystem32driversSE27cm.sys
2009-01-02 11:31 . 2009-01-02 11:31 <DIR> d-------- c:program filesMalwarebytes'' Anti-Malware
2009-01-02 11:31 . 2009-01-02 11:31 <DIR> d-------- c:documents and settingsMarcinDane aplikacjiMalwarebytes
2009-01-02 11:31 . 2008-12-03 19:52 38,496 --a------ c:windowssystem32driversmbamswissarmy.sys
2009-01-02 11:31 . 2008-12-03 19:52 15,504 --a------ c:windowssystem32driversmbam.sys
2009-01-02 10:05 . 2009-01-02 10:10 <DIR> d-------- c:program filesEusing Free Registry Cleaner
2009-01-02 08:33 . 2009-01-02 08:33 <DIR> d-------- C:OnlineArmor
2008-12-31 09:30 . 2008-12-31 09:30 <DIR> d-------- c:documents and settingsMarcinDane aplikacjiPCToolsFirewallPlus
2008-12-31 09:27 . 2009-01-02 08:22 <DIR> d-a------ c:documents and settingsAll UsersDane aplikacjiTEMP
2008-12-29 15:05 . 2008-12-29 15:05 0 --a------ c:windowssystem32FOXIT_PDF
2008-12-29 14:45 . 2008-12-29 14:45 23 --a------ c:windowssystem32aedcefbed3_z.ocx
2008-12-29 14:40 . 2008-12-29 14:40 25,992 --a------ c:windowssystem32pgdfgsvc.exe
2008-12-28 17:54 . 2008-12-29 15:03 <DIR> d-------- c:program filesFoxit Software
2008-12-28 17:47 . 2008-12-28 17:47 <DIR> d--h----- c:windowsPIF
2008-12-27 09:39 . 2008-12-27 13:51 <DIR> d-------- c:program filesSpybot - Search & Destroy
2008-12-27 09:39 . 2008-12-27 13:52 <DIR> d-------- c:documents and settingsAll UsersDane aplikacjiSpybot - Search & Destroy
2008-12-26 22:57 . 2008-12-26 22:57 <DIR> d--h----- c:windowssystem32GroupPolicy
2008-12-26 08:48 . 2009-01-04 18:23 <DIR> d-------- C:AllokRMFolder
2008-12-26 08:45 . 2008-12-26 08:48 <DIR> d-------- c:program filesAllok RM RMVB to AVI MPEG DVD Converter
2008-12-25 09:41 . 2008-12-25 09:42 <DIR> d-------- c:program filesTuneUp Utilities 2008
2008-12-25 09:41 . 2008-12-25 09:41 <DIR> d-------- c:documents and settingsMarcinDane aplikacjiTuneUp Software
2008-12-25 09:41 . 2008-12-25 09:41 <DIR> d-------- c:documents and settingsAll UsersDane aplikacjiTuneUp Software
2008-12-25 09:41 . 2008-12-25 09:41 361,728 --a------ c:windowssystem32TuneUpDefragService.exe
2008-12-25 09:41 . 2008-07-18 15:05 28,416 --a------ c:windowssystem32uxtuneup.dll
2008-12-21 15:48 . 2008-12-21 15:48 <DIR> d-------- c:documents and settingsMarcinDane aplikacjiDivX
2008-12-21 15:47 . 2008-12-21 15:47 <DIR> d-------- c:windowssystem32custom matrices
2008-12-21 15:47 . 2008-12-21 15:47 <DIR> d-------- c:windowssystem32C2MP
2008-12-21 09:06 . 2008-12-21 09:23 <DIR> d-------- c:documents and settingsMarcinDane aplikacjiBESTplayer
2008-12-20 20:32 . 2008-12-20 20:32 <DIR> d-------- c:program files7-Zip
2008-12-19 20:45 . 2007-02-20 16:04 2,463,976 --a------ c:windowssystem32NPSWF32.dll
2008-12-19 20:45 . 2007-02-20 16:04 190,696 --a------ c:windowssystem32NPSWF32_FlashUtil.exe
2008-12-19 15:23 . 2008-12-19 15:23 <DIR> d-------- c:program filesCommon FilesSymantec Shared
2008-12-18 20:52 . 2008-03-03 14:25 5,702 --ah----- c:windowsnod32restoretemdono.reg
2008-12-13 18:56 . 2008-12-13 18:56 <DIR> d-------- c:documents and settingsAll UsersDane aplikacjiFLEXnet
2008-12-12 22:16 . 2008-12-12 22:16 <DIR> d-------- c:documents and settingsAll UsersDane aplikacjiESET
2008-12-09 19:45 . 2008-12-09 19:42 430,080 --a------ c:windowssystem32memorybar.exe
2008-12-09 15:01 . 2008-12-09 15:01 <DIR> d-------- c:program filesUPHClean
2008-12-09 12:13 . 2008-12-09 12:13 <DIR> d-------- c:windowsSun
2008-12-07 14:37 . 2008-12-07 14:37 <DIR> d-------- c:program filesOniGames
2008-12-07 14:34 . 2008-12-07 14:34 717,296 --a------ c:windowssystem32driverssptd.sys
2008-12-07 14:33 . 2008-12-07 14:33 <DIR> d-------- c:documents and settingsMarcinDane aplikacjiDAEMON Tools
2008-12-07 13:09 . 2008-12-07 13:09 49,776 --ah----- c:windowssystem32mlfcache.dat
2008-12-07 13:03 . 2008-12-07 13:03 <DIR> d-------- c:documents and settingsMarcinDane aplikacjiApple Computer
2008-12-06 13:22 . 2008-12-06 13:22 <DIR> d-------- c:program filesRADVideo
2008-12-06 10:18 . 2008-12-06 10:18 <DIR> d-------- c:program filesWinamp
2008-12-06 10:18 . 2008-12-06 10:18 <DIR> d-------- c:documents and settingsMarcinDane aplikacjiWinamp
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 17:31 --------- d-----w c:documents and settingsAll UsersDane aplikacjiAvira
2008-12-28 16:32 --------- d-----w c:program filesCommon FilesAdobe
2008-12-25 08:41 --------- d-----w c:program filesCommon FilesWise Installation Wizard
2008-12-21 08:09 --------- d--h--w c:program filesInstallShield Installation Information
2008-12-03 14:59 --------- d-----w c:documents and settingsMarcinDane aplikacjiMedia Player Classic
2008-12-03 14:39 --------- d-----w c:documents and settingsAll UsersDane aplikacjif-secure
2008-12-03 14:05 --------- d-----w c:documents and settingsAll UsersDane aplikacjifssg
2008-12-02 14:08 --------- d-----w c:program filesTrend Micro
2008-12-01 20:19 16,608 ----a-w c:windowsgdrv.sys
2008-12-01 19:55 --------- d-----w c:documents and settingsAll UsersDane aplikacjiKaspersky Lab Setup Files
2008-12-01 19:39 --------- d-----w c:documents and settingsAll UsersDane aplikacjicomodo
2008-12-01 18:48 --------- d-----w c:documents and settingsAll UsersDane aplikacjiMalwarebytes
2008-12-01 10:17 --------- d-----w c:program filesBinboy
2008-11-30 16:31 --------- d-----w c:documents and settingsMarcinDane aplikacjiHateML
2008-11-30 12:25 --------- d-----w c:documents and settingsMarcinDane aplikacjiAdobeUM
2008-11-30 10:54 --------- d-----w c:program filesBonjour
2008-11-30 10:48 --------- d-----w c:program filesCommon FilesMacrovision Shared
2008-11-30 09:54 --------- d-----w c:program filesMSXML 4.0
2008-11-30 09:35 --------- d-----w c:program filesReal Alternative
2008-11-30 09:18 --------- d-----w c:documents and settingsMarcinDane aplikacjiTeleca
2008-11-30 09:17 --------- d-----w c:documents and settingsMarcinDane aplikacjiSony Ericsson
2008-11-30 09:14 --------- d-----w c:program filesSony Ericsson
2008-11-30 09:14 --------- d-----w c:program filesCommon FilesTeleca Shared
2008-11-30 09:14 --------- d-----w c:program filesCommon FilesSony Ericsson Shared
2008-11-30 09:14 --------- d-----w c:documents and settingsAll UsersDane aplikacjiTeleca
2008-11-30 09:14 --------- d-----w c:documents and settingsAll UsersDane aplikacjiSony Ericsson
2008-11-30 09:09 --------- d-----w c:program filesCommon FilesInstallShield
2008-11-30 09:09 --------- d-----w c:program filesBrownie
2008-11-30 09:09 --------- d-----w c:program filesBrother
2008-11-30 09:05 --------- d-----w c:documents and settingsAll UsersDane aplikacjiBrother
2008-11-30 09:01 --------- d-----w c:documents and settingsMarcinDane aplikacjiCanon
2008-11-30 08:55 --------- d-----w c:program filesNewSoft
2008-11-30 08:55 --------- d-----w c:program filesCommon FilesPDFView
2008-11-30 08:54 --------- d-----w c:documents and settingsAll UsersDane aplikacjiInstallShield
2008-11-30 08:52 --------- d-----w c:program filesCommon FilesCANON
2008-11-30 08:52 --------- d-----w c:program filesArcSoft
2008-11-30 08:51 --------- d-----w c:program filesCanon
2008-11-30 08:50 --------- d--h--w c:program filesCanonBJ
2008-11-30 08:41 --------- d-----w c:program filesMicrosoft Works
2008-11-30 08:38 --------- d-----w c:program filesMicrosoft.NET
2008-11-30 07:17 --------- d-----w c:documents and settingsMarcinDane aplikacjiAhead
2008-11-30 07:16 --------- d-----w c:program filesNero
2008-11-30 07:16 --------- d-----w c:program filesCommon FilesAhead
2008-11-30 07:10 410,976 ----a-w c:windowssystem32deploytk.dll
2008-11-30 07:10 --------- d-----w c:program filesJava
2008-11-30 07:00 --------- d-----w c:program filesTechSmith
2008-11-30 07:00 --------- d-----w c:program filesCommon FilesTechSmith Shared
2008-11-30 07:00 --------- d-----w c:documents and settingsAll UsersDane aplikacjiTechSmith
2008-11-30 06:57 --------- d-----w c:documents and settingsMarcinDane aplikacjiGadu-Gadu
2008-11-30 06:53 --------- d-----w c:program filesGadu-Gadu
2008-11-29 20:14 --------- d-----w c:program filesCommon FilesJava
2008-11-29 20:12 --------- d-----w c:program filesFastStone Image Viewer
2008-11-29 20:12 --------- d-----w c:documents and settingsMarcinDane aplikacjiFastStone
2008-11-29 17:28 --------- d-----w c:program filesWindows Media Connect 2
2008-11-29 16:38 --------- d-----w c:program filesmicrosoft frontpage
2008-11-29 15:13 20,747 ----a-w c:windowssystem32driversAegisP.sys
2008-11-29 15:13 --------- d-----w c:program filesCompact Wireless-G USB Adapter Wireless Network Monitor
2008-11-29 14:57 --------- d-----w c:program filesAGEIA Technologies
2008-11-29 14:54 --------- d-----w c:program filesVtune
2008-11-29 14:51 --------- d-----w c:program filesRealtek
2008-11-29 14:50 --------- d-----w c:documents and settingsMarcinDane aplikacjiInstallShield
2008-11-29 14:49 315,392 ----a-w c:windowsHideWin.exe
2008-11-29 14:46 --------- d-----w c:program filesIntel
2008-11-29 14:39 --------- d-----w c:program filesUsługi online
2008-10-23 12:42 286,720 ----a-w c:windowssystem32gdi32.dll
2008-10-16 20:33 826,368 ----a-w c:windowssystem32wininet.dll
2008-10-16 13:13 202,776 ----a-w c:windowssystem32wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:windowssystem32wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:windowssystem32wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:windowssystem32wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:windowssystem32cdm.dll
2008-10-16 13:09 51,224 ----a-w c:windowssystem32wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:windowssystem32wups2.dll
2008-10-16 13:08 34,328 ----a-w c:windowssystem32wups.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:program filesMessengermsmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2008-09-11 13574144]
"NvMediaCenter"="c:windowssystem32NvMcTray.dll" [2008-09-11 86016]
"BrStsWnd"="c:program filesBrownieBrstsWnd.exe" [2008-01-08 864256]
"avgnt"="c:program filesAviraAntiVir PersonalEdition Premiumavgnt.exe" [2008-06-12 266497]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 c:windowsRTHDCPL.exe]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0
[HKLM~startupfolderC:^Documents and Settings^Marcin^Menu Start^Programy^Autostart^Error Repair Professional Updater.exe]
backup=c:windowspssError Repair Professional Updater.exeStartup
[HKLM~startupfolderC:^Documents and Settings^Marcin^Menu Start^Programy^Autostart^OpenOffice.ux.pl 3.0.lnk]
backup=c:windowspssOpenOffice.ux.pl 3.0.lnkStartup
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAcrobat Assistant 7.0
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDAEMON Tools Lite
HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregGEST
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregEdHTML]
--a------ 2003-03-24 17:38 1443328 c:program filesBinboyEdHTMLv5.0EdHTML.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
--------- 2008-04-14 18:21 1695232 c:program filesMessengermsmsgs.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSony Ericsson PC Suite]
-ra------ 2006-11-24 01:06 487424 c:program filesSony EricssonMobile2Application LauncherApplication Launcher.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 c:program filesSpybot - Search & DestroyTeaTimer.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
--a------ 2008-11-30 08:10 136600 c:program filesJavajre6binjusched.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregnwiz]
--a------ 2008-09-11 10:13 1657376 c:windowssystem32nwiz.exe
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\totalcmd\TOTALCMD.EXE"=
"c:\Program Files\uTorrent\uTorrent.exe"=
R4 AntiVirMailService;Avira AntiVir Premium MailGuard;c:program filesAviraAntiVir PersonalEdition Premiumavmailc.exe [2009-01-05 164097]
R4 antivirwebservice;Avira AntiVir Premium WebGuard;c:program filesAviraAntiVir PersonalEdition Premiumavwebgrd.exe [2009-01-05 258305]
R4 AVEService;Avira AntiVir Premium MailGuard helper service;c:program filesAviraAntiVir PersonalEdition Premiumavesvc.exe [2009-01-05 41217]
S3 DrvFltIp;DrvFltIp;??c:documents and settingsMarcinUstawienia lokalneTEMPDrvFltIp --> c:documents and settingsMarcinUstawienia lokalneTEMPDrvFltIp [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ANTIVIRMAILSERVICE
*NewlyCreated* - ANTIVIRSCHEDULER
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - ANTIVIRWEBSERVICE
*NewlyCreated* - AVESERVICE
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - GTNDIS5
*NewlyCreated* - SSMDRV
*Deregistered* - uphcleanhlp
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost - NetSvcs
UxTuneUp
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.wp.pl/
uInternet Settings,ProxyOverride = *.local
LSP: avsda.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 22:03:34
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001ServicesDrvFltIp]
"ImagePath"="??c:documents and settingsMarcinUstawienia lokalneTEMPDrvFltIp"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > ''winlogon.exe''(876)
c:windowssystem32GTGina.dll
.
Czas ukończenia: 2009-01-05 22:04:04
ComboFix-quarantined-files.txt 2009-01-05 21:03:53
Przed: 91 906 039 808 bajtów wolnych
Po: 91,936,378,880 bajtów wolnych
239 --- E O F --- 2008-12-18 14:59:56
ESET NOD32 Antivirus
Zemana AntiMalware (Premium)
Zemana AntiMalware (Premium)