Błąd wygląda tak: http://krzysiekn4.wrzuta.pl/obraz/ohFnUqIL5G/blad
Proszę o sprawdzenie loga ComboFix
- Kod: Zaznacz wszystko
ComboFix 09-03-10.03 - user 2009-03-12 18:24:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1280 [GMT 1:00]
Uruchomiony z: c:\documents and settings\user\Pulpit\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090311-1] *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\user\Dane aplikacji\.#
.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-12 do 2009-03-12 )))))))))))))))))))))))))))))))
.
2009-03-04 22:01 . 2009-03-04 22:03 <DIR> d-------- c:\documents and settings\user\Dane aplikacji\vlc
2009-02-26 21:43 . 2009-02-26 21:43 <DIR> d-------- c:\program files\directx
2009-02-24 11:34 . 2009-02-24 11:34 <DIR> d-------- c:\documents and settings\Ojciec\Dane aplikacji\ScanSoft
2009-02-24 10:29 . 2009-02-24 10:29 <DIR> d---s---- c:\documents and settings\Ojciec\UserData
2009-02-23 17:57 . 2009-02-23 17:57 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-22 13:21 . 2009-02-22 13:21 <DIR> d-------- c:\program files\Brother
2009-02-22 13:18 . 2009-02-22 13:18 <DIR> d-------- c:\program files\Nuance
2009-02-22 13:17 . 2009-02-22 13:17 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\InstallShield
2009-02-22 13:17 . 2006-10-24 15:34 31,567 --a------ c:\windows\maxlink.ini
2009-02-22 13:16 . 2009-02-22 13:16 <DIR> d-------- c:\program files\ScanSoft
2009-02-22 13:16 . 2009-02-22 13:17 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared
2009-02-22 13:16 . 2009-02-22 13:17 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ScanSoft
2009-02-22 13:15 . 2009-02-22 13:15 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Brother
2009-02-22 10:43 . 2008-12-12 18:03 3,088,896 -----c--- c:\windows\system32\dllcache\mshtml.dll
2009-02-22 10:43 . 2008-10-16 02:02 1,499,136 -----c--- c:\windows\system32\dllcache\shdocvw.dll
2009-02-22 10:43 . 2008-10-16 02:02 668,672 -----c--- c:\windows\system32\dllcache\wininet.dll
2009-02-22 10:43 . 2008-10-16 02:02 619,520 -----c--- c:\windows\system32\dllcache\urlmon.dll
2009-02-21 18:57 . 2009-02-21 18:57 <DIR> d-------- c:\documents and settings\Gość\Dane aplikacji\gtk-2.0
2009-02-21 18:53 . 2009-02-21 18:57 <DIR> d-------- c:\documents and settings\Gość\.gimp-2.4
2009-02-21 18:53 . 2009-02-21 18:57 <DIR> d-------- c:\documents and settings\Gość\.gimp-2.4
2009-02-21 18:45 . 2009-02-21 18:45 <DIR> d-------- c:\documents and settings\Ojciec\Dane aplikacji\TuneUp Software
2009-02-21 18:44 . 2009-02-21 18:44 <DIR> d-------- c:\documents and settings\Ojciec\Dane aplikacji\Apple Computer
2009-02-21 18:43 . 2009-03-12 18:25 <DIR> d--h----- c:\documents and settings\Ojciec\Ustawienia lokalne
2009-02-21 18:43 . 2009-02-24 09:57 <DIR> dr------- c:\documents and settings\Ojciec\Ulubione
2009-02-21 18:43 . 2002-07-07 11:07 <DIR> d--h----- c:\documents and settings\Ojciec\Szablony
2009-02-21 18:43 . 2009-03-10 13:49 <DIR> d-------- c:\documents and settings\Ojciec\Pulpit
2009-02-21 18:43 . 2009-02-24 11:34 <DIR> dr------- c:\documents and settings\Ojciec\Moje dokumenty
2009-02-21 18:43 . 2002-07-07 12:59 <DIR> dr------- c:\documents and settings\Ojciec\Menu Start
2009-02-21 18:43 . 2009-03-12 12:27 <DIR> d-------- c:\documents and settings\Ojciec\Dane aplikacji\WTablet
2009-02-21 18:43 . 2009-03-03 13:31 <DIR> dr-h----- c:\documents and settings\Ojciec\Dane aplikacji
2009-02-21 18:43 . 2009-02-24 10:29 <DIR> d-------- c:\documents and settings\Ojciec
2009-02-21 18:31 . 2009-03-11 17:48 1,374 --a------ c:\windows\imsins.BAK
2009-02-21 18:23 . 2009-02-21 18:23 <DIR> d-------- c:\documents and settings\Gość\Dane aplikacji\TuneUp Software
2009-02-21 17:50 . 2009-02-21 17:50 <DIR> d-------- C:\WTablet
2009-02-21 17:24 . 2009-02-26 18:45 <DIR> d--h----- c:\windows\Icons
2009-02-18 17:24 . 2009-02-24 23:10 2,330,240 --a------ c:\windows\system32\TUKernel.exe
2009-02-18 16:46 . 2009-02-18 16:46 <DIR> d-------- c:\documents and settings\user\Dane aplikacji\TuneUp Software
2009-02-18 16:46 . 2009-02-18 16:46 361,728 --a------ c:\windows\system32\TuneUpDefragService.exe
2009-02-18 16:46 . 2008-07-18 15:05 28,416 --a------ c:\windows\system32\uxtuneup.dll
2009-02-18 16:45 . 2009-02-18 16:45 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-18 16:45 . 2009-02-18 16:45 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\TuneUp Software
2009-02-18 16:36 . 2009-02-18 16:36 <DIR> d-------- c:\program files\TGTSoft
2009-02-12 19:05 . 2009-02-12 19:05 <DIR> d-------- c:\documents and settings\user\.gstreamer-0.10
2009-02-12 18:52 . 2009-03-02 15:13 <DIR> d-------- c:\documents and settings\user\Dane aplikacji\Nowe Gadu-Gadu
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 17:20 --------- d-----w c:\documents and settings\user\Dane aplikacji\foobar2000
2009-03-12 15:31 --------- d-----w c:\documents and settings\user\Dane aplikacji\WTablet
2009-03-11 15:15 --------- d-----w c:\documents and settings\LocalService\Dane aplikacji\WTablet
2009-03-07 22:35 --------- d-----w c:\documents and settings\user\Dane aplikacji\gtk-2.0
2009-03-06 09:26 --------- d-----w c:\documents and settings\Gość\Dane aplikacji\WTablet
2009-02-28 11:16 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-28 11:16 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-25 20:59 --------- d-----w c:\program files\NAPI-PROJEKT
2009-02-21 20:58 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2009-02-18 17:17 --------- d-----w c:\program files\Hotspot_Shield
2009-02-09 14:07 1,847,040 ----a-w c:\windows\system32\win32k.sys
2009-02-05 21:55 31,704 ----a-w c:\windows\system32\drivers\hssdrv.sys
2009-02-05 15:53 --------- d-----w c:\program files\Hotspot Shield
2009-01-28 22:48 --------- d-----w c:\documents and settings\user\Dane aplikacji\FLV Extract
2009-01-27 16:49 --------- d-----w c:\program files\Conduit
2009-01-18 16:44 180,224 ----a-w c:\windows\system32\WinVd32.sys
2009-01-18 16:44 16,384 ----a-w c:\windows\system32\WinFl32.sys
2009-01-18 13:41 --------- d-----w c:\documents and settings\user\Dane aplikacji\Apple Computer
2009-01-18 10:24 --------- d-----w c:\program files\Vuze
2009-01-18 10:23 --------- d-----w c:\documents and settings\user\Dane aplikacji\Azureus
2009-01-18 09:50 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Azureus
2009-01-15 19:59 --------- d-----w c:\program files\Bonjour
2008-12-24 22:39 3,120 ----a-w c:\windows\system32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
2008-12-24 20:40 118,520 ------w c:\windows\system32\pxinsi64.exe
2008-12-24 20:40 116,472 ------w c:\windows\system32\pxcpyi64.exe
2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 10:11 65,536 ----a-w c:\windows\system32\jdns_sd.dll
2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-10 20:54 88 -csh--r c:\documents and settings\All Users\Dane aplikacji\B34FE858E8.sys
2008-08-10 20:54 2,516 -csha-w c:\documents and settings\All Users\Dane aplikacji\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-01-27 1784856]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2009-01-27 21:06 1784856 --a------ c:\program files\Hotspot_Shield\tbHot1.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-02-08 14:01 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-01-27 1784856]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2009-01-27 1784856]
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"Nowe Gadu-Gadu"="d:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Go†\Menu Start\Programy\Autostart\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-08-27 606208]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Dane aplikacji\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-03-05 15:36 140976 d:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-27 114768]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;d:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-08-27 20560]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [2009-02-05 117208]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-24 1373480]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2008-08-27 1171456]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\hssdrv.sys [2009-02-05 31704]
R3 jatmlano;jatmlano;\??\c:\docume~1\user\USTAWI~1\Temp\jatmlano.sys --> c:\docume~1\user\USTAWI~1\Temp\jatmlano.sys [?]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [2009-02-05 30168]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Zawartość folderu 'Zaplanowane zadania'
2009-03-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-03-12 c:\windows\Tasks\Konserwacja jednym kliknięciem.job
- d:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-27 12:09]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Adnotuj z Bamboo Link - c:\program files\Wacom\Bamboo Link\AnnotateWithErgo.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - {17A84966-F1E9-4645-AA9E-5E771EE1C859} - d:\progra~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
FF - ProfilePath - c:\documents and settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\7o2mh96o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.wp.pl/
FF - component: c:\documents and settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\7o2mh96o.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\7o2mh96o.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll
FF - component: c:\documents and settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\7o2mh96o.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 18:25:41
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(1224)
d:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
c:\windows\system32\adsldpc.dll
.
Czas ukończenia: 2009-03-12 18:27:47
ComboFix-quarantined-files.txt 2009-03-12 17:27:30
Przed: 4,210,081,792 bajtów wolnych
Po: 4,224,995,328 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=N2FCQ2 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=N2FCQ2-BAK
215 --- E O F --- 2009-03-11 16:48:45
oraz skasuj folder C:\
