Mam dziwny problem. Od wczoraj nie chce mi sie wyświetlać tapeta z pulpitu. dopiero jaj ją ustawiam od nowa jest dobrze ale to się dzieje za każdym razem jak włączam komputer oprócz tego komputer wolno dział i nawet filmy mi się ścinają.
- Kod: Zaznacz wszystko
ComboFix 09-01-21.04 - Miron 2009-01-25 12:35:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.255.45 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Miron\Pulpit\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
((((((((((((((((((((((((( Pliki utworzone od 2008-12-25 do 2009-01-25 )))))))))))))))))))))))))))))))
.
2009-01-20 16:35 . 2009-01-20 16:35 <DIR> d-------- c:\documents and settings\Olka\Dane aplikacji\Thunderbird
2009-01-18 20:30 . 2009-01-18 20:30 <DIR> d-------- c:\documents and settings\Miron\Dane aplikacji\Nero
2009-01-18 16:33 . 2009-01-18 16:33 <DIR> d-------- c:\documents and settings\Olka\Dane aplikacji\Tlen.pl
2009-01-16 17:24 . 2009-01-16 17:25 <DIR> d-------- c:\documents and settings\Miron\Dane aplikacji\SpeedSim
2009-01-16 14:53 . 2009-01-16 14:53 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\teamspeak2
2008-12-31 10:07 . 2009-01-19 09:21 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\AIMP
2008-12-29 12:30 . 2008-12-29 12:30 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Gadu-Gadu
2008-12-29 12:23 . 2008-12-29 12:25 <DIR> d-------- c:\documents and settings\Administrator\Gadu-Gadu
2008-12-29 10:23 . 2008-12-29 10:23 <DIR> d-------- c:\documents and settings\Administrator\Dane aplikacji\Nero
2008-12-29 10:07 . 2008-12-29 10:09 <DIR> d-------- c:\program files\Folder Guard Pro
2008-12-28 14:02 . 2008-12-28 14:02 <DIR> d-------- c:\program files\CodeStuff
2008-12-26 11:40 . 2009-01-19 19:21 <DIR> d-------- c:\program files\NAPI-PROJEKT
2008-12-25 16:22 . 2009-01-21 20:38 <DIR> d-------- C:\Temp
2008-12-25 16:10 . 2008-12-25 16:10 <DIR> d-------- c:\program files\ImTOO
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-24 20:01 --------- d-----w c:\program files\BitComet
2009-01-24 19:44 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-21 08:49 --------- d-----w c:\program files\Gadu-Gadu
2009-01-18 18:48 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-01-10 16:48 --------- d-----w c:\documents and settings\Miron\Dane aplikacji\AIMP
2008-12-29 10:15 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 12:48 --------- d-----w c:\program files\SubEdit-Player
2008-12-28 12:24 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-19 16:43 --------- d-----w c:\program files\TP
2008-12-17 12:36 --------- d-----w c:\program files\IrfanView
2008-12-11 12:20 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Media Player Classic
2008-12-11 12:20 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\DivX
2008-12-10 20:01 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-12-06 13:01 --------- d-----w c:\documents and settings\Miron\Dane aplikacji\Tibia
2008-12-05 21:10 73,216 ----a-w c:\windows\ST6UNST.EXE
2008-12-05 14:10 31 ----a-w c:\documents and settings\Olka\jagex_runescape_preferences.dat
2008-12-03 17:23 --------- d-----w c:\documents and settings\Miron\Dane aplikacji\ipla
2008-11-30 13:01 --------- d-----w c:\program files\KYE
2008-11-29 18:44 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ipla
2008-11-29 12:16 --------- d-----w c:\program files\Tlen.pl
2008-11-28 15:44 --------- d-----w c:\documents and settings\Miron\Dane aplikacji\MyPhoneExplorer
2008-11-25 11:56 --------- d-----w c:\documents and settings\Olka\Dane aplikacji\Media Player Classic
2008-11-25 11:56 --------- d-----w c:\documents and settings\Olka\Dane aplikacji\DivX
2008-11-25 10:34 --------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Logitech
2008-11-25 10:23 --------- d-----w c:\documents and settings\Olka\Dane aplikacji\Logitech
2008-11-20 19:25 50,688 ----a-w c:\windows\system32\wbhelp2.dll
2008-11-19 22:03 1,700,352 ----a-w c:\windows\system32\gdiplus.dll
2001-11-23 04:08 712,704 ----a-w c:\windows\inf\OTHER\AUDIO3D.DLL
.
------- Sigcheck -------
2007-07-10 14:06 642560 ce594e18fe0d0af804f1f3694921ce62 c:\windows\system32\user32.dll
2007-07-13 23:56 814592 ce7193c5f7c01b19768e066087c1c919 c:\windows\system32\wininet.dll
2007-07-28 02:15 360576 0fb6743e937c7bb248b2530a5a77abc6 c:\windows\system32\drivers\tcpip.sys
2007-07-26 18:30 2067584 5362d54a6925afdcbbba53b43ee65774 c:\windows\system32\ntkrnlpa.exe
2007-07-26 18:31 2190464 9899bb89856e3bd4ef13e11ccee49b71 c:\windows\system32\ntoskrnl.exe
2007-07-13 23:42 974848 32f67215c57df2c401bf93b7ee65987f c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ad muncher"="c:\downloads\Ad Muncher v4.71 Build 28140 (1782) - CRACKED\Ad Muncher\Ad Muncher\AdMunch.exe" [2007-11-03 779776]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"ErgoMedia"="c:\progra~1\KYE\ERGOME~1\SyTray.exe" [2005-06-28 1855488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-09-30 4603904]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2007-07-27 c:\windows\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Tlen.pl\\tlen.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Filters\\ac3config.exe"=
"d:\\Gry\\Counter-Strike 1.6 XTCS\\hltv.exe"=
"d:\\Gry\\Counter-Strike 1.6 XTCS\\cstrike.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14710:TCP"= 14710:TCP:BitComet 14710 TCP
"14710:UDP"= 14710:UDP:BitComet 14710 UDP
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
S3 FGUARD32;FGUARD32;c:\program files\Folder Guard Pro\FGUARD32.SYS [2008-12-29 54008]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://search.speedbit.com/
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=4L1YU184&id=menu_ie_frame
IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=4L1YU184&id=menu_ie_image
IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=4L1YU184&id=menu_ie_link
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=4L1YU184&id=menu_ie_exclude
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Pobierz wszystkie VIdeo za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: Pobierz wszystko za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Pobierz za pomocą BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=4L1YU184&id=menu_ie_report
FF - ProfilePath - c:\documents and settings\Miron\Dane aplikacji\Mozilla\Firefox\Profiles\pbtet4yx.default\
FF - prefs.js: browser.search.selectedEngine - Federacja Bibliotek Cyfrowych
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\documents and settings\Miron\Dane aplikacji\Mozilla\Firefox\Profiles\pbtet4yx.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 12:36:44
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\cscui.dll
.
Czas ukończenia: 2009-01-25 12:38:09
ComboFix-quarantined-files.txt 2009-01-25 11:38:07
Przed: 2 840 002 560 bajtów wolnych
Po: 2,865,020,928 bajtów wolnych
150
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:55, on 2009-01-25
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe
C:\Downloads\Ad Muncher v4.71 Build 28140 (1782) - CRACKED\Ad Muncher\Ad Muncher\AdMunch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Miron\Pulpit\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ErgoMedia] C:\PROGRA~1\KYE\ERGOME~1\SyTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ad muncher] "C:\Downloads\Ad Muncher v4.71 Build 28140 (1782) - CRACKED\Ad Muncher\Ad Muncher\AdMunch.exe" /bt
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=4L1YU184&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=4L1YU184&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=4L1YU184&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=4L1YU184&id=menu_ie_exclude
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz wszystkie VIdeo za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Pobierz za pomocą BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=4L1YU184&id=menu_ie_report
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5397 bytes
oraz skasuj folder C:\
