Komp zamula po instalacji linuxa

[christophe]

Czesc od kiedy zainstalowalem linuxa, vista zaczyna zamulac tak jak by cala pamiec ramu byla zajmowana przez linuxa
log z hijacka

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:51, on 16/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\foobar2000\foobar2000.exe
D:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101723&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: pdfoo Toolbar - {f12aa50a-a033-4dd6-a337-9d31d83212f2} - C:\Program Files\pdfoo\tbpdfo.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {740FE5FB-65F1-46C5-9E54-A19C8A8D7AC2} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: pdfoo Toolbar - {f12aa50a-a033-4dd6-a337-9d31d83212f2} - C:\Program Files\pdfoo\tbpdfo.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O3 - Toolbar: pdfoo Toolbar - {f12aa50a-a033-4dd6-a337-9d31d83212f2} - C:\Program Files\pdfoo\tbpdfo.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\program files\nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E6FCD9D-80A8-4392-A695-F214A3A2CDC1}: NameServer = 208.67.222.222,208.67.222.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AA4D538-A281-4685-98F0-3665E1153F45}: NameServer = 208.67.222.222,208.67.222.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{1E6FCD9D-80A8-4392-A695-F214A3A2CDC1}: NameServer = 208.67.222.222,208.67.222.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\program files\a-squared Free\a2service.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7444 bytes

i combo

Kod: Zaznacz wszystko

ComboFix 09-01-07.01 - mlody 2009-01-15  9:52:10.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.1.1036.18.3061.1996 [GMT 1:00]
Lancé depuis: d:\sciagane\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\program files\Mozilla Firefox\components\iamfamous.dll
C:\resycled
c:\resycled\boot.com
c:\windows\system32\drivers\msqpdxvqxsgvdv.sys
c:\windows\system32\msqpdxjfemsrds.dll
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_msqpdxserv.sys


(((((((((((((((((((((((((((((   Fichiers créés du 2008-12-15 au 2009-01-15  ))))))))))))))))))))))))))))))))))))
.

2009-01-15 09:28 . 2009-01-15 09:29   299,448,652   --a------   c:\windows\MEMORY.DMP
2009-01-13 16:16 . 2009-01-13 16:16   <REP>   d--------   c:\program files\Common Files\PCSuite
2009-01-13 16:15 . 2009-01-13 16:15   <REP>   d--------   c:\program files\PC Connectivity Solution
2009-01-13 16:15 . 2008-08-26 09:26   18,816   --a------   c:\windows\System32\drivers\pccsmcfd.sys
2009-01-12 22:19 . 2008-02-18 02:44   15,360   --a------   c:\windows\System32\drivers\hopperp.sys
2009-01-10 15:16 . 2009-01-11 18:54   <REP>   d--------   c:\users\mlody\AppData\Roaming\uTorrent
2009-01-09 23:08 . 2009-01-09 23:08   <REP>   d--------   c:\program files\Shut Down-O-Matic
2008-12-25 19:44 . 2008-12-25 19:44   <REP>   d--------   c:\program files\LittleFighter2
2008-12-24 09:15 . 2008-12-24 09:15   0   --ah-----   c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-12-23 13:14 . 2008-12-23 13:14   <REP>   d--------   c:\windows\System32\oodag
2008-12-22 17:12 . 2005-06-17 10:26   114,688   --a------   c:\windows\System32\WLANUTL.dll
2008-12-22 17:12 . 2005-06-17 10:26   61,440   --a------   c:\windows\System32\W32N50.dll
2008-12-22 17:12 . 2006-01-10 14:42   25,214   --a------   c:\windows\WLANUTL.ICO
2008-12-21 19:11 . 2009-01-14 20:52   183,112   --a------   c:\windows\System32\PnkBstrB.exe
2008-12-21 19:11 . 2009-01-14 20:52   138,184   --a------   c:\windows\System32\drivers\PnkBstrK.sys
2008-12-21 19:11 . 2008-12-21 19:11   66,872   --a------   c:\windows\System32\PnkBstrA.exe
2008-12-21 19:04 . 2008-12-21 19:04   <REP>   d--------   c:\users\mlody\AppData\Roaming\Leadertech
2008-12-21 18:42 . 2008-03-05 15:56   3,786,760   --a------   c:\windows\System32\D3DX9_37.dll
2008-12-21 18:42 . 2008-03-05 15:56   1,420,824   --a------   c:\windows\System32\D3DCompiler_37.dll
2008-12-21 18:42 . 2008-03-05 16:03   479,752   --a------   c:\windows\System32\XAudio2_0.dll
2008-12-21 18:42 . 2008-02-05 23:07   462,864   --a------   c:\windows\System32\d3dx10_37.dll
2008-12-21 18:42 . 2007-10-22 03:39   267,272   --a------   c:\windows\System32\xactengine2_10.dll
2008-12-21 18:42 . 2008-03-05 16:03   238,088   --a------   c:\windows\System32\xactengine3_0.dll
2008-12-21 18:42 . 2008-03-05 16:00   25,608   --a------   c:\windows\System32\X3DAudio1_3.dll
2008-12-21 18:37 . 2008-12-21 18:37   <REP>   d--------   c:\users\mlody\AppData\Roaming\DAEMON Tools Pro
2008-12-21 18:37 . 2008-12-21 18:37   <REP>   d--------   c:\users\mlody\AppData\Roaming\DAEMON Tools
2008-12-21 18:36 . 2008-12-21 18:36   <REP>   d--------   c:\users\All Users\DAEMON Tools Lite
2008-12-21 18:36 . 2008-12-21 18:36   <REP>   d--------   c:\programdata\DAEMON Tools Lite
2008-12-21 18:36 . 2008-12-21 18:36   <REP>   d--------   c:\program files\DAEMON Tools Toolbar
2008-12-21 18:32 . 2008-12-21 18:38   <REP>   d--------   c:\users\mlody\AppData\Roaming\DAEMON Tools Lite
2008-12-17 20:42 . 2008-12-17 20:58   <REP>   d--------   c:\program files\Lonely Cat Games
2008-12-17 12:48 . 2008-12-17 12:48   <REP>   d--------   c:\users\All Users\KLC
2008-12-17 12:48 . 2008-12-17 12:48   <REP>   d--------   c:\programdata\KLC
2008-12-17 12:48 . 2004-08-04 03:56   431,616   --a------   c:\windows\System32\temp.002
2008-12-16 19:46 . 2008-12-16 19:46   <REP>   d--------   c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-16 13:04 . 2008-12-16 13:04   <REP>   d--------   c:\users\All Users\Real
2008-12-16 12:45 . 2009-01-15 09:51   26,481   --a------   c:\windows\System32\OODBS.lor
2008-12-15 20:01 . 2008-12-15 20:01   <REP>   d--h-----   c:\users\All Users\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2008-12-15 20:01 . 2008-12-15 20:01   <REP>   d--h-----   c:\programdata\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2008-12-15 13:40 . 2008-12-15 13:40   <REP>   d--------   c:\program files\MSXML 4.0

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 20:37   ---------   d-----w   c:\users\mlody\AppData\Roaming\foobar2000
2009-01-13 15:16   ---------   d-----w   c:\program files\Common Files\Nokia
2009-01-13 15:14   ---------   d-----w   c:\program files\Nokia
2009-01-13 15:13   ---------   d-----w   c:\programdata\Installations
2009-01-12 21:16   ---------   d-----w   c:\users\mlody\AppData\Roaming\Wireshark
2008-12-22 16:12   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-22 16:11   ---------   d-----w   c:\program files\Common Files\InstallShield
2008-12-21 17:32   717,296   ----a-w   c:\windows\system32\drivers\sptd.sys
2008-12-16 13:15   ---------   d-----w   c:\users\mlody\AppData\Roaming\teamspeak2
2008-12-16 12:04   ---------   d-----w   c:\program files\Real Alternative
2008-12-14 14:55   0   ---ha-w   c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-12-14 14:54   ---------   d-----w   c:\programdata\Nokia
2008-12-14 14:39   ---------   d-----w   c:\program files\pdfoo
2008-12-14 14:39   ---------   d-----w   c:\program files\Conduit
2008-12-14 13:54   0   ---ha-w   c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-12-14 13:54   0   ---ha-w   c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-14 13:54   ---------   d-----w   c:\users\mlody\AppData\Roaming\PC Suite
2008-12-14 13:54   ---------   d-----w   c:\users\mlody\AppData\Roaming\Nokia
2008-12-14 13:54   ---------   d-----w   c:\programdata\PC Suite
2008-12-13 19:49   ---------   d-----w   c:\programdata\VistaCodecs
2008-12-13 19:49   ---------   d-----w   c:\program files\VistaCodecPack
2008-12-13 19:31   ---------   d-----w   c:\program files\Common Files\Adobe
2008-12-11 18:33   ---------   d-----w   c:\program files\DIFX
2008-12-11 09:04   ---------   d-----w   c:\programdata\Microsoft Help
2008-12-09 11:00   ---------   d-----w   c:\program files\QuickTime
2008-12-09 10:59   ---------   d-----w   c:\program files\Opera
2008-12-09 10:59   ---------   d-----w   c:\program files\Bonjour
2008-12-09 10:52   ---------   d-----w   c:\program files\Common Files\Macrovision Shared
2008-12-09 09:38   ---------   d-----w   c:\programdata\PY_Software
2008-12-07 19:39   ---------   d-----w   c:\program files\SopCast
2008-12-07 19:14   ---------   d-----w   c:\program files\PHP WebPage Editor
2008-12-06 17:52   ---------   d-----w   c:\program files\AskBarDis
2008-12-06 14:32   ---------   d-----w   c:\program files\Teamspeak2_RC2
2008-12-01 10:38   ---------   d-----w   c:\program files\Ufasoft
2008-12-01 10:23   ---------   d-----w   c:\users\mlody\AppData\Roaming\gtk-2.0
2008-12-01 10:14   ---------   d-----w   c:\users\mlody\AppData\Roaming\Ufasoft
2008-12-01 10:08   98,304   ----a-w   c:\windows\System32\SoftAheadCert.dll
2008-11-30 19:58   ---------   d-----w   c:\users\mlody\AppData\Roaming\Media Player Classic
2008-11-30 13:51   ---------   d-----w   c:\program files\Aspecto Software
2008-11-29 21:19   ---------   d-----w   c:\program files\Microsoft Works
2008-11-29 21:18   ---------   d-----w   c:\program files\MSBuild
2008-11-29 21:15   ---------   d-----w   c:\program files\Microsoft Visual Studio 8
2008-11-29 21:09   249,390   ----a-w   c:\windows\Alcohol_Toolbar_Uninstaller_9792.exe
2008-11-29 21:09   ---------   d-----w   c:\program files\Alcohol Toolbar
2008-11-29 21:09   ---------   d-----w   c:\program files\Alcohol Soft
2008-11-29 20:47   ---------   d-----w   c:\users\mlody\AppData\Roaming\Ventrilo
2008-11-29 20:47   ---------   d-----w   c:\program files\Ventrilo
2008-11-29 20:47   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2008-11-29 17:12   ---------   d-----w   c:\users\mlody\AppData\Roaming\Dev-Cpp
2008-11-27 19:50   ---------   d-----w   c:\users\mlody\AppData\Roaming\GHISLER
2008-11-27 19:30   ---------   d-----w   c:\users\mlody\AppData\Roaming\Thinstall
2008-11-27 17:26   ---------   d-----w   c:\program files\Microsoft.NET
2008-11-26 16:19   ---------   dcsh--w   c:\program files\Common Files\WindowsLiveInstaller
2008-11-26 16:19   ---------   d-----w   c:\program files\Windows Live
2008-11-26 16:17   ---------   d-----w   c:\programdata\WLInstaller
2008-11-25 18:30   ---------   d-----w   c:\program files\NAPI-PROJEKT
2008-11-24 19:46   ---------   d-----w   c:\users\mlody\AppData\Roaming\Gadu-Gadu
2008-11-24 18:08   ---------   d-----w   c:\program files\Gadu-Gadu
2008-11-24 16:47   ---------   d-----w   c:\program files\foobar2000
2008-11-24 16:43   ---------   d-----w   c:\program files\ESET
2008-11-24 16:39   ---------   d-----w   c:\programdata\Yahoo! Companion
2008-11-24 16:39   ---------   d-----w   c:\program files\DivX
2008-11-24 16:37   ---------   d-----w   c:\program files\Yahoo!
2008-11-24 16:37   ---------   d-----w   c:\program files\CCleaner
2008-11-24 16:35   ---------   d-----w   c:\users\mlody\AppData\Roaming\ESET
2008-11-24 16:33   ---------   d-----w   c:\programdata\ESET
2008-11-24 04:27   ---------   d-----w   c:\program files\Windows Sidebar
2008-11-24 04:27   ---------   d-----w   c:\program files\Windows Photo Gallery
2008-11-24 04:27   ---------   d-----w   c:\program files\Windows Mail
2008-11-24 04:27   ---------   d-----w   c:\program files\Windows Journal
2008-11-24 04:27   ---------   d-----w   c:\program files\Windows Defender
2008-11-24 04:27   ---------   d-----w   c:\program files\Windows Collaboration
2008-11-24 04:27   ---------   d-----w   c:\program files\Windows Calendar
2008-11-23 22:12   ---------   d-----w   c:\program files\Broadcom
2008-11-23 21:01   ---------   d-----w   c:\users\mlody\AppData\Roaming\TMP
2008-11-23 21:01   ---------   d-----w   c:\program files\Marvell
2008-11-23 20:53   ---------   d-----w   c:\program files\Dell
2008-11-23 20:45   ---------   d-----w   c:\program files\CONEXANT
2008-11-23 20:44   0   ---ha-w   c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-23 20:06   ---------   d-----w   c:\program files\Cisco
2008-11-23 20:05   ---------   d-----w   c:\users\mlody\AppData\Roaming\InstallShield
2008-11-23 19:55   ---------   d-----w   c:\program files\Intel
2008-11-23 19:50   ---------   d-----w   c:\program files\SigmaTel
2008-11-23 19:39   ---------   d-sh--w   c:\programdata\Modèles
2008-11-23 19:39   ---------   d-sh--w   c:\programdata\Menu Démarrer
2008-11-23 19:39   ---------   d-sh--w   c:\programdata\Favoris
2008-11-23 19:39   ---------   d-sh--w   c:\programdata\Bureau
2008-11-23 19:39   ---------   d-sh--w   c:\program files\Fichiers communs
2008-11-01 03:44   541,696   ----a-w   c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44   52,736   ----a-w   c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44   460,288   ----a-w   c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44   28,672   ----a-w   c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44   2,154,496   ----a-w   c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44   173,056   ----a-w   c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21   4,240,384   ----a-w   c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29   2,927,104   ----a-w   c:\windows\explorer.exe
2008-10-22 05:47   995,328   ----a-w   c:\windows\System32\VSFilter.dll
2008-10-22 01:22   2,048   ----a-w   c:\windows\System32\tzres.dll
2008-10-21 05:25   296,960   ----a-w   c:\windows\System32\gdi32.dll
2008-10-16 21:13   1,809,944   ----a-w   c:\windows\System32\wuaueng.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f12aa50a-a033-4dd6-a337-9d31d83212f2}"= "c:\program files\pdfoo\tbpdfo.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{f12aa50a-a033-4dd6-a337-9d31d83212f2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-03 10:19   325000   --a------   c:\program files\AskBarDis\bar\bin\askBar1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f12aa50a-a033-4dd6-a337-9d31d83212f2}]
2008-11-23 23:03   1784856   --a------   c:\program files\pdfoo\tbpdfo.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-10-03 325000]
"{f12aa50a-a033-4dd6-a337-9d31d83212f2}"= "c:\program files\pdfoo\tbpdfo.dll" [2008-11-23 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-10-03 325000]
"{F12AA50A-A033-4DD6-A337-9D31D83212F2}"= "c:\program files\pdfoo\tbpdfo.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{f12aa50a-a033-4dd6-a337-9d31d83212f2}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"PC Suite Tray"="d:\program files\nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CSCD"= camcodec.dll
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\[u]0[/u]OODBS

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 d:\program files\abdobe\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-10 10:02 216520 d:\program files\demon\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
--a------ 2007-12-23 00:03 916240 d:\program files\eraser\Eraser\Eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-11-10 15:07 1253376 d:\program files\nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 d:\program files\nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-21 03:23 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2008-01-21 03:23 2153472 c:\windows\System32\oobefldr.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{40C656DF-9327-4481-827A-625DB78526FE}c:\\program files\\gadu-gadu\\gg.exe"= UDP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glówny
"UDP Query User{71E5ECCE-04A1-48E3-9120-1D93D17AD4F5}c:\\program files\\gadu-gadu\\gg.exe"= TCP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program glówny
"TCP Query User{CC219600-FBDA-4E01-8C39-6844CD97F8C8}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"UDP Query User{BE1556B8-EAC7-4727-99C7-DFC3292A11D7}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Application d'assistance Microsoft DirectPlay
"TCP Query User{B8C9E39B-A60D-44B7-ACAA-15B6B8525FF9}d:\\stronghold\\stronghold.crusader.extreme.full-rip.skullptura\\stronghold crusader\\stronghold_crusader_extreme.exe"= UDP:d:\stronghold\stronghold.crusader.extreme.full-rip.skullptura\stronghold crusader\stronghold_crusader_extreme.exe:Stronghold Crusader
"UDP Query User{8F3C1311-6D45-48E7-AF4E-0C790C602526}d:\\stronghold\\stronghold.crusader.extreme.full-rip.skullptura\\stronghold crusader\\stronghold_crusader_extreme.exe"= TCP:d:\stronghold\stronghold.crusader.extreme.full-rip.skullptura\stronghold crusader\stronghold_crusader_extreme.exe:Stronghold Crusader
"{61568408-881A-4444-9DE1-79B4FD6872BC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{44C3A7C2-78B2-4FEB-BBC5-3CE27EDC50C4}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{FABEB1F7-64FF-481F-B424-DAB17CC6F4B8}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{5AFB6B1B-346D-4E48-84FA-621314C9546C}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9A5965B2-442F-4A4B-ACC5-4AA91230D523}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{16B1F632-736F-43B6-8350-6575710A7BFF}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{CC21A4BD-4259-4D4C-8E62-5D9DBDD189D2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3D51B034-EEE3-4695-81C7-C7AF299E05D1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BF0968B3-6813-4A59-A95C-256FE86C7D12}"= UDP:d:\program files\utorrent\uTorrent.exe:µTorrent (TCP-In)
"{8C0B0155-D236-4351-A97A-75DCC2E36827}"= TCP:d:\program files\utorrent\uTorrent.exe:µTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\System32\drivers\IntcHdmi.sys [2008-11-23 111616]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2008-11-23 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2008-11-23 7424]
R4 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-11-23 73728]
R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
R4 HopperP;WiFi Hopper (Vista);c:\windows\System32\drivers\hopperp.sys [2009-01-12 15360]
R4 kqemu;kqemu driver;c:\windows\System32\drivers\kqemu.sys [2007-02-06 123939]
R4 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2007-11-06 34064]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{172086ea-b995-11dd-911e-806e6f6e6963}]
\shell\AutoRun\command - E:\umenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d45158b-bb0b-11dd-80b6-001fe2de4a9e}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL j:\resycled\boot.com j:
\shell\Open\command - j:\resycled\boot.com j:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8177aca-be59-11dd-854b-001fe2de4a9e}]
\shell\AutoRun\command - F:\Autorun.exe
.
Contenu du dossier 'Tâches planifiées'

2009-01-15 c:\windows\Tasks\User_Feed_Synchronization-{472B095F-064F-4A6D-AF7D-0772C64F9DF1}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.ask.com/?o=101723&l=dis
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {1E6FCD9D-80A8-4392-A695-F214A3A2CDC1} = 208.67.222.222,208.67.222.220
TCP: {9AA4D538-A281-4685-98F0-3665E1153F45} = 208.67.222.222,208.67.222.220
FF - ProfilePath - c:\users\mlody\AppData\Roaming\Mozilla\Firefox\Profiles\jwuik3sq.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?o=101723&l=dis
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\abdobe\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 09:55:13
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-01-15  9:56:34
ComboFix-quarantined-files.txt  2009-01-15 08:56:32

Avant-CF: 4,995,682,304 octets libres
Après-CF: 5,003,567,104 octets libres

305   --- E O F ---   2009-01-08 15:27:56


[wojtas]

wklej do notatnika

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d45158b-bb0b-11dd-80b6-001fe2de4a9e}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

skasuJ;

c:\program files\AskBarDis

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

[christophe]

Kod: Zaznacz wszystko

********************************************************************************
*                                                                              *
*                                 FixIEDef Log                                 *
*                              Version 1.7.22.7268                             *
*                                                                              *
********************************************************************************

Created at 23:14:43 on Saturday, January 17, 2009

Time Zone            : (GMT+01:00) Bruxelles, Copenhague, Madrid, Paris

Logged On User       : mlody

Operating System     : Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
OS Architecture      : X86
System Langauge      : French (Standard)
Keyboard Layout      : French (Standard)
Processor            : X64 Intel(R) Core(TM)2 Duo CPU     T8300  @ 2.40GHz

System Drive         : C:\
Windows Directory    : C:\Windows
System Directory     : C:\Windows\system32

System Drive Type    : Fixed
System Drive Status  : READY
System Drive Label   :
System Drive Size    : 30 GB
System Drive Free    : 3.2 GB

Total Physical Memory: 3061 MB
Free Physical Memory : 1851 MB
Total Page File      : 3061 MB
Free Page File       : 5132 MB
Total Virtual Memory : 2048 MB
Free Virtual Memory  : 1945 MB

Boot State           : Normal boot

--------------------------------------------------------------------------------

!!! userinit.exe is Clean !!!

--------------------------------------------------------------------------------

!!! Files that have been deleted !!!

C:\Windows\system32\OODBS.lor

--------------------------------------------------------------------------------

!!! Directories that have been removed !!!

No malicious directories to be removed

--------------------------------------------------------------------------------

!!! Registry entries that have been removed !!!

No malicious Registry entries found

================================================================================

All Done :)

ShadowPuterDude

Safe Surfing!!!

Kod: Zaznacz wszystko

sobota, 17 styczeń 2009
System operacyjny: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Wersja Kaspersky Online Scanner: 7.0.26.12
Data ostatniej aktualizacji bazy danych: Saturday, January 17, 2009 19:19:58
Liczba wpisów: 1638100

Ustawienia skanowania
Typ bazy danych użytej do skanowania   rozszerzona
Skanuj archiwa   tak
Skanuj pocztowe bazy danych   tak

Obszar skanowania   Folder
D:\

Statystyki skanowania
Przeskanowanych plików   17451
Nazwa zagrożenia   0
Zainfekowanych obiektów   0
Podejrzanych obiektów   0
Czas skanowania   00:12:33

Nie wykryto zagrożeń. Obszar skanowania jest czysty.
Wybrany obszar został przeskanowany.

[wojtas]

system masz czysty