Zamulony Komp

[VampirLord]

jak mi się komp włącza to taki komunikat można ten syf wypiedzielić nie wiem z kąt go mam na żadne złe strony nie wchodzę
Czasami mi NOD32 mi wchlania 100% procesora chyba tak nie powinno być dokładniej proces ekrn.exe no i komputer mi się zamula jak klikam na liste programów zauwarzylem że tak się dzieje od kiedy wymieniłem RAM na lepszy nie wiem czy to może być przyczyna ale ram mi styka z k.graficzną (radiatorem) bo mam headpipe ramy a jak mialem zwykłe to nie zamulał mi tak a było mniej ramu. Combo fix dam później bo pisze że mi wygasł

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:18, on 2009-04-02
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
C:\Program Files\Ashampoo FireWall\FireWall.exe
C:\Program Files\ESET NOD32 Antivirus\egui.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O4 - HKLM\..\Run: [AntiSpyWare2Guard] C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint – Dodaj do listy drukowania - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint – Drukuj - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint – Drukuj z dużą szybkością - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint – Podgląd - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Pobierz z &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ashampoo AntiSpyWare 2 Service (AASW2_Service) - Unknown owner - C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6811 bytes

Sillent Runer

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"AntiSpyWare2Guard" = "C:\Program Files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" ["Ashampoo GmbH & Co. KG"]
"Ashampoo FireWall" = ""C:\Program Files\Ashampoo FireWall\FireWall.exe" -TRAY" [null data]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"egui" = ""C:\Program Files\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"]
"cFosSpeed" = "C:\Program Files\cFosSpeed\cFosSpeed.exe" ["cFos Software GmbH"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\(Default) = (no title provided)
{HKLM...CLSID} = "McAfee SiteAdvisor BHO"
\InProcServer32\(Default) = "c:\PROGRA~1\mcafee\siteadvisor\mcieplg.dll" ["McAfee, Inc."]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
{HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"
{HKLM...CLSID} = "JQSIEStartDetectorImpl Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
{HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
{HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
{HKLM...CLSID} = "Groove Folder Synchronization"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{A449600E-1DC6-4232-B948-9BD794D62056}" = "Groove GFS Stub Icon Handler"
{HKLM...CLSID} = "Groove GFS Stub Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
{HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{6C467336-8281-4E60-8204-430CED96822D}" = "Groove GFS Context Menu Handler"
{HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{387E725D-DC16-4D76-B310-2C93ED4752A0}" = "Groove XML Icon Handler"
{HKLM...CLSID} = "Groove XML Icon Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{16F3DD56-1AF5-4347-846D-7C10C4192619}" = "Groove Explorer Icon Overlay 3 (GFS Folder)"
{HKLM...CLSID} = "Groove Explorer Icon Overlay 3 (GFS Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}" = "Groove Explorer Icon Overlay 2 (GFS Stub)"
{HKLM...CLSID} = "Groove Explorer Icon Overlay 2 (GFS Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}" = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
{HKLM...CLSID} = "Groove Explorer Icon Overlay 4 (GFS Unread Mark)"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{99FD978C-D287-4F50-827F-B2C658EDA8E7}" = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
{HKLM...CLSID} = "Groove Explorer Icon Overlay 1 (GFS Unread Stub)"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{920E6DB1-9907-4370-B3A0-BAFC03D81399}" = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
{HKLM...CLSID} = "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
{HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
{HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\MLSHEXT.DLL" [MS]
"{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
{HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\ONFILTER.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
{HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
{HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
{HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
{HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
{HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
{HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
{HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"
{HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" = "Groove GFS Stub Execution Hook"
{HKLM...CLSID} = "Groove GFS Stub Execution Hook"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
{HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> dimsntfy\DLLName = "C:\WINDOWS\System32\dimsntfy.dll" [MS]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
{HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
{HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
{HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\ESET NOD32 Antivirus\shellExt.dll" ["ESET"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
XXX Groove GFS Context Menu Handler XXX\(Default) = "{6C467336-8281-4E60-8204-430CED96822D}"
{HKLM...CLSID} = "Groove GFS Context Menu Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\Office12\GrooveShellExtensions.dll" [MS]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
{HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

[AJAN]

Pobierz ComboFix i przeskanuj system
Na czas pobierania i skanowania proszę wyłączyć wszelkie zapory i antyvirusy
Loga wklejasz na WKLEJ.EU lub WKLEJ.ORG a w poście daj linka

[VampirLord]

COMBOFIX:

ComboFix 09-04-04.01 - VampirLord 2009-04-10 16:05:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.3327.2898 [GMT 2:00]
Uruchomiony z: c:\program files\Combofix\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\VampirLord\Dane aplikacji\EurekaLog
c:\documents and settings\VampirLord\Dane aplikacji\EurekaLog\EurekaLog.ini

.
((((((((((((((((((((((((( Pliki utworzone od 2009-03-10 do 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-09 13:39 . 2009-04-09 13:39 <DIR> d-------- c:\windows\system32\AGEIA
2009-04-09 13:39 . 2009-04-09 13:39 <DIR> d-------- c:\program files\AGEIA Technologies
2009-04-09 13:38 . 2009-04-09 13:40 <DIR> d-------- c:\windows\NV37043708.TMP
2009-04-09 13:38 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2009-04-09 13:36 . 2009-04-09 13:36 <DIR> d-------- C:\NVIDIA
2009-03-29 12:18 . 2008-07-03 18:04 732,376 -ra------ c:\windows\system32\drivers\cfosspeed.sys
2009-03-29 12:18 . 2008-07-03 18:04 290,008 --a------ c:\windows\system32\cfosspeed.dll
2009-03-27 11:19 . 2009-03-27 11:19 <DIR> d-------- c:\program files\Real Alternative
2009-03-23 23:09 . 2009-03-23 23:09 <DIR> d-------- c:\program files\CoreAVC Professional Edition
2009-03-23 23:06 . 2009-03-23 23:06 <DIR> d-------- c:\program files\Combined Community Codec Pack
2009-03-23 22:33 . 2009-03-23 22:33 <DIR> d-------- c:\program files\BestPlayer
2009-03-23 22:27 . 2009-03-23 22:30 <DIR> d-------- c:\documents and settings\VampirLord\Dane aplikacji\BESTplayer
2009-03-23 21:48 . 2009-03-23 21:49 <DIR> d-------- c:\program files\AviSynth 2.5
2009-03-23 21:42 . 2009-03-23 22:46 <DIR> d-------- c:\program files\Easy RealMedia Tools
2009-03-20 13:20 . 2009-03-20 13:20 <DIR> d-------- c:\documents and settings\VampirLord\Dane aplikacji\GoPal Assistant
2009-03-20 13:19 . 2009-03-20 13:20 <DIR> d-------- c:\program files\Medion GoPal Assistant
2009-03-20 13:11 . 2009-03-28 14:40 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-03-18 19:39 . 2009-03-18 19:39 <DIR> d-------- c:\documents and settings\VampirLord\Dane aplikacji\dvdcss
2009-03-18 18:10 . 2009-04-10 16:06 <DIR> d-------- c:\program files\cFosSpeed
2009-03-18 16:06 . 2008-04-14 23:51 221,184 --a------ c:\windows\system32\wmpns.dll
2009-03-17 11:29 . 2009-03-17 11:30 <DIR> d-------- c:\program files\DjVu
2009-03-16 16:38 . 2007-01-01 21:03 40,960 -ra------ c:\windows\system32\psfind.dll

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 14:02 --------- d-----w c:\program files\Kalendarz XP
2009-04-10 13:08 --------- d-----w c:\program files\Combofix
2009-04-09 11:52 --------- d-----w c:\program files\PowerStrip
2009-04-04 15:24 --------- d-----w c:\program files\OmniPageSE4.0
2009-04-04 14:17 --------- d-----w c:\documents and settings\LocalService\Dane aplikacji\SACore
2009-04-04 08:51 --------- d-----w c:\program files\System Cleaner 5
2009-04-04 08:40 --------- d-----w c:\program files\Fraps
2009-04-04 08:24 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-29 10:18 --------- d-----w c:\program files\ESET NOD32 Antivirus
2009-03-20 15:41 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-18 19:12 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-18 13:28 --------- d-----w c:\program files\Gadu-Gadu
2009-03-06 15:33 --------- d-----w c:\documents and settings\VampirLord\Dane aplikacji\Skype
2009-03-06 14:48 --------- d-----w c:\documents and settings\VampirLord\Dane aplikacji\skypePM
2009-03-01 13:39 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-01 13:39 --------- d-----w c:\program files\Java
2009-03-01 08:59 --------- d-----w c:\program files\SpeedFan
2009-02-27 16:39 --------- d-----w c:\program files\Xfire
2009-02-27 16:39 --------- d-----w c:\program files\PhotoStudio 5.5
2009-02-27 16:39 --------- d-----w c:\program files\Ashampoo FireWall
2009-02-27 16:39 --------- d-----w c:\documents and settings\VampirLord\Dane aplikacji\Pointstone
2009-02-27 16:37 --------- d-----w c:\program files\Common Files\Pointstone
2009-02-27 16:25 --------- d-----w c:\documents and settings\VampirLord\Dane aplikacji\iolo
2009-02-27 16:25 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\iolo
2009-02-27 16:23 --------- d-----w c:\documents and settings\LocalService\Dane aplikacji\iolo
2009-02-27 08:50 --------- d-----w c:\documents and settings\VampirLord\Dane aplikacji\Canon
2009-02-26 19:16 10,345 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-02-26 19:16 --------- d-----w c:\program files\Hamachi
2009-02-26 19:14 2,829 ----a-w c:\windows\War3Unin.pif
2009-02-26 19:14 126,976 ----a-w c:\windows\War3Unin.exe
2009-02-26 08:03 --------- d-----w c:\program files\Usługi online
2009-02-17 21:08 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-23 22:34 259 ----a-w c:\documents and settings\VampirLord\kopy.bat
2009-01-23 01:18 42,320 ----a-w c:\windows\system32\xfcodec.dll
.

------- Sigcheck -------

2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 14:00 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-14 01:50 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys
2008-06-20 13:51 361600 4afb3b0919649f95c1964aa1fad27d73 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AntiSpyWare2Guard"="c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWare2Guard.exe" [2008-03-13 2316632]
"Ashampoo FireWall"="c:\program files\Ashampoo FireWall\FireWall.exe" [2007-04-05 3251800]
"egui"="c:\program files\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"cFosSpeed"="c:\program files\cFosSpeed\cFosSpeed.exe" [2008-07-03 867544]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Kalendarz XP.lnk - c:\program files\Kalendarz XP\Kalendarz.exe [2009-01-16 882176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2009-01-22 78848]
R2 AASW2_Service;Ashampoo AntiSpyWare 2 Service;c:\program files\Ashampoo\Ashampoo AntiSpyWare 2\AntiSpyWareService.exe [2009-01-16 730968]
R2 ekrn;Eset Service;c:\program files\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-01-17 203280]
R2 PStrip;PSTRIP;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
S3 CrystalSysInfo;CrystalSysInfo;c:\windows\system32\sysinfo.sys [2009-01-25 8192]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SetupAssistant.exe
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint – Dodaj do listy drukowania - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint – Drukuj - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint – Drukuj z dużą szybkością - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint – Podgląd - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Pobierz z &BitSpirit - c:\program files\BitSpirit\bsurl.htm
IE: ÓñČĚŘľ«ÁéĎÂÔŘ(&B)
IE: { - c:\program files\Messenger\msmsgs.exe
LSP: c:\program files\Ashampoo FireWall\spi.dll
FF - ProfilePath - c:\documents and settings\VampirLord\Dane aplikacji\Mozilla\Firefox\Profiles\v2vfejz9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Adobe Reader\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCARDS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 16:06:15
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\VAMPIR~1\USTAWI~1\Temp\ASFWHide"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(1372)
c:\program files\Ashampoo FireWall\spi.dll
.
Czas ukończenia: 2009-04-10 16:06:55
ComboFix-quarantined-files.txt 2009-04-10 14:06:53

Przed: 24,837,840,896 bajtów wolnych
Po: 24,825,782,272 bajtów wolnych

168 --- E O F --- 2009-02-25 20:45:42

[AJAN]

otwórz notatnik i wklej

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Z menu Notatnika Plik Zapisz jako Zmień rozszerzenie z .txt na wszystkie pliki zapisz pod nazwą Fix.reg
Uruchom ten plik, uruchom ponownie komputer

usuń ręcznie folder C:\Qoobox oraz instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.Instrukcja

przeskanuj komputer Kaspersky
gdy będą wirusy pokaż raport lub Dr.WEB CureIt!

[RPG'es]

Ja bym proponował koledze ściągnąc z internetu program Acronis true Image Home i gdy wszystko bedzie działać w porządku zrobić nim obraz systemu i zapisać na dysku :c i potem gdzie bedzie zapisana nasza kopia obrazu systemu wziac czystą płytkę DVD lub CD i nagrać obraz systemu na płytę.I gdy kiedyś by coś było nie tak np. komputer się włącza ale mamy niebieski ekran i białe literki i komputer się sam resetuje.To wkładamy płytkę z obrazem systemu i wciskamy F11.Program jest bezpieczny bo sam go używałem lecz to jest wersja trial na 15 dni więc radzę koledze zaraz po ściągnięciu program zrobić obraz systemu.