Długie uruchamianie systemu oraz jego praca

masterweb (Xardas20) 2008-08-28 19:34:51 UTC #1

Witam od dłuższego czasu planuję dokonanie sformatowania dysku twardego w związku z:

znacznym wydłużeniem uruchamiania się systemu win xp sp2 (baaaaardzo długo, można by wypić kawę)
częste skoki wykorzystania cpu oraz pamięci systemowej
problemy z uruchomieniem systemu ze stanu hibernacji (bds i konieczność ponownego uruchomienia komputera)
ponadto dysk bardzo często zaczyna "mielić" szperać głowicą po talerzach, czasami bez podstaw

Problem w tym że nie mam po pierwsze czasu na formata, a po drugie wystarczającego pojemnościowo nośnika na wykonanie kopii zapasowej.

W związku z powyższym proszę specjalistów 8) o sprawdzenie log'a z HijackThis ps. przy próbie uruchomienia Combofix wyskakuje error data, czym to jest spowodowane?

Logfile of HijackThis v1.99.1

Scan saved at 21:24:26, on 2008-08-27

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Unable to get Internet Explorer version!

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\neostrada tp\neostradatp.exe

C:\Program Files\neostrada tp\ComComp.exe

C:\PROGRA~1\NEOSTR~1\Toaster.exe

C:\PROGRA~1\NEOSTR~1\Inactivity.exe

C:\PROGRA~1\NEOSTR~1\PollingModule.exe

C:\Program Files\neostrada tp\Watch.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.exe

C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN

C:\programy\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = neostrada tp

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe

O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

O4 - HKLM..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe

O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe

O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab

O17 - HKLM\System\CCS\Services\Tcpip..{36082B02-1936-4FDA-B344-F36CC55968C4}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CCS\Services\Tcpip..{9175A599-7E37-4742-8634-8B7D13F8CB35}: NameServer = 192.168.0.1,194.204.152.34

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

Gutek (Gutek) 2008-08-28 19:40:03 UTC #2

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

usuń wpis HJT

Daj log z ComboFix

Optymalizacja XP: viewtopic.php?t=76580

Optymalizacja autostartu: http://www.bezpieczenstwosystemow.pl/in ... opic=116.0]

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools

masterweb (Xardas20) 2008-08-29 18:20:08 UTC #3

Oto log jaki wygenerował program ComboFix:

ComboFix 08-08-28.02 - Silver 2008-08-29 20:09:30.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.574 [GMT 2:00]

Running from: C:\Documents and Settings\Silver\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\WWW\Dane aplikacji\macromedia\Flash Player#SharedObjects\QNSX5DMP\bin.clearspring.com

C:\Documents and Settings\WWW\Dane aplikacji\macromedia\Flash Player#SharedObjects\QNSX5DMP\bin.clearspring.com\clearspring.sol

C:\Documents and Settings\WWW\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#bin.clearspring.com

C:\Documents and Settings\WWW\Dane aplikacji\macromedia\Flash Player\macromedia.com\support\flashplayer\sys#bin.clearspring.com\settings.sol

C:\Recycled\Recycled

((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))

2008-08-27 21:44 . 2008-08-27 21:44

2008-08-20 18:07 . 2008-08-20 21:55

2008-08-20 16:46 . 2008-08-20 16:46 230 --a------ C:\WINDOWS\system32\spupdsvc.inf

2008-08-20 16:39 . 2008-08-20 17:07 970 --a------ C:\WINDOWS\Active Setup Log.BAK

2008-08-18 17:37 . 1999-08-21 15:02 352,209 --a------ C:\WINDOWS\system32\MATRIXSS.SCR

2008-08-18 17:37 . 1999-08-21 14:00 19,152 --a------ C:\WINDOWS\system32\MATRIX.FON

2008-08-12 19:45 . 2008-08-12 19:45

2008-08-07 00:17 . 2008-08-07 00:17

2008-08-04 18:16 . 2004-08-23 13:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll

2008-08-04 18:11 . 2008-08-04 18:15 168 --a------ C:\WINDOWS\adidsl.ini

2008-08-04 18:11 . 2008-08-04 18:11 21 --a------ C:\WINDOWS\Fast800.ini

2008-08-04 18:09 . 2001-05-02 23:42 261,964 --a------ C:\WINDOWS\system32\drivers\rtbld9i1.bnm

2008-08-04 18:09 . 2001-05-03 18:33 261,962 --a------ C:\WINDOWS\system32\drivers\rtbld9p3.bnm

2008-08-04 18:09 . 2001-05-02 23:43 261,960 --a------ C:\WINDOWS\system32\drivers\rtbld9i0.bnm

2008-08-04 18:09 . 2001-05-03 18:33 261,952 --a------ C:\WINDOWS\system32\drivers\rtbld9p1.bnm

2008-08-04 18:09 . 2001-05-03 18:33 261,930 --a------ C:\WINDOWS\system32\drivers\rtbld9p0.bnm

2008-08-04 18:09 . 2001-05-03 18:33 261,926 --a------ C:\WINDOWS\system32\drivers\rtbld9p2.bnm

2008-08-04 18:09 . 2001-05-02 23:42 261,918 --a------ C:\WINDOWS\system32\drivers\rtbld9i2.bnm

2008-08-04 18:09 . 2006-04-10 13:43 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I1.BIN

2008-08-04 18:09 . 2006-04-10 13:43 152,126 --a------ C:\WINDOWS\system32\drivers\L1E9I0.BIN

2008-08-04 18:09 . 2001-05-02 23:42 53,590 --a------ C:\WINDOWS\system32\drivers\rtbld9i4.bnm

2008-08-04 18:09 . 2001-05-03 18:33 41,620 --a------ C:\WINDOWS\system32\drivers\rtbld9p4.bnm

2008-08-04 18:08 . 2008-08-04 18:08

2008-08-04 18:08 . 2003-08-04 13:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll

2008-08-04 18:08 . 2004-08-23 13:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe

2008-08-04 18:08 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll

2008-08-04 18:08 . 2003-08-04 13:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS

2008-08-04 18:05 . 2008-08-29 19:52

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2008-08-29 18:03 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-08-29 17:30 --------- d-----w C:\Documents and Settings\Silver\Dane aplikacji\WTablet

2008-08-29 17:28 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\WTablet

2008-08-29 10:43 --------- d-----w C:\Documents and Settings\Praca\Dane aplikacji\OpenOffice.org2

2008-08-29 07:40 --------- d-----w C:\Documents and Settings\WWW\Dane aplikacji\WTablet

2008-08-29 07:05 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-08-29 07:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems

2008-08-27 19:06 --------- d-----w C:\Documents and Settings\Silver\Dane aplikacji\OpenOffice.org2

2008-08-21 20:47 --------- d-----w C:\Program Files\Google

2008-08-21 18:22 --------- d-----w C:\Documents and Settings\WWW\Dane aplikacji\gtk-2.0

2008-08-14 13:13 98,304 ----a-w C:\WINDOWS\DUMP55d0.tmp

2008-08-08 14:13 --------- d-----w C:\Program Files\FlashGet

2008-08-07 10:49 --------- d-----w C:\Documents and Settings\Praca\Dane aplikacji\gtk-2.0

2008-08-04 16:11 33 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg

2008-07-24 11:26 --------- d-----w C:\Documents and Settings\WWW\Dane aplikacji\Gadu-Gadu

2008-07-24 10:56 --------- d-----w C:\Program Files\Powerbullet

2008-07-24 10:55 --------- d-----w C:\Program Files\SWiSH Max2

2008-07-24 06:32 --------- d-----w C:\Documents and Settings\WWW\Dane aplikacji\Thunderbird

2008-07-23 16:05 --------- d-----w C:\Documents and Settings\Silver\Dane aplikacji\gtk-2.0

2008-07-23 15:57 --------- d-----w C:\Program Files\Tablet

2008-07-23 07:17 --------- d-----w C:\Program Files\eMule

2008-07-22 12:06 --------- d-----w C:\Program Files\picture-shark

2008-07-22 10:27 --------- d-----w C:\Documents and Settings\WWW\Dane aplikacji\FastStone

2008-07-22 10:16 --------- d-----w C:\Documents and Settings\WWW\Dane aplikacji\Talkback

2008-07-22 10:15 --------- d-----w C:\Documents and Settings\WWW\Dane aplikacji\Inkscape

2008-07-22 09:46 --------- d-----w C:\Documents and Settings\Praca\Dane aplikacji\FastStone

2008-07-22 09:45 --------- d-----w C:\Program Files\FastStone Image Viewer

2008-07-09 18:17 --------- d-----w C:\Documents and Settings\Praca\Dane aplikacji\DivX

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll

2008-07-07 17:06 --------- d-----w C:\Program Files\JPEG Lossless Rotator

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll

2008-06-23 09:49 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe

2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:42 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-14 18:01 273,024 ------w C:\WINDOWS\system32\dllcache\bthport.sys

2007-11-03 10:36 114,308 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\firstlsp.reg.dat

2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll

2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 00:26 761945]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-21 09:51 7335936]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]

"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 11:20 188416]

"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 13:00 569413]

"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 03:08 813912]

"hp 1000 firmware"="C:\Program Files\hp LaserJet 1000\fwdl.exe" [2001-12-15 12:10 36864]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 18:33 266497]

"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 13:49 20480]

"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 15:55 32768]

"nwiz"="nwiz.exe" [2005-11-21 09:51 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

"vidc.3iv2"= 3ivxVfWCodec.dll

"VIDC.VP31"= vp31vfw.dll

"vidc.yv12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^ASUS ChkMail.lnk]

backup=C:\WINDOWS\pss\ASUS ChkMail.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Monitor Apache Servers.lnk]

backup=C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Photo Express Calendar Checker SE.lnk]

path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Photo Express Calendar Checker SE.lnk

backup=C:\WINDOWS\pss\Photo Express Calendar Checker SE.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Praca^Menu Start^Programy^Autostart^OpenOffice.org 2.1.lnk]

path=C:\Documents and Settings\Praca\Menu Start\Programy\Autostart\OpenOffice.org 2.1.lnk

backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Silver^Menu Start^Programy^Autostart^OpenOffice.org 2.1.lnk]

backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2006-12-22 08:29 67752 C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]

--a------ 2005-11-02 20:33 180224 C:\Program Files\Asus\ASUS Live Update\ALU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]

-r------- 2006-03-28 16:48 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]

--------- 2006-04-10 15:58 61440 C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

--a------ 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]

--a------ 2003-03-24 17:38 1443328 C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HControl]

--a------ 2005-11-10 05:47 102400 C:\WINDOWS\ATK0100\HControl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

--a------ 2005-12-15 11:18 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]

--a------ 2005-03-17 15:45 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]

--a------ 2005-12-28 12:56 602182 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

---hs---- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]

--a------ 2008-01-04 13:02 265216 C:\Program Files\Odkurzacz\odk_mcd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]

--a------ 2005-03-17 15:25 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

--a------ 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

--a------ 2006-06-27 16:21 1449984 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power_Gear]

--a------ 2005-10-05 18:50 86016 C:\Program Files\Asus\Power4 Gear\BatteryLife.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]

--a------ 2005-01-26 19:02 49152 C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

-ra------ 2003-10-14 11:22 155648 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-06-15 19:03 185784 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Console 2]

--a------ 2005-10-17 18:09 987136 C:\Program Files\Wireless Console 2\wcourier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

--a------ 2005-05-03 04:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

--a------ 2005-09-06 06:39 14850560 C:\WINDOWS\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]

--a------ 2005-05-26 17:12 544768 C:\WINDOWS\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"MySQL"=2 (0x2)

"LightScribeService"=2 (0x2)

"lanmanserver"=2 (0x2)

"Apache2"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe"=

"C:\Program Files\Gadu-Gadu\gg.exe"=

"C:\Program Files\BitComet\BitComet.exe"=

"D:\gry\conta strete\SteamApps\furious_silver\condition zero\hl.exe"=

"D:\gry\conta strete\SteamApps\furious_silver\condition zero deleted scenes\hl.exe"=

"D:\gry\conta strete\SteamApps\furious_silver\counter-strike\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5107:TCP"= 5107:TCP:BitComet 5107 TCP

"5107:UDP"= 5107:UDP:BitComet 5107 UDP

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 11:03]

R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11:12]

R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 10:30]

R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 16:11]

S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 11:07]

S3 ES-620;Edisonsoft ES-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\ES-620.sys [2003-04-17 11:42]

S3 GPU-Z;GPU-Z;C:\DOCUME~1\Silver\USTAWI~1\Temp\GPU-Z.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{11854924-0372-11dc-a080-0013023cc681}]

\Shell\AutoRun\command - dwvo.cmd

\Shell\explore\Command - dwvo.cmd

\Shell\open\Command - dwvo.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b88b4821-d011-11db-9ffa-001731c16723}]

\Shell\AutoRun\command - EXPLORER.EXE

\Shell\explore\Command - EXPLORER.EXE

\Shell\open\Command - EXPLORER.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e3712041-0aa2-11dc-a0a9-0013023cc681}]

\Shell\AutoRun\command - H:\USBNB.exe

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

Contents of the 'Scheduled Tasks' folder

2007-10-16 C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job

C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-11-22 03:08]

ORPHANS REMOVED - - - -

MSConfigStartUp-avgnt - C:\Program Files\AntiVir PersonalEdition Premium\avgnt.exe

MSConfigStartUp-Flashget - C:\Program Files\FlashGet\flashget.exe

MSConfigStartUp-Free Download Manager - C:\Program Files\Free Download Manager\fdm.exe

MSConfigStartUp-MagUninstall - C:\Program Files\Ashampoo\Ashampoo Magical UnInstall\MagicalUnInstall.exe

MSConfigStartUp-PE2CKFNT SE - C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

MSConfigStartUp-UIWatcher - C:\Program Files\Ashampoo\Ashampoo Magical UnInstall\UIWatcher.exe

------- Supplementary Scan -------

FireFox -: Profile - C:\Documents and Settings\Silver\Dane aplikacji\Mozilla\Firefox\Profiles\je7om61s.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=ie=UTF-8oe=UTF-8q=

FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\browser\nppdf32.dll

FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-29 20:14:33

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2008-08-29 20:16:06

ComboFix-quarantined-files.txt 2008-08-29 18:15:59

Pre-Run: 681,169,920 bajtów wolnych

Post-Run: 1,264,780,800 bajtów wolnych

259 --- E O F --- 2008-08-22 22:43:36

djarta (Kambor4) 2008-08-29 18:24:16 UTC #4

Usuń ręcznie ten zrzut pamięci.

Do Notatnika wklej:

Windows Registry Editor Version 5.00


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11854924-0372-11dc-a080-0013023cc681}]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b88b4821-d011-11db-9ffa-001731c16723}]


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3712041-0aa2-11dc-a0a9-0013023cc681}]

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: "Wszystkie pliki" >>> Zapisz jako FIX.REG**** >>>

plik uruchom (dwuklik i OK- zgódź się na dodanie do Rejestru).

Zrestartuj komputer.

Usuń ręcznie folder C:**** Qoobox,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer Ccleanerem

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html ( uruchom przez IE ) Daj raport z niego na forum.

lub

Dr.WEB CureIt!.

====================

Gutek (Gutek) 2008-08-29 21:50:00 UTC #5

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

Oparte na Discourse, najlepiej oglądać z włączonym JavaScriptem