Dziwne pliki w "temp" + problemy z p2p (eMule)


(system) #1

W kwestii problemów:

  1. System kiepsko chodzi - "muli" momentami niemiłosiernie, nie wydaje mi się żeby to była wina jedynie małej ilości ramu (128), bo było lepiej. Ah no i uruchamianie/zamykanie trwa wieki.

  2. Boje się, że coś złapałem, mimo, że skan Spybotem i Spyware Sweeperem w zasadzie nie za wiele ukazał. Czemu? W TEMPie tworzą mi się jakieś takie dziwne pliki .exe typu: 4exmain.exe, 6exssd32a.4.exe, 28exinjs.a2.exe, 45exgmail2.5.exe (losowo wybrane) itp. - dużo tego jest (właśnie skasowałem +/- 100 sztuk, ale za każdym razem tworzą się nowe).... nie mam pojęcia skąd (Gmail Drive? - ale chyba nie...)

  3. Ostatnio jakby na złość dodatkowo pojawiły się problemy z netem... tzn. przeglądanie stron itp. idzie bez zarzuty, ale już eMule mi nie chodzi. Tzn. nie chce się podłączyć do jakiegokolwiek serwera... :confused: , sieć Kad w zasadzie nieaktywna. Nie wiem czy to wina stanu systemu czy coś innego (eMula przeinstalowałem, i nic). uTorrent dla odmiany działa w sumie ok.

To chyba tyle. A oto log:

Logfile of HijackThis v1.99.1

Scan saved at 23:39:07, on 2007-03-13

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Comodo Firewall\Comodo\Firewall\cmdagent.exe

C:\Program Files\NOD32\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NOD32\nod32kui.exe

C:\Program Files\A4Tech\Mouse\Amoumain.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Launchy\Launchy.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Program Files\foobar2000\foobar2000.exe

C:\Program Files\Last.fm\LastFM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\HijackThis\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.metacrawl.ws

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\AI RoboForm\roboform.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\NOD32\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [WheelMouse] "C:\Program Files\A4Tech\Mouse\Amoumain.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Customize Menu - file://C:\Program Files\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Fill Forms - file://C:\Program Files\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\AI RoboForm\RoboFormComShowToolbar.html

O11 - Options group: [INTERNATIONAL] International*

O17 - HKLM\System\CCS\Services\Tcpip\..\{8D24DCFD-B55A-4264-82B7-50328BD9343E}: NameServer = 194.204.159.1 217.98.63.164

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo Firewall\Comodo\Firewall\cmdagent.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\NOD32\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\PerfectDisk\PDAgent.exe

O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\PerfectDisk\PDEngine.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Spy Sweeper\SpySweeper.exe

(Asterisk) #2

Zmień tytuł na konkretny używając funkcji icon_edit.gif

Inaczej temat poleci do śmietnika.


(Kuz5) #3

W logu nic nie widać

Wklej loga SilentRunners


(system) #4

@asterisk: Sorry, jakoś tak wyszło z tym tematem, teraz już zmienić niestety chyba nie mogę, a przynajmniej nie widze takiej opcji - no w każdym razie mam nadzieje, że się zlitujesz tym razem :wink:

@kuz5 Dzięki za pomoc, myślałem, że coś HT pokaże. Oto log z SR:

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"nod32kui" = ""C:\Program Files\NOD32\nod32kui.exe" /WAITSERVICE" ["Eset "]

"WheelMouse" = ""C:\Program Files\A4Tech\Mouse\Amoumain.exe"" ["A4Tech Co.,Ltd."]

"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]

"NvCplDaemon" = ""RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Spybot\SDHelper.dll" ["Safer Networking Limited"]

{724d43a9-0d85-11d4-9908-00400523e39a}\(Default) = (no title provided)

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\AI RoboForm\roboform.dll" ["Siber Systems"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "SSVHelper Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "FDMIECookiesBHO Class"

                   \InProcServer32\(Default) = "C:\Program Files\Free Download Manager\iefdmcks.dll" [null data]


HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\NOD32\nodshex.dll" [null data]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\phototoys.dll" [MS]

"{2B3453E4-49DF-11D3-8229-0080BE509050}" = "GMail Drive"

  -> {HKLM...CLSID} = "GMail Drive"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]

"{2B3453E4-49DF-11D3-8229-0080BE509052}" = "GMailFS Property Sheet"

  -> {HKLM...CLSID} = "GMailFS Property Sheet"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]

"{2B3453E4-49DF-11D3-8229-0080BE509054}" = "GMailFS Drop Handler"

  -> {HKLM...CLSID} = "GMailFS Drop Handler"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]

"{2B3453E4-49DF-11D3-8229-0080BE509056}" = "GMailFS Context Menu"

  -> {HKLM...CLSID} = "GMailFS Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\GMailFS.dll" ["Bjarke Viksoe"]

"{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}" = "Autodesk Drawing Preview"

  -> {HKLM...CLSID} = "ACTHUMBNAIL"

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll" ["Autodesk"]

"{36A21736-36C2-4C11-8ACB-D4136F2B57BD}" = "Ikona obsługi nakładki Podpisów cyfrowych AutoCAD"

  -> {HKLM...CLSID} = "AcSignIcon"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\AcSignIcon.dll" ["Autodesk"]


HKLM\System\CurrentControlSet\Control\Session Manager\

<> "BootExecute" = "PDBoot.exe" ["Raxco Software, Inc."]|"autocheck autochk *"


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<> WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]


HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\NOD32\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

FineReader8\(Default) = "{F7091C74-EBB1-49D7-94C7-FE4886CCC18D}"

  -> {HKLM...CLSID} = "FineReader8ExplorerContextMenuHandler"

                   \InProcServer32\(Default) = "C:\Program Files\FineReader 8.0 Pro\FECMenu.dll" ["ABBYY Software"]

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

                   \InProcServer32\(Default) = "C:\Program Files\NOD32\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]



Default executables:

--------------------


HKCU\Software\Classes\.scr\(Default) = "AutoCADScriptFile"

<> HKCU\Software\Classes\AutoCADScriptFile\shell\open\command\(Default) = ""C:\Program Files\TC PowerPack\Tools\notepad2.exe" "%1"" [null data]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\


"ForceClassicControlPanel" = (REG_DWORD) hex:0x00000001

{unrecognized setting}


"NoSharedDocuments" = (REG_DWORD) hex:0x00000001

{User Configuration|Administrative Templates|Windows Components|Windows Explorer|

Remove Shared Documents from My Computer}


HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}


"NoInternetOpenWith" = (REG_DWORD) hex:0x00000001

{unrecognized setting}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "%APPDATA%\FastStone\FSIV\FSViewerWallPaper.bmp"


Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\admin\Dane aplikacji\FastStone\FSIV\FSViewerWallPaper.bmp"



Startup items in "admin" & "All Users" startup folders:

-------------------------------------------------------


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Launchy" -> shortcut to: "C:\Program Files\Launchy\Launchy.exe" ["Code Jelly"]

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINDOWS\System32\imon.dll ["Eset "], 01 - 05, 11

%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 21

%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{724D43A0-0D85-11D4-9908-00400523E39A}"

  -> {HKLM...CLSID} = "&RoboForm"

                   \InProcServer32\(Default) = "C:\Program Files\AI RoboForm\roboform.dll" ["Siber Systems"]


HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{724D43A0-0D85-11D4-9908-00400523E39A}" = (no title provided)

  -> {HKLM...CLSID} = "&RoboForm"

                   \InProcServer32\(Default) = "C:\Program Files\AI RoboForm\roboform.dll" ["Siber Systems"]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"

  -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]

  -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]


{320AF880-6646-11D3-ABEE-C5DBF3571F46}\

"ButtonText" = "Fill Forms"

"MenuText" = "Fill Forms"

"Script" = "file://C:\Program Files\AI RoboForm\RoboFormComFillForms.html" [file not found]


{320AF880-6646-11D3-ABEE-C5DBF3571F49}\

"ButtonText" = "Save"

"MenuText" = "Save Forms"

"Script" = "file://C:\Program Files\AI RoboForm\RoboFormComSavePass.html" [file not found]


{724D43AA-0D85-11D4-9908-00400523E39A}\

"ButtonText" = "RoboForm"

"MenuText" = "RoboForm Toolbar"

"Script" = "file://C:\Program Files\AI RoboForm\RoboFormComShowToolbar.html" [file not found]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


Comodo Application Agent, CmdAgent, "C:\Program Files\Comodo Firewall\Comodo\Firewall\cmdagent.exe" ["COMODO"]

NOD32 Kernel Service, NOD32krn, ""C:\Program Files\NOD32\nod32krn.exe"" ["Eset "]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]



Keyboard Driver Filters:

------------------------


HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\

"UpperFilters" = <> "SSKBFD" ["Webroot Software Inc (www.webroot.com)"]



Print Monitors:

---------------


HKLM\System\CurrentControlSet\Control\Print\Monitors\

HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]

hpzsnt12\Driver = "hpzsnt12.dll" ["HP"]

PDFCreator\Driver = "pdfcmnnt.dll" [null data]



----------

<>: Suspicious data at a malware launch point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 126 seconds.

---------- (total run time: 253 seconds)

(JNJN) #5

Caliostro

Byłeś o coś proszony.JNJN


(Kuz5) #6

Log czysty, więc można praktycznie wykluczyś iz problem leży po stronie infekcji systemu

W pierwszym swoim poście kliknij ikonkę icon_edit.gif


(system) #7

Dzięki jeszcze raz. Cóż narazie przeboleje, najwyżej za jakiś czas uruchomię magiczną komendę format c:....

W kwestii tytułu posta - już zmienione. Sorry za problemy - nie widziałem magicznego przycisku "zmień" bo nie byłem zalogowany... eh szkoda słów :wink:

Pozdrawiam.