Mcenspc.dll problem

Dla specjalistów Bezpieczeństwo
#1

witam

Wiem ze ten problem juz sie pojawial na forum ale nie wiem czy zawsze postepuje sie w ten sam sposob.

Przy starcie systemu pojawia sie kilka okienek z komunikatem ze brakuje mcenspc.dll i mam to sprawdzic z dyskiem instalacyjnym.

Prosze o sprawdzenie loga i dalsze wskazowki :wink:

pozdrawiam

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:13:54, on 2009-03-05

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

C:\spm\spmdib.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\phonostar\ps_timer.exe

C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\OpenOfficeT7 2.3.1\program\soffice.exe

C:\Program Files\OpenOfficeT7 2.3.1\program\soffice.BIN

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Gadu-Gadu\gg.exe

E:\ROBOTA\softimage\tutoriale\DT\bmw\DT_XSIAutomotiveModeling_CD1\start_here.exe

C:\Program Files\PWN\WSPWNOUP2004\SPWNOUP.exe

C:\Softimage\XSI_7.0\Application\bin\XSI.exe

E:\wirus\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM…\Run: [soundMAX] “C:\Program Files\Analog Devices\SoundMAX\Smax4.exe” /tray

O4 - HKLM…\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM…\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKLM…\Run: [startCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”

O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM…\Run: [ABBYY Community Agent] C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe

O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM…\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions

O4 - HKLM…\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM…\Run: [Acrobat Assistant 8.0] “C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe”

O4 - HKLM…\Run: [screenManager Pro for LCD] C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe

O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe”

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe”

O4 - HKCU…\Run: [Free Download Manager] “C:\Program Files\Free Download Manager\fdm.exe” -autorun

O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”

O4 - HKCU…\Run: [ALLUpdate] “C:\Program Files\ALLPlayer\ALLUpdate.exe” “sleep”

O4 - HKCU…\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

O4 - HKCU…\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - S-1-5-18 Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe (User ‘SYSTEM’)

O4 - S-1-5-18 Startup: OpenOfficeT7 2.3.1.lnk = C:\Program Files\OpenOfficeT7 2.3.1\program\quickstart.exe (User ‘SYSTEM’)

O4 - .DEFAULT Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe (User ‘Default user’)

O4 - .DEFAULT Startup: OpenOfficeT7 2.3.1.lnk = C:\Program Files\OpenOfficeT7 2.3.1\program\quickstart.exe (User ‘Default user’)

O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe

O4 - Startup: OpenOfficeT7 2.3.1.lnk = C:\Program Files\OpenOfficeT7 2.3.1\program\quickstart.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Dołącz do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konwertuj do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konwertuj wybrane łącza do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Konwertuj wybrane łącza do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Konwertuj zaznaczenie do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj zaznaczenie do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra ‘Tools’ menuitem: Utwórz Ulubione dla urządzenia przenośnego… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour … se4009.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso … 6553658031

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\spm\spmdib.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

End of file - 14769 bytes

#2

log wygląda na czysty

Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 uruchom dwuklikiem

pokaż log

Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy

:slight_smile:

#3

Combofix usunal jakies dwa pliki z czego pierwszy to byl wlaśnie mcenspc.dll

Po uruchomieniu systemy Kaspersky zglosil ze jest jakis proces pt. catchme.cfexe. Dalem to do kwarantanny - według zaleceń Kasperskego. Dobrze zrobiłem?

Pod spodem log z Combo. Po restarcie juz nie pojawialy sie te komunikaty. Jeszcze jedno pytanie. Czy konsola odzyskiwania ma byc zainstalowana?

pozdrawiam

ComboFix 09-03-04.01 - Paulux 2009-03-06 10:36:41.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1107 [GMT 1:00]

Uruchomiony z: c:\documents and settings\Paulux\Pulpit\ComboFix.exe

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)

FW: Kaspersky Internet Security *disabled*

* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Downloaded Program Files\ODCTOOLS

c:\windows\system32\mcenspc.dll

c:\windows\system32\tmp.reg

.

((((((((((((((((((((((((( Pliki utworzone od 2009-02-06 do 2009-03-06 )))))))))))))))))))))))))))))))

.

2009-03-06 10:22 . 2009-03-06 10:22

2009-03-06 09:50 . 2009-03-06 10:39

2009-03-06 09:48 . 2009-03-06 09:48

2009-03-02 21:28 . 2009-03-02 21:28

2009-03-02 21:25 . 2009-03-02 21:25

2009-03-02 21:25 . 2009-03-02 21:25 2,246,144 --a------ c:\windows\system32\pbsvc.exe

2009-02-27 15:24 . 2009-02-27 15:24 56 --ah----- c:\windows\system32\ezsidmv.dat

2009-02-27 15:23 . 2009-02-27 15:23

2009-02-27 15:23 . 2009-02-27 15:23

2009-02-20 18:33 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\system32\D3DX9_39.dll

2009-02-20 18:33 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\system32\D3DCompiler_39.dll

2009-02-20 18:33 . 2008-07-31 10:40 509,448 --a------ c:\windows\system32\XAudio2_2.dll

2009-02-20 18:33 . 2008-07-12 08:18 467,984 --a------ c:\windows\system32\d3dx10_39.dll

2009-02-20 18:33 . 2008-07-31 10:41 238,088 --a------ c:\windows\system32\xactengine3_2.dll

2009-02-20 18:33 . 2008-07-31 10:41 68,616 --a------ c:\windows\system32\XAPOFX1_1.dll

2009-02-19 11:27 . 2009-02-19 11:27

2009-02-19 11:26 . 2009-02-19 11:26

2009-02-19 11:26 . 2009-02-19 11:26

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-06 09:44 --------- d-----w c:\documents and settings\Paulux\Dane aplikacji\OpenOfficeT72

2009-03-06 09:42 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab

2009-03-06 09:41 --------- d-----w c:\documents and settings\Paulux\Dane aplikacji\WTablet

2009-03-06 09:39 266,084 --sha-w c:\windows\system32\drivers\fidbox2.idx

2009-03-06 09:39 2,782,240 --sha-w c:\windows\system32\drivers\fidbox2.dat

2009-03-06 09:39 104,541,728 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-03-06 09:39 1,408,496 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-03-06 09:39 --------- d-----w c:\documents and settings\Paulux\Dane aplikacji\Free Download Manager

2009-03-05 17:53 --------- d-----w c:\documents and settings\Paulux\Dane aplikacji\uTorrent

2009-03-02 20:46 70,968 ----a-w c:\windows\system32\PnkBstrA.exe

2009-03-02 20:46 188,896 ----a-w c:\windows\system32\PnkBstrB.exe

2009-03-02 20:46 138,784 ----a-w c:\windows\system32\drivers\PnkBstrK.sys

2009-03-02 20:26 22,328 ----a-w c:\documents and settings\Paulux\Dane aplikacji\PnkBstrK.sys

2009-03-02 19:21 --------- d-----w c:\documents and settings\Paulux\Dane aplikacji\Skype

2009-03-02 18:14 --------- d-----w c:\documents and settings\Paulux\Dane aplikacji\skypePM

2009-02-27 14:23 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype

2009-02-26 10:38 --------- d-----w c:\documents and settings\Paulux\Dane aplikacji\phonostar-Player

2009-02-26 10:37 --------- d-----w c:\program files\phonostar

2009-02-19 10:28 --------- d-----w c:\program files\QuickTime

2009-02-11 00:12 --------- d-----w c:\documents and settings\LocalService\Dane aplikacji\WTablet

2009-02-10 11:12 33,808 ----a-w c:\windows\system32\drivers\klbg.sys

2009-02-03 18:32 89,601 ----a-w c:\windows\system32\drivers\klick.dat

2009-02-03 18:32 101,287 ----a-w c:\windows\system32\drivers\klin.dat

2009-01-29 20:18 --------- d–h--w c:\program files\InstallShield Installation Information

2009-01-29 20:00 --------- d-----w c:\program files\Common Files\Softimage

2009-01-19 12:40 --------- d-----w c:\program files\Kaspersky Lab

2009-01-19 12:35 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2009-01-17 14:04 --------- d—a-w c:\documents and settings\All Users\Dane aplikacji\TEMP

2009-01-17 13:40 --------- d-----w c:\program files\ALLPlayer

2009-01-17 12:52 --------- d-----w c:\documents and settings\Paulux\Dane aplikacji\Uniblue

2009-01-17 12:51 --------- dc-h–w c:\documents and settings\All Users\Dane aplikacji{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

2009-01-17 12:51 --------- d-----w c:\program files\Uniblue

2009-01-17 09:56 --------- d-----w c:\program files\Ubisoft

2009-01-16 21:38 --------- d-----w c:\program files\Total War

2009-01-15 00:43 278,984 ----a-w c:\windows\system32\drivers\atksgt.sys

2009-01-15 00:16 25,416 ----a-w c:\windows\system32\drivers\lirsgt.sys

2009-01-03 08:07 81,920 ----a-w c:\windows\system32\frapsvid.dll

2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll

2007-12-03 21:51 32 ----a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat

2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe

2007-12-27 21:38 56 --sh–r c:\windows\system32\03B6E3427B.sys

2008-01-02 12:21 88 --sh–r c:\windows\system32\7B42E3B603.sys

2008-10-16 08:05 6,528 --sha-w c:\windows\system32\KGyGaAvL.sys

2008-09-18 11:49 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008091820080919\index.dat

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2008-04-14 15360]

“SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2008-09-17 1576176]

“DAEMON Tools Lite”=“c:\program files\DAEMON Tools Lite\daemon.exe” [2008-01-03 486856]

“Free Download Manager”=“c:\program files\Free Download Manager\fdm.exe” [2008-05-20 2474031]

“H/PC Connection Agent”=“c:\program files\Microsoft ActiveSync\wcescomm.exe” [2006-11-13 1289000]

“ALLUpdate”=“c:\program files\ALLPlayer\ALLUpdate.exe” [2008-11-24 869888]

“Uniblue RegistryBooster 2009”=“c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe” [2008-08-26 2019624]

“PhonostarTimer”=“c:\program files\phonostar\ps_timer.exe” [2008-09-19 126976]

“Nowe Gadu-Gadu”=“c:\program files\Nowe Gadu-Gadu\gg.exe” [2009-02-27 9339496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“JMB36X IDE Setup”=“c:\windows\RaidTool\xInsIDE.exe” [2007-03-20 36864]

“36X Raid Configurer”=“c:\windows\system32\xRaidSetup.exe” [2007-03-21 1953792]

“StartCCC”=“c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 90112]

“SunJavaUpdateSched”=“c:\program files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 144784]

“ISUSPM Startup”=“c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe” [2005-02-16 221184]

“ISUSScheduler”=“c:\program files\Common Files\InstallShield\UpdateService\issch.exe” [2005-02-16 81920]

“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]

“HPDJ Taskbar Utility”=“c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe” [2002-12-10 188416]

“ABBYY Community Agent”=“c:\program files\Sprint FineReader 5.0 Office TryBuy\Sprint\CAgent.exe” [2001-01-31 241664]

“SoundMAXPnP”=“c:\program files\Analog Devices\Core\smax4pnp.exe” [2006-12-18 868352]

“CloneCDTray”=“c:\program files\SlySoft\CloneCD\CloneCDTray.exe” [2006-09-28 57344]

“TkBellExe”=“c:\program files\Common Files\Real\Update_OB\realsched.exe” [2008-03-28 185896]

“Sony Ericsson PC Suite”=“c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” [2007-06-13 528384]

“PWRISOVM.EXE”=“c:\program files\PowerISO\PWRISOVM.EXE” [2008-03-15 233472]

“Acrobat Assistant 8.0”=“c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe” [2006-10-22 620152]

“ScreenManager Pro for LCD”=“c:\program files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe” [2007-08-30 10937640]

“AVP”=“c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe” [2009-02-10 206088]

“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe” [2009-01-05 413696]

“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2008-04-14 15360]

c:\documents and settings\Paulux\Menu Start\Programy\Autostart\

Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-12-19 261120]

OpenOfficeT7 2.3.1.lnk - c:\program files\OpenOfficeT7 2.3.1\program\quickstart.exe [2007-12-08 393216]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer{AC76BA86-1029-0000-7760-000000000003}_SC_Acrobat.exe [2008-06-13 295606]

Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-03 110592]

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

ASUS WiFi-AP Solo.lnk - c:\program files\ASUS WiFi-AP Solo\RtWLan.exe [2007-11-30 987136]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-07-13 805392]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL” [2008-05-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]

2008-09-17 06:47 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2008-05-02 01:42 72208 c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“c:\Program Files\Bonjour\mDNSResponder.exe”=

“c:\Program Files\uTorrent\uTorrent.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“c:\WINDOWS\system32\PnkBstrA.exe”=

“c:\WINDOWS\system32\PnkBstrB.exe”=

“c:\program files\Microsoft ActiveSync\rapimgr.exe”= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

“c:\program files\Microsoft ActiveSync\wcescomm.exe”= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

“c:\program files\Microsoft ActiveSync\WCESMgr.exe”= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

“c:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“26675:TCP”= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-04-04 24592]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]

S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2007-11-30 176128]

S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2008-02-13 83208]

S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2008-02-13 15112]

S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2008-02-13 108680]

S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2008-02-13 100488]

S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2008-02-13 98568]

S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2007-11-30 13532]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{1cd2569e-bbd3-11dc-92e9-0015af3e677c}]

\Shell\AutoRun\command - H:\start_here.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b708f0b1-384c-11dd-9531-0015af3e677c}]

\Shell\AutoRun\command - L:\start_here.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f5226320-124c-11dd-9103-0015af3e677c}]

\Shell\AutoRun\command - J:\autorun.exe

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.pl/

uInternet Settings,ProxyOverride = *.local

IE: Dodaj do listy blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

IE: Download with GetRight - c:\program files\GetRight\GRdownload.htm

IE: Dołącz do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konwertuj do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konwertuj miejsce docelowe łącza do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Konwertuj wybrane łącza do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Konwertuj wybrane łącza do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Konwertuj zaznaczenie do Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Konwertuj zaznaczenie do istniejącego pliku PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Open with GetRight Browser - c:\program files\GetRight\GRbrowse.htm

IE: Pobierz plik wideo we Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm

IE: Pobierz w Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

IE: Pobierz wszystkie pliki w Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Pobierz zaznaczone w Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

FF - ProfilePath - c:\documents and settings\Paulux\Dane aplikacji\Mozilla\Firefox\Profiles\hator9iw.default\

FF - prefs.js: browser.startup.homepage - http://www.pajacyk.pl

FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - plugin: c:\documents and settings\All Users\Dane aplikacji\id Software\QuakeLive\npquakezero.dll

FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

FF - plugin: c:\program files\Picasa2\npPicasa2.dll

FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-06 10:41:25

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-682003330-1580436667-839522115-1003\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]

“??”=hex:b2,62,95,14,cd,fa,69,ee,78,51,21,d6,87,d2,e9,ac,30,87,ec,06,11,f8,5a,

51,3a,94,63,14,45,a7,08,55,80,da,99,57,7c,4a,62,89,da,8e,a1,73,01,73,f2,07,\

“??”=hex:f5,03,8f,36,0b,1b,73,45,ef,7b,6c,4d,3f,9a,25,1e

[HKEY_USERS\S-1-5-21-682003330-1580436667-839522115-1003\Software\SecuROM\License information*]

“datasecu”=hex:8c,6e,a0,8c,ec,5a,60,dc,de,d3,10,ab,ee,8d,1d,b6,83,35,a9,7b,29,

37,5f,91,e2,0f,0a,90,a8,65,8f,7e,ce,49,ca,e1,49,7a,52,7a,73,65,c7,6d,b2,b8,\

“rkeysecu”=hex:c8,92,02,bb,21,32,67,fb,51,0a,e3,c2,95,b8,a6,4a

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

              • ‘winlogon.exe’(1156)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\Ati2evxx.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

              • ‘explorer.exe’(3808)

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Czas ukończenia: 2009-03-06 10:54:33 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-03-06 09:48:22

Przed: 12 227 612 672 bajtów wolnych

Po: 22,523,846,656 bajtów wolnych

245 — E O F — 2009-02-25 22:39:35

#4

Log wygląda na czysty

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i … 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

przeskanuj

Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2& … It!+4.44.5

nie musi

:slight_smile:

#5

Leon dzieki jak na razie za pomoc

chyba zrobilem to tak jak napisales ale cureit nie chce sie zainstalowac (nie moze rozpakowac jakis plikow)

Chyba nie powinienem wlaczac spowrotem w Ogolnych (msconfig) funkcji normalne uruchamianie (pojawiło sie okno przy uruchomieniu systemu) bo znowu

zaznaczyly sie te wpisy, ktore w logu sa pod nr 04 ?

Mozesz spojżec na ten log czy jest ok?

pozdrawiam

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:59:58, on 2009-03-06

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

C:\spm\spmdib.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\Tablet.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe

C:\Program Files\Nowe Gadu-Gadu\gg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\phonostar\ps_timer.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Free Download Manager\fdm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\MICROS~3\rapimgr.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe

C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\OpenOfficeT7 2.3.1\program\soffice.exe

C:\Program Files\OpenOfficeT7 2.3.1\program\soffice.BIN

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

E:\wirus\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM…\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe”

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [startCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe”

O4 - HKLM…\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM…\Run: [sony Ericsson PC Suite] “C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe” /startoptions

O4 - HKLM…\Run: [screenManager Pro for LCD] C:\Program Files\EIZO\ScreenManager Pro for LCD\Lcdctrl.exe

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime

O4 - HKLM…\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start

O4 - HKLM…\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

O4 - HKLM…\Run: [CloneCDTray] “C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe” /s

O4 - HKLM…\Run: [Acrobat Assistant 8.0] “C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe”

O4 - HKLM…\Run: [ABBYY Community Agent] C:\Program Files\Sprint & FineReader 5.0 Office Try&Buy\Sprint\CAgent.exe

O4 - HKLM…\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

O4 - HKCU…\Run: [Nowe Gadu-Gadu] “C:\Program Files\Nowe Gadu-Gadu\gg.exe”

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S

O4 - HKCU…\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU…\Run: [PhonostarTimer] C:\Program Files\phonostar\ps_timer.exe

O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe”

O4 - HKCU…\Run: [Free Download Manager] “C:\Program Files\Free Download Manager\fdm.exe” -autorun

O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe”

O4 - HKCU…\Run: [ALLUpdate] “C:\Program Files\ALLPlayer\ALLUpdate.exe” “sleep”

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - S-1-5-18 Startup: OpenOfficeT7 2.3.1.lnk = C:\Program Files\OpenOfficeT7 2.3.1\program\quickstart.exe (User ‘SYSTEM’)

O4 - .DEFAULT Startup: OpenOfficeT7 2.3.1.lnk = C:\Program Files\OpenOfficeT7 2.3.1\program\quickstart.exe (User ‘Default user’)

O4 - Startup: OpenOfficeT7 2.3.1.lnk = C:\Program Files\OpenOfficeT7 2.3.1\program\quickstart.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm

O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm

O8 - Extra context menu item: Dołącz do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konwertuj do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Konwertuj wybrane łącza do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Konwertuj wybrane łącza do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Konwertuj zaznaczenie do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Konwertuj zaznaczenie do istniejącego pliku PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm

O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm

O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra ‘Tools’ menuitem: Utwórz Ulubione dla urządzenia przenośnego… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour … se4009.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso … 6553658031

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe

O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\spm\spmdib.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

End of file - 13740 bytes

#6

Log czysty

zrób optymalizację uruchamiania

przeskanuj Kasperskim

:slight_smile:

#7

a po tej optymalizacji mam zostawic w Ogolnych uruchamianie diagnostyczne :?:

Dodane 07.03.2009 (So) 21:37

ok to zostawie w Narzędziach konfugiracji systemu włączoną opcje Uruchamianie Selektywne.

System otwiera się znacznie szybciej i twardy dysk już nie rzęzi tak jak zwykle (prawie go nie słychać). Przeczyszczone wszystko :wink:

Leon bardzo dziękuje za pomoc :!: :!: :!: