Powolne uruchmianie się XP - Log Hjack

Dla specjalistów Bezpieczeństwo
#1

Witajcie !!

Ratujcie !!

#2

fix w hijackthis

Pokaż log z combofix

Wykonaj optymalizację autostartu

#3

Dzięki za Request…

Podrzucę wszystko po południu.

Wykonać najpierw akcje z COMBOFIXem, a potem optymalizacje Autostartu, czy wszystko jedno w jakiej kolejności to zrobię ??

Pozdrawiam: Fixxxer

#4

To jest bez różnicy co pierwsze wykonasz

#5

Podrzucam LOG z Combofixa

PS. Czy te 2 wpisy, które zaznaczyłeś, usunąć ??

ComboFix 08-06-15.4 - RzeKin 2008-06-16 7:38:00.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1622 [GMT 2:00]

Running from: C:\Documents and Settings\RzeKin\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))

.

2008-06-11 10:13 . 2008-06-11 10:13

2008-06-11 10:13 . 2008-06-11 10:14

2008-06-11 10:12 . 2008-06-11 10:12

2008-06-11 10:03 . 2008-06-11 10:03

2008-06-10 17:37 . 2008-06-10 17:37 34 --a------ C:\WINDOWS\system32\oeminfo.ini

2008-06-09 08:58 . 2007-05-01 22:51 16,816 -ra------ C:\WINDOWS\system32\drivers\vmnetadapter.sys

2008-06-09 08:58 . 2007-05-01 22:51 13,104 -ra------ C:\WINDOWS\system32\vnetinst.dll

2008-06-09 08:57 . 2007-05-01 22:51 437,040 --a------ C:\WINDOWS\system32\vnetlib.dll

2008-06-09 08:57 . 2007-05-01 22:52 150,320 --a------ C:\WINDOWS\system32\vmnat.exe

2008-06-09 08:57 . 2007-05-01 22:51 121,648 --a------ C:\WINDOWS\system32\vmnetdhcp.exe

2008-06-09 08:57 . 2007-05-01 22:51 50,992 -ra------ C:\WINDOWS\system32\vmnetbridge.dll

2008-06-09 08:57 . 2007-05-01 22:51 28,592 -ra------ C:\WINDOWS\system32\drivers\vmnetbridge.sys

2008-06-09 08:57 . 2007-05-01 22:52 25,264 --a------ C:\WINDOWS\system32\drivers\vmnetuserif.sys

2008-06-09 08:57 . 2007-05-01 22:52 21,040 --a------ C:\WINDOWS\system32\drivers\VMkbd.sys

2008-06-09 08:57 . 2007-05-01 22:51 17,712 -ra------ C:\WINDOWS\system32\drivers\vmnet.sys

2008-06-09 08:56 . 2008-06-09 08:56

2008-06-09 08:56 . 2008-06-09 08:56

2008-06-09 08:48 . 2008-06-09 08:48

2008-06-07 22:50 . 2008-06-07 23:19

2008-06-07 22:20 . 2008-06-16 07:25

2008-06-07 22:19 . 2008-06-16 07:25

2008-06-07 22:17 . 2008-06-16 07:25

2008-06-07 22:17 . 2008-06-09 08:57 1,024 --a------ C:.rnd

2008-06-07 22:11 . 2008-06-07 22:11

2008-06-07 22:11 . 2008-06-07 22:11

2008-06-04 09:56 . 2008-06-04 09:56

2008-06-04 09:55 . 2008-06-04 09:55

2008-06-04 08:11 . 2008-06-04 08:11

2008-06-03 18:16 . 2008-06-03 18:19

2008-06-03 18:15 . 2008-06-03 18:15

2008-05-29 20:16 . 2008-05-29 20:16

2008-05-28 23:05 . 2008-05-28 23:05

2008-05-28 22:29 . 2008-05-28 22:29

2008-05-28 22:23 . 2008-05-28 22:23

2008-05-28 16:04 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

2008-05-28 16:04 . 2001-08-17 21:56 7,552 --a–c— C:\WINDOWS\system32\dllcache\sonypvu1.sys

2008-05-28 10:37 . 2008-05-28 10:38

2008-05-25 09:51 . 2008-05-25 09:51

2008-05-25 09:48 . 2008-05-25 09:48

2008-05-24 22:06 . 2008-05-24 22:07

2008-05-23 13:49 . 2008-06-11 10:12

2008-05-21 13:58 . 2008-06-07 23:25

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-15 21:55 --------- d-----w C:\Documents and Settings\RzeKin\Dane aplikacji\uTorrent

2008-06-10 15:53 --------- d-----w C:\Program Files\Google

2008-06-10 15:06 --------- d-----w C:\Program Files\Ashampoo

2008-05-28 20:40 --------- d-----w C:\Documents and Settings\RzeKin\Dane aplikacji\RhinoSoft.com

2008-05-28 20:39 --------- d-----w C:\Program Files\Sprint FineReader 5.0 Office TryBuy

2008-05-28 20:33 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec

2008-05-14 17:59 --------- d–h--w C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ

2008-05-14 12:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2008-05-13 16:53 --------- d-----w C:\Documents and Settings\RzeKin\Dane aplikacji\AVGTOOLBAR

2008-05-13 15:04 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-05-13 15:04 --------- d-----w C:\Program Files\ScanDrv5

2008-05-12 07:46 --------- d-----w C:\Program Files\AVG

2008-05-12 07:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\G DATA

2008-05-11 13:58 --------- d-----w C:\Program Files\UltraVNC

2008-05-11 13:52 --------- d-----w C:\Documents and Settings\RzeKin\Dane aplikacji\Cream Software

2008-05-11 13:51 --------- d-----w C:\Program Files\Cream Software

2008-05-11 13:35 --------- d-----w C:\Program Files\Java

2008-05-11 13:34 --------- d-----w C:\Program Files\Common Files\Java

2008-05-11 12:43 --------- d-----w C:\Documents and Settings\RzeKin\Dane aplikacji\Dev-Cpp

2008-05-08 14:03 --------- d-----w C:\Program Files\DAEMON Tools Lite

2008-05-08 09:25 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-05-08 09:25 --------- d-----w C:\Documents and Settings\RzeKin\Dane aplikacji\DAEMON Tools

2008-05-08 09:16 --------- d-----w C:\Documents and Settings\RzeKin\Dane aplikacji\Symantec

2008-05-08 06:56 --------- d-----w C:\Program Files\PDFCreator

2008-05-08 06:55 253,116 ----a-w C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_4625.exe

2008-05-08 06:55 14,290 ----a-w C:\Program Files\settings.dat

2008-05-08 06:55 --------- d-----w C:\Program Files\PDFCreator Toolbar

2008-05-07 06:46 --------- d-----w C:\Program Files\IrfanView

2008-05-07 06:38 --------- d-----w C:\Documents and Settings\RzeKin\Dane aplikacji\Winamp

2008-05-07 06:35 --------- d-----w C:\Program Files\Winamp

2008-04-26 18:31 --------- d-----w C:\Program Files\uTorrent

2008-04-25 23:03 --------- d-----w C:\Documents and Settings\RzeKin\Dane aplikacji\Gadu-Gadu

2008-04-23 21:09 --------- d-----w C:\Program Files\Gadu-Gadu

2008-04-23 13:11 --------- d-----w C:\Program Files\ffdshow

2008-04-23 12:01 --------- d-----w C:\Program Files\MarBit

2008-04-23 11:52 --------- d-----w C:\Program Files\Common Files\Adobe

2008-04-23 11:01 --------- d-----w C:\Program Files\HP

2008-04-23 10:57 --------- d-----w C:\Program Files\Common Files\SWF Studio

2008-04-23 09:44 --------- d-----w C:\Program Files\Microsoft Works

2008-04-23 07:46 --------- d-----w C:\Program Files\MSXML 6.0

2008-04-22 11:46 --------- d-----w C:\Program Files\BestPlayer 1.0

2008-04-22 11:07 46,536 ----a-w C:\WINDOWS\system32\drivers\MiniIcpt.sys

2008-04-22 09:58 --------- d-----w C:\Program Files\Motorola

2008-04-22 09:57 --------- d-----w C:\Program Files\Realtek

2008-04-22 09:51 --------- d-----w C:\Program Files\Synaptics

2008-04-22 09:51 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-04-22 09:43 --------- d-----w C:\Program Files\Intel

2008-04-22 09:37 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-04-22 09:00 --------- d-----w C:\Program Files\microsoft frontpage

2008-04-22 08:58 --------- d-----w C:\Program Files\Usługi online

2008-04-21 13:00 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll

2008-04-21 13:00 60,273 ----a-w C:\WINDOWS\system32\pthreadGC2.dll

2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys

.

((((((((((((((((((((((((((((( snapshot@2008-06-04_ 9.36.16,17 )))))))))))))))))))))))))))))))))))))))))

.

  • 2008-06-07 21:20:23 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

  • 2008-06-07 21:20:23 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

  • 2008-06-07 21:20:24 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

  • 2008-06-07 21:20:18 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

  • 2008-06-07 21:20:19 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

  • 2008-06-07 21:20:20 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

  • 2008-06-07 21:20:20 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

  • 2008-06-07 21:20:21 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

  • 2008-06-07 21:20:21 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

  • 2008-06-07 21:20:21 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

  • 2008-06-07 21:20:22 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

  • 2008-06-07 21:20:22 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

  • 2008-06-07 21:20:24 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

  • 2008-06-07 21:20:24 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

  • 2008-06-07 21:20:24 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

  • 2008-06-07 21:20:24 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

  • 2008-06-07 21:20:25 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

  • 2008-06-07 21:20:22 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

  • 2008-06-04 06:13:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat

  • 2008-06-16 05:25:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat

  • 2008-06-11 08:13:36 1,038,336 ----a-r C:\WINDOWS\Installer{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe

  • 2008-06-11 08:13:36 178,688 ----a-r C:\WINDOWS\Installer{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe

  • 2008-06-11 08:13:36 171,008 ----a-r C:\WINDOWS\Installer{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe

  • 2008-06-11 08:13:36 8,704 ----a-r C:\WINDOWS\Installer{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B1.exe

  • 2008-06-07 20:11:30 473,600 ----a-w C:\WINDOWS\Komputer i Ty Kurs Sieci Komputerowych\uninstall.exe

  • 2005-03-18 14:23:10 53,248 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.AudioVideoPlayback.dll

  • 2005-03-18 14:23:10 12,800 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll

  • 2005-03-18 14:23:14 473,600 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3D.dll

  • 2004-09-29 10:38:58 2,676,224 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Direct3DX.dll

  • 2005-03-18 14:23:10 145,920 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectDraw.dll

  • 2005-03-18 14:23:10 159,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectInput.dll

  • 2005-03-18 14:23:14 364,544 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectPlay.dll

  • 2005-03-18 14:23:12 178,176 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.DirectSound.dll

  • 2005-03-18 14:23:14 223,232 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.dll

  • 2004-12-01 13:53:06 2,846,720 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2903.0\Microsoft.DirectX.Direct3DX.dll

  • 2005-02-05 17:32:54 563,712 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2904.0\Microsoft.DirectX.Direct3DX.dll

  • 2005-03-18 15:23:14 567,296 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2905.0\Microsoft.DirectX.Direct3DX.dll

  • 2005-05-26 13:15:56 576,000 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2906.0\Microsoft.DirectX.Direct3DX.dll

  • 2005-07-22 15:21:34 577,024 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2907.0\Microsoft.DirectX.Direct3DX.dll

  • 2005-09-28 12:11:52 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2908.0\Microsoft.DirectX.Direct3DX.dll

  • 2005-12-05 15:20:50 577,536 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2909.0\Microsoft.DirectX.Direct3DX.dll

  • 2006-02-03 05:40:48 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2910.0\Microsoft.DirectX.Direct3DX.dll

  • 2006-03-31 09:27:50 578,560 ----a-w C:\WINDOWS\Microsoft.NET\DirectX for Managed Code\1.0.2911.0\Microsoft.DirectX.Direct3DX.dll

  • 2003-03-18 17:05:50 89,088 ----a-w C:\WINDOWS\system32\atl71.dll

  • 2005-02-05 17:45:26 2,222,800 ----a-w C:\WINDOWS\system32\d3dx9_24.dll

  • 2005-03-18 15:19:58 2,337,488 ----a-w C:\WINDOWS\system32\d3dx9_25.dll

  • 2005-05-26 13:34:52 2,297,552 ----a-w C:\WINDOWS\system32\d3dx9_26.dll

  • 2005-07-22 17:59:04 2,319,568 ----a-w C:\WINDOWS\system32\d3dx9_27.dll

  • 2005-12-05 16:09:18 2,323,664 ----a-w C:\WINDOWS\system32\d3dx9_28.dll

  • 2006-02-03 06:43:16 2,332,368 ----a-w C:\WINDOWS\system32\d3dx9_29.dll

  • 2006-03-31 10:40:58 2,388,176 ----a-w C:\WINDOWS\system32\d3dx9_30.dll

  • 2006-09-28 14:05:20 2,414,360 ----a-w C:\WINDOWS\system32\d3dx9_31.dll

  • 2007-07-11 11:37:26 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys

  • 2007-08-07 10:58:08 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys

  • 2007-05-01 20:52:52 34,608 ----a-w C:\WINDOWS\system32\drivers\hcmon.sys

  • 2007-08-07 10:56:58 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

  • 2007-04-09 11:57:36 65,216 ----a-w C:\WINDOWS\system32\drivers\stcp2v30.sys

  • 2007-05-01 20:52:50 430,128 ----a-w C:\WINDOWS\system32\drivers\vmx86.sys

  • 2007-12-14 09:32:52 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe

  • 2003-03-18 19:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll

  • 2008-05-29 15:09:18 60,448 ----a-w C:\WINDOWS\system32\perfc009.dat
  • 2008-06-09 06:57:07 61,658 ----a-w C:\WINDOWS\system32\perfc009.dat
  • 2008-05-29 15:09:18 76,620 ----a-w C:\WINDOWS\system32\perfc015.dat
  • 2008-06-09 06:57:07 77,830 ----a-w C:\WINDOWS\system32\perfc015.dat
  • 2008-05-29 15:09:18 396,208 ----a-w C:\WINDOWS\system32\perfh009.dat
  • 2008-06-09 06:57:07 398,892 ----a-w C:\WINDOWS\system32\perfh009.dat
  • 2008-05-29 15:09:18 453,610 ----a-w C:\WINDOWS\system32\perfh015.dat

  • 2008-06-09 06:57:07 456,294 ----a-w C:\WINDOWS\system32\perfh015.dat

  • 2007-03-23 08:05:16 5,451,776 ----a-r C:\WINDOWS\system32\V2iDiskLib.dll

  • 2007-05-01 19:45:40 207,664 ----a-w C:\WINDOWS\system32\vmnc.dll

  • 2006-02-03 06:41:26 14,032 ----a-w C:\WINDOWS\system32\x3daudio1_0.dll

  • 2006-09-28 14:03:28 15,128 ----a-w C:\WINDOWS\system32\x3daudio1_1.dll

  • 2006-02-03 06:42:06 230,096 ----a-w C:\WINDOWS\system32\xactengine2_0.dll

  • 2006-03-31 10:39:48 229,584 ----a-w C:\WINDOWS\system32\xactengine2_1.dll

  • 2006-05-31 05:24:16 230,168 ----a-w C:\WINDOWS\system32\xactengine2_2.dll

  • 2006-07-28 07:30:32 236,824 ----a-w C:\WINDOWS\system32\xactengine2_3.dll

  • 2006-09-28 14:05:56 237,848 ----a-w C:\WINDOWS\system32\xactengine2_4.dll

  • 2006-03-31 10:39:24 62,672 ----a-w C:\WINDOWS\system32\xinput1_1.dll

  • 2006-07-28 07:30:14 62,744 ----a-w C:\WINDOWS\system32\xinput1_2.dll

  • 2006-09-28 14:04:02 68,888 ----a-w C:\WINDOWS\system32\xinput1_3.dll

  • 2005-12-05 16:07:30 61,136 ----a-w C:\WINDOWS\system32\xinput9_1_0.dll

  • 2008-06-16 05:26:41 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_440.dat

  • 2008-06-16 05:25:26 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_728.dat

.

– Snapshot reset to current date –

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-06-20 13:21 8462336]

“NvMediaCenter”=“NvMCTray.dll” [2007-06-20 13:21 81920 C:\WINDOWS\system32\nvmctray.dll]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 04:25 144784]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-16 01:19 79224]

“vmware-tray”=“C:\Program Files\VMware\VMware Workstation\vmware-tray.exe” [2007-05-01 22:52 68400]

“VMware hqtray”=“C:\Program Files\VMware\VMware Workstation\hqtray.exe” [2007-05-01 22:52 56112]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

“NoResolveTrack”= 0 (0x0)

“NoFileAssociate”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

–a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

–a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 14.0]

C:\Program Files\Norton Ghost\Agent\VProTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

–a------ 2006-10-12 19:55 815104 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

–a------ 2008-04-01 20:49 36352 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC]

–a------ 2006-06-18 14:56 712704 C:\Program Files\UltraVNC\WinVNC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“UpdatesDisableNotify”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=

“C:\Program Files\uTorrent\uTorrent.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\totalcmd\TOTALCMD.EXE”=

“C:\Program Files\eMule\emule.exe”=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 13:22]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-08-30 04:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{acab16e2-2d57-11dd-9e1a-001cbf3da4c5}]

\Shell\Auto\command - Cn911.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Cn911.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-16 07:39:21

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASFWHide]

“ImagePath”="??\C:\DOCUME~1\RzeKin\USTAWI~1\Temp\ASFWHide"

.

Completion time: 2008-06-16 7:39:57

ComboFix-quarantined-files.txt 2008-06-16 05:39:45

ComboFix2.txt 2008-06-04 09:05:13

ComboFix3.txt 2008-06-04 09:03:28

ComboFix4.txt 2008-06-04 07:45:49

ComboFix5.txt 2008-06-04 07:36:25

Pre-Run: 77,820,076,032 bajtów wolnych

Post-Run: 77,810,368,512 bajtów wolnych

265

#6

Otwórz notatnik i wklej:

Windows Registry Editor Version 5.00 


[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Skan http://www.kaspersky.pl/virusscanner.html

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350

#7

Zrobiłem tak jak napisałeś.

System przyspieszył, ale tylko w fazie ładowania. W momencie jak pojawia się logo Windows.

PS. Co za zadanie miał wykonać ten wpis ??

#8

Skan http://www.kaspersky.pl/virusscanner.html

Optymalizacja XP: viewtopic.php?t=76580

Optymalizacja autostartu: http://www.bezpieczenstwosystemow.pl/in … opic=116.0

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools