Witam,
No chyba się powiodło nie zapeszając. Żeczywiście proces explorer zachowuje się normalnie, a co do logów wyglądają tak:
ComboFix 08-04-22.5 - lukanek 2008-04-24 21:41:35.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1379 [GMT 2:00]
Running from: C:\Documents and Settings\lukanek\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\lukanek\Pulpit\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aecvtfxc.dll
C:\WINDOWS\system32\biynytag.dll
C:\WINDOWS\system32\efcYQHAS.dll
C:\WINDOWS\system32\gatynyib.ini
C:\WINDOWS\system32\hrtfgmuo.dll
C:\WINDOWS\system32\iifGXqqn.dll
C:\WINDOWS\system32\keiosvxh.dll
C:\WINDOWS\system32\nqqXGfii.ini
C:\WINDOWS\system32\nqqXGfii.ini2
C:\WINDOWS\system32\ouejcajx.ini
C:\WINDOWS\system32\rovwyyyr.dll
C:\WINDOWS\system32\tuvWqolK.dll
C:\WINDOWS\system32\vjpyxjdf.dll
C:\WINDOWS\system32\xjacjeuo.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.
2008-04-24 19:15 . 2008-04-24 19:15
2008-04-24 19:14 . 2008-04-24 20:26
2008-04-24 19:13 . 2008-04-24 19:13 848 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-04-24 18:31 . 2008-04-24 18:32 1,504,020 —hs---- C:\WINDOWS\system32\nrftssdl.ini
2008-04-24 17:50 . 2008-04-24 17:50
2008-04-24 17:50 . 2008-04-24 17:50
2008-04-24 17:36 . 2008-04-24 17:36 45 --a------ C:\TEST.XML
2008-04-23 19:24 . 2008-04-23 19:24
2008-04-23 18:28 . 2008-04-24 18:29 1,504,260 —hs---- C:\WINDOWS\system32\xfahhqjv.ini
2008-04-22 15:11 . 2008-04-22 15:11
2008-04-22 14:15 . 2008-04-22 14:15
2008-04-22 14:15 . 2004-07-14 12:54 676,864 --a------ C:\WINDOWS\system32\drivers\hardlock.sys
2008-04-22 14:15 . 2007-03-02 14:02 76,288 --a------ C:\WINDOWS\system32\drivers\SENTINEL.SYS
2008-04-22 14:15 . 2007-03-02 14:03 50,176 --a------ C:\WINDOWS\system32\SNTI386.DLL
2008-04-22 14:15 . 2007-03-02 14:02 18,432 --a------ C:\WINDOWS\system32\RNBOVDD.DLL
2008-04-22 14:15 . 2007-03-02 14:02 9,949 --------- C:\WINDOWS\system32\SENTINEL.HLP
2008-04-22 14:15 . 2008-04-22 14:15 1,025 --a------ C:\WINDOWS\system32\ayju8sn.tgz
2008-04-22 14:14 . 2008-04-22 14:14 47,616 --a------ C:\WINDOWS\system32\drivers\Haspnt.sys
2008-04-22 14:14 . 2008-04-22 14:14 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
2008-04-22 14:14 . 2008-04-18 22:47 2,596 --a------ C:\WINDOWS\system32\config.hsp
2008-04-22 14:14 . 2008-04-22 14:14 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-04-22 14:11 . 2008-04-22 14:14
2008-04-22 14:01 . 2008-04-22 14:01
2008-04-22 13:38 . 2008-04-23 18:27 1,540,677 —hs---- C:\WINDOWS\system32\ghrsgkdw.ini
2008-04-22 13:35 . 2008-04-24 21:00 109,765 --a------ C:\WINDOWS\BMab36cdef.xml
2008-04-22 13:02 . 2008-04-22 13:02
2008-04-22 13:01 . 2008-04-22 13:01
2008-04-22 10:10 . 2008-04-22 10:10
2008-04-22 09:49 . 2008-04-22 09:49
2008-04-22 09:39 . 2006-06-28 04:37 1,009,336 --------- C:\WINDOWS\system32\mschrt20.ocx
2008-04-22 09:39 . 2005-03-03 21:09 389,120 --------- C:\WINDOWS\system32\Codejock.DockingPane.Unicode.9601.ocx
2008-04-22 09:39 . 2006-06-28 04:37 212,240 --------- C:\WINDOWS\system32\RICHTX32.OCX
2008-04-22 09:39 . 2001-07-30 16:40 24,576 --------- C:\WINDOWS\system32\msxml3a.dll
2008-04-22 09:32 . 2008-04-22 09:32
2008-04-22 08:29 . 2008-04-22 09:35
2008-04-20 22:26 . 2008-04-20 22:30
2008-04-20 22:20 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-04-20 21:39 . 2008-04-24 21:49
2008-04-20 21:39 . 2008-04-20 21:43 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-04-20 21:35 . 2008-04-20 21:35
2008-04-20 21:35 . 2008-04-23 21:07
2008-04-20 21:35 . 2008-04-20 21:35
2008-04-20 21:28 . 2008-04-20 21:28
2008-04-20 21:17 . 2008-04-20 21:17
2008-04-20 21:15 . 2008-04-20 21:15 0 --a------ C:\WINDOWS\eDrawingOfficeAutomator.INI
2008-04-20 21:13 . 2008-04-20 21:13 23 --ah----- C:\WINDOWS\yacht.xws
2008-04-20 21:05 . 2008-04-22 14:12
2008-04-20 21:04 . 2008-04-20 21:04
2008-04-20 21:04 . 2008-04-20 21:22
2008-04-20 21:04 . 2008-04-20 21:17
2008-04-20 21:04 . 2008-04-20 21:04
2008-04-20 21:04 . 2008-04-22 13:55
2008-04-20 21:03 . 2008-04-20 21:03
2008-04-20 21:00 . 2008-04-20 21:00
2008-04-20 21:00 . 2008-04-20 21:00
2008-04-20 20:55 . 2008-04-20 20:55
2008-04-20 20:54 . 2008-04-20 20:54
2008-04-20 20:53 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-20 20:47 . 2008-04-20 21:04
2008-04-20 20:46 . 2008-04-20 20:46
2008-04-20 20:45 . 2008-04-20 20:47
2008-04-20 20:45 . 2008-04-24 17:35
2008-04-20 20:36 . 2008-04-20 20:36
2008-04-20 20:22 . 2008-03-01 15:02 6,066,176 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-20 20:22 . 2007-04-17 11:32 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-20 20:22 . 2007-03-08 07:11 1,036,288 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-20 20:22 . 2008-03-01 15:02 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-20 20:22 . 2008-03-01 15:02 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-20 20:22 . 2008-03-01 15:02 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-20 20:22 . 2008-03-01 15:02 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-20 20:22 . 2008-03-01 15:02 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-20 20:22 . 2008-02-22 12:00 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 17:41 . 2008-04-20 17:41
2008-04-20 17:39 . 2008-04-20 17:39
2008-04-20 17:39 . 2008-04-20 17:41
2008-04-20 17:37 . 2008-04-20 17:37
2008-04-20 17:35 . 2008-04-20 17:35
2008-04-20 17:33 . 2008-04-20 17:33
2008-04-20 17:29 . 2008-04-20 17:29
2008-04-20 17:29 . 2005-06-15 03:00 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-04-20 17:28 . 2008-04-20 17:28
2008-04-20 17:28 . 2008-04-20 17:28
2008-04-20 17:28 . 2005-12-30 20:10 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-20 17:28 . 2005-12-30 20:18 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-20 17:28 . 2005-12-30 20:16 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-04-20 17:28 . 2008-04-20 17:28 56 -r-hs---- C:\WINDOWS\system32\4BF8C45FE9.sys
2008-04-20 17:27 . 2008-04-24 19:13
2008-04-20 17:26 . 2008-04-24 19:18 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-20 17:19 . 2008-04-20 17:19
2008-04-20 17:14 . 2008-04-20 17:15
2008-04-20 17:14 . 2008-04-22 13:01
2008-04-20 17:10 . 2008-04-20 17:10
2008-04-20 17:09 . 2008-04-20 17:09
2008-04-20 17:09 . 2008-04-20 17:09 1,024 --ah----- C:\Documents and Settings\Default User\NtUser.dat.LOG
2008-04-20 17:07 . 2008-04-20 17:07
2008-04-20 17:07 . 2008-04-20 17:08
2008-04-20 17:07 . 2008-04-20 17:07
2008-04-20 16:44 . 2008-04-20 16:44 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-04-20 16:35 . 2008-04-20 16:35
2008-04-19 01:13 . 2008-04-21 20:53
2008-04-19 01:13 . 2008-04-19 01:13 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-04-19 01:12 . 2008-04-19 01:12
2008-04-19 01:12 . 2008-04-19 01:12
2008-04-19 01:12 . 2008-04-21 23:17
2008-04-19 01:12 . 2008-04-19 01:12
2008-04-19 01:11 . 2008-04-19 01:11
2008-04-19 01:11 . 2008-04-20 16:34
2008-04-19 01:09 . 2008-04-19 01:10
2008-04-18 23:56 . 2008-04-18 23:56
2008-04-18 23:40 . 2008-04-18 23:40
2008-04-18 23:39 . 2008-04-18 23:39
2008-04-18 23:37 . 2008-04-18 23:37
2008-04-18 23:36 . 2008-04-18 23:36
2008-04-18 23:36 . 2008-04-18 23:36
2008-04-18 23:36 . 2006-08-10 20:00 921,656 --a------ C:\WINDOWS\system32\VGA.RAW
2008-04-18 23:36 . 2006-10-13 18:43 253,952 --a------ C:\WINDOWS\system32\vmprp326.ax
2008-04-18 23:36 . 2006-10-13 15:52 219,520 --a------ C:\WINDOWS\system32\drivers\usbvm326.sys
2008-04-18 23:36 . 2006-06-05 13:44 192,512 --a------ C:\WINDOWS\VimicroCam.exe
2008-04-18 23:36 . 2006-06-08 11:25 73,728 --a------ C:\WINDOWS\VMInstNT.exe
2008-04-18 23:36 . 2006-08-21 21:13 40,960 --a------ C:\WINDOWS\VM303UninstNT.exe
2008-04-18 23:36 . 2006-08-10 20:00 32,768 --a------ C:\WINDOWS\system32\VMCtrl326.ax
2008-04-18 23:36 . 2002-02-26 18:47 15,086 --a------ C:\WINDOWS\uninstall.ico
2008-04-18 23:36 . 2005-09-29 16:26 8,990 --a------ C:\WINDOWS\Product.ico
2008-04-18 23:34 . 2008-04-18 23:34
2008-04-18 23:24 . 2008-04-18 23:24 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-20 18:58 --------- d-----w C:\Program Files\MSBuild
2008-04-20 18:46 --------- d-----w C:\Program Files\Common Files\Menedżer instalacji SolidWorks
2008-04-18 23:00 --------- d-----w C:\Program Files\TC UP
2008-04-18 22:57 --------- d-----w C:\Documents and Settings\lukanek\Dane aplikacji\HEXelon
2008-04-18 22:55 --------- d-----w C:\Program Files\Crystal Player
2008-04-18 22:42 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-04-18 22:41 --------- d-----w C:\Program Files\Microsoft Works
2008-04-18 22:20 --------- d-----w C:\Program Files\D-Tools
2008-04-18 22:19 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-04-18 20:56 --------- d-----w C:\Documents and Settings\lukanek\Dane aplikacji\InstallShield
2008-04-18 20:48 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-18 20:46 --------- d-----w C:\Program Files\Usługi online
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“LightScribe Control Panel”=“C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe” [2007-10-18 15:27 455968]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44 15360]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2008-04-24 19:45 171448]
“STYLEXP”=“C:\Program Files\TGTSoft\StyleXP\StyleXP.exe” [2006-05-24 20:31 1372160]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe” [2007-10-23 14:18 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“High Definition Audio Property Page Shortcut”=“CHDAudPropShortcut.exe” [2006-07-27 12:44 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-08-23 22:15 8478720]
“nwiz”=“nwiz.exe” [2007-08-23 22:15 1626112 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-08-23 22:15 81920]
“SynTPStart”=“C:\Program Files\Synaptics\SynTP\SynTPStart.exe” [2007-09-14 19:29 102400]
“QPService”=“C:\Program Files\HP\QuickPlay\QPService.exe” [2006-07-11 21:55 102400]
“QlbCtrl”=“C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe” [2007-12-06 14:13 202032]
“WheelMouse”=“C:\Program Files\A4Tech\Mouse\Amoumain.exe” [2007-02-10 16:07 241664]
“egui”=“C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” [2007-12-21 08:21 1443072]
“SolidWorks_CheckForUpdates”=“C:\Program Files\Common Files\Menedżer instalacji SolidWorks\Scheduler\sldIMScheduler.exe” []
“NeroFilterCheck”=“C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe” [2007-03-01 14:57 153136]
“NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [2007-09-20 08:51 1836328]
“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47 31016]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
“Windows Printing Driver”= WinSpooler.exe
“WinUpdating”= WinUpdating.exe
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{56F9679E-7826-4C84-81F3-532071A8BCC5}”= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcYQHAS]
efcYQHAS.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“SENTINEL”= snti386.dll
“vidc.DIV3”= DivXc32.dll
“vidc.DIV4”= DivXc32f.dll
“msacm.divxa32”= DivXa32.acm
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@=“Driver”
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=
“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=
“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=
“C:\Program Files\Nero\Nero8\Nero Home\NeroHome.exe”=
“C:\Program Files\BearShare\BearShare.exe”=
“C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\orbixd.exe”=
“C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CNEXT.exe”=
“C:\Program Files\DC++\DCPlusPlus.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
“C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe”=
“C:\Program Files\ANSYS Inc\v110\RSM\bin\JMAdmin.exe”=
“C:\Program Files\ANSYS Inc\v110\RSM\bin\JMPassword.exe”=
“C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe”=
“C:\Program Files\ANSYS Inc\v110\CommonFiles\CATIAV5\Intel\code\bin\ReaderHostCAT5U.exe”= C:\Program Files\ANSYS Inc\v110\CommonFiles\CATIAV5\intel\code\bin\ReaderHostCAT5U.exe
“C:\Program Files\ANSYS Inc\v110\AISOL\CommonFiles\intel\AnsysWBU.exe”=
“C:\Program Files\ANSYS Inc\v110\ANSYS\bin\intel\ANSYS.exe”=
“C:\Program Files\ANSYS Inc\v110\AISOL\CAD Integration\intel\ActivePIMgrU.exe”=
“C:\Program Files\ANSYS Inc\v110\AISOL\CAD Integration\intel\ReaderHostU.exe”=
“C:\Program Files\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\tclsh.exe”=
“C:\Program Files\ANSYS Inc\v110\CommonFiles\TCL\bin\intel\wish.exe”=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 15:22]
R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15:00]
R2 BBDemon;Backbone Service;“C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe” -service []
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-11-14 10:04]
S2 JobManagerService110;Ansys JobManager Service V11;“C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe” [2007-01-16 15:20]
S2 ScriptHostService110;Ansys ScriptHost Service V11;“C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe” [2007-01-16 15:20]
S3 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [2006-03-24 23:34]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
“C:\Program Files\Common Files\LightScribe\LSRunOnce.exe”
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-24 21:49:16
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2008-04-24 21:53:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 19:53:15
Pre-Run: 26,959,327,232 bajtów wolnych
Post-Run: 26,950,791,168 bajt˘w wolnych
272 — E O F — 2008-04-24 15:30:17
a z Hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:57:05, on 2008-04-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ig?hl=plsource=iglk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM…\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM…\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe”
O4 - HKLM…\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM…\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM…\Run: [egui] “C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe” /hide /waitservice
O4 - HKLM…\Run: [solidWorks_CheckForUpdates] “C:\Program Files\Common Files\Menedżer instalacji SolidWorks\Scheduler\sldIMScheduler.exe” /scheduler
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM…\Run: [NBKeyScan] “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe”
O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”
O4 - HKCU…\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe”
O4 - HKCU…\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU…\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O8 - Extra context menu item: Eksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: efcYQHAS - efcYQHAS.dll (file missing)
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Ansys JobManager Service V11 (JobManagerService110) - Ansys, Inc - C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ansys ScriptHost Service V11 (ScriptHostService110) - Ansys, Inc. - C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
–
End of file - 7771 bytes
Spójrzcie jednak na te logi i powiedzcie czy są ok? Z góry wielkie dzięki.
