Proszę o sprawdzenie logów (HijackThis, Sillent Runners)


(system) #1

Witam otóż od pewnego dnia zaczął się problem z systemem. Chodzi o to że czym więcej programów jest uruchominych tym myszka coraz częściej się zacina na pare sekund po czym dalej jest normalni. Powtarza się to dosyć często. Windowsa nie przeinstalowywałem już rok.

O to log z Hijacka http://wklej.org/id/94685/

lub

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:03:38, on 2009-05-23

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\cidaemon.exe

F:\Programy\ESET Smart Security\ekrn.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

F:\Programy\ESET Smart Security\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WhatPulse\WhatPulse.exe

F:\Programy\Nowe Gadu-Gadu\gg.exe

F:\Programy\Opera\opera.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFree.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFree.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\wpv661242765100.exe

O4 - HKLM\..\Run: [egui] "F:\Programy\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe

O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "F:\Programy\Nowe Gadu-Gadu\gg.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://F:\Programy\Office\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programy\Office\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - F:\Programy\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - F:\Programy\ESET Smart Security\ekrn.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Java Quick Starter JavaQuickStarterServicewuauserv (JavaQuickStarterServicewuauserv) - Sun Microsystems, Inc. - (no file)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe


--

End of file - 5922 bytes

I log z Silent Runners: http://wklej.org/id/94701/lub

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"



Startup items buried in registry:

---------------------------------


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"WhatPulse" = "C:\Program Files\WhatPulse\WhatPulse.exe" ["WhatPulse.org"]

"Nowe Gadu-Gadu" = ""F:\Programy\Nowe Gadu-Gadu\gg.exe"" ["GG Network S.A."]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre6\bin\jusched.exe"" ["Sun Microsystems, Inc."]

"PromoReg" = "C:\WINDOWS\Temp\wpv661242765100.exe" [file not found]

"egui" = ""F:\Programy\ESET Smart Security\egui.exe" /hide /waitservice" ["ESET"]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "AcroIEHlprObj Class"

                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Free Lunch Design Toolbar"

                   \InProcServer32\(Default) = "C:\Program Files\Free_Lunch_Design\tbFree.dll" ["Conduit Ltd."]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

  -> {HKLM...CLSID} = "Java(tm) Plug-In 2 SSV Helper"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\bin\jp2ssv.dll" ["Sun Microsystems, Inc."]

{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = "JQSIEStartDetectorImpl"

  -> {HKLM...CLSID} = "JQSIEStartDetectorImpl Class"

                   \InProcServer32\(Default) = "C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" ["Sun Microsystems, Inc."]


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

                   \InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

  -> {HKLM...CLSID} = "NVIDIA CPL Extension"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

  -> {HKLM...CLSID} = "DesktopContext Class"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

  -> {HKLM...CLSID} = "Desktop Explorer"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

  -> {HKLM...CLSID} = "nView Desktop Context Menu"

                   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "F:\Programy\winrar\rarext.dll" ["Alexander Roshal"]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "F:\Programy\Office\OFFICE11\msohev.dll" [MS]

"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"

  -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"

                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"

  -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"

                   \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "ESET Smart Security - Context Menu Shell Extension"

  -> {HKLM...CLSID} = "ESET Smart Security - Context Menu Shell Extension"

                   \InProcServer32\(Default) = "F:\Programy\ESET Smart Security\shellExt.dll" ["ESET"]


HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

  -> {HKLM...CLSID} = (no title provided)

                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]


HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

ESET Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "ESET Smart Security - Context Menu Shell Extension"

                   \InProcServer32\(Default) = "F:\Programy\ESET Smart Security\shellExt.dll" ["ESET"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "F:\Programy\winrar\rarext.dll" ["Alexander Roshal"]


HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "F:\Programy\winrar\rarext.dll" ["Alexander Roshal"]


HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

ESET Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

  -> {HKLM...CLSID} = "ESET Smart Security - Context Menu Shell Extension"

                   \InProcServer32\(Default) = "F:\Programy\ESET Smart Security\shellExt.dll" ["ESET"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

  -> {HKLM...CLSID} = "WinRAR"

                   \InProcServer32\(Default) = "F:\Programy\winrar\rarext.dll" ["Alexander Roshal"]



Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------


Note: detected settings may not have any effect.


HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\


"disableregistrytools" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}


HKCU\Software\Policies\Microsoft\Windows\System\


"disablecmd" = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|System|

Disable the command prompt}


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\


"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}


"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}



Active Desktop and Wallpaper:

-----------------------------


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState



Windows Portable Device AutoPlay Handlers

-----------------------------------------


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\


Corel Paint Shop Pro Photo X2ShowPicturesOnArrivalHandler\

"Provider" = "Corel Paint Shop Pro Photo X2"

"InvokeProgID" = "PaintShopProPhotoX2.Image"

"InvokeVerb" = "Przejrzyj"

HKLM\SOFTWARE\Classes\PaintShopProPhotoX2.Image\shell\Przejrzyj\command\(Default) = ""E:\Oli\Programy do zdjęć\Instalki\PintShopPro X2 PL\Corel Paint Shop Pro Photo.exe" /Review "%1"" ["Corel, Inc."]


MPCPlayCDAudioOnArrival\

"Provider" = "Media Player Classi"

"InvokeProgID" = "MPC.CDAudio"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\MPC.CDAudio\shell\play\command\(Default) = ""F:\Programy\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %L /cd" ["Gabest"]


MPCPlayDVDMovieOnArrival\

"Provider" = "Media Player Classic"

"InvokeProgID" = "MPC.DVDMovie"

"InvokeVerb" = "play"

HKLM\SOFTWARE\Classes\MPC.DVDMovie\shell\play\command\(Default) = ""F:\Programy\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %L /dvd" ["Gabest"]


Picasa2ImportPicturesOnArrival\

"Provider" = "Picasa3"

"InvokeProgID" = "picasa2.autoplay"

"InvokeVerb" = "import"

HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "E:\Oli\Programy do zdjęć\Instalki\Picassa\Picasa3\Picasa3.exe "%1"" ["Google Inc."]



Winsock2 Service Provider DLLs:

-------------------------------


Namespace Service Providers


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]


Transport Service Providers


HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05



Toolbars, Explorer Bars, Extensions:

------------------------------------


Toolbars


HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}"

  -> {HKLM...CLSID} = "Free Lunch Design Toolbar"

                   \InProcServer32\(Default) = "C:\Program Files\Free_Lunch_Design\tbFree.dll" ["Conduit Ltd."]


Explorer Bars


HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\


HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "F:\Programy\Office\OFFICE11\REFIEBAR.DLL" [MS]


Extensions (Tools menu items, main toolbar menu buttons)


HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"


{B46B0919-62BA-4D99-A5C4-916B57A6805C}\

"MenuText" = "@C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103"

"CLSIDExtension" = "{B46B0919-62BA-4D99-A5C4-916B57A6805C}"


{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]


{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]



Miscellaneous IE Hijack Points

------------------------------


HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\

<> "{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}" = (no title provided)

  -> {HKLM...CLSID} = "Free Lunch Design Toolbar"

                   \InProcServer32\(Default) = "C:\Program Files\Free_Lunch_Design\tbFree.dll" ["Conduit Ltd."]



Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------


ESET Service, ekrn, ""F:\Programy\ESET Smart Security\ekrn.exe"" ["ESET"]

Java Quick Starter, JavaQuickStarterService, ""C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"" ["Sun Microsystems, Inc."]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data]

PnkBstrB, PnkBstrB, "C:\WINDOWS\system32\PnkBstrB.exe" [null data]

ProtexisLicensing, ProtexisLicensing, "C:\WINDOWS\system32\PSIService.exe" [null data]



Print Monitors:

---------------


HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]



---------- (launch time: 2009-05-23 22:18:46)

<>: Suspicious data at a malware launch point.

<>: Suspicious data at a browser hijack point.


+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

  launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

  took 450 seconds.

---------- (total run time: 626 seconds)

(96jasio96) #2

W logu z HijackThis czysto. Daj log z ComboFix


(system) #3

http://wklej.org/id/94820/

lub

ComboFix 09-05-23.04 - Tkaczu 2009-05-24 8:27.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.511.309 [GMT 2:00]

Uruchomiony z: c:\documents and settings\Tkaczu\Pulpit\ComboFix.exe

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Zapora osobista *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

 * Utworzono nowy punkt przywracania

 * Resident AV is active


.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\windows\system32\digiwet.dll.vir

c:\windows\system32\drivers\npf.sys

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll


.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.


-------\Legacy_NPF

-------\Service_npf



((((((((((((((((((((((((( Pliki utworzone od 2009-04-24 do 2009-05-24 )))))))))))))))))))))))))))))))

.


2009-05-24 06:37 . 2009-05-24 06:37	--------	d-----w	c:\windows\system32\xircom

2009-05-24 06:37 . 2009-05-24 06:37	--------	d-----w	c:\program files\microsoft frontpage

2009-05-23 19:24 . 2009-05-23 19:24	--------	d-----w	c:\program files\Trend Micro

2009-05-23 18:42 . 2009-05-23 18:42	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Agnitum

2009-05-23 18:37 . 2009-05-23 18:37	--------	d-----w	c:\documents and settings\Tkaczu\Dane aplikacji\ESET

2009-05-23 17:29 . 2009-05-23 17:30	--------	d-----w	c:\program files\TibiaCam TV Lite

2009-05-23 15:45 . 2009-05-23 15:45	--------	d-----w	c:\documents and settings\Tkaczu\Ustawienia lokalne\Dane aplikacji\ESET

2009-05-23 14:51 . 2009-05-23 18:34	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\ESET

2009-05-23 05:14 . 2009-05-23 05:14	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2009-05-23 05:08 . 2009-05-23 05:25	--------	d-----w	c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Free_Lunch_Design

2009-05-23 05:08 . 2009-05-23 05:08	--------	d-----r	c:\documents and settings\NetworkService\Ulubione

2009-05-23 04:54 . 2009-05-23 04:54	--------	d-----w	c:\program files\Common Files\Wise Installation Wizard

2009-05-22 20:20 . 2009-05-23 05:13	--------	d---a-w	c:\documents and settings\All Users\Dane aplikacji\TEMP

2009-05-22 19:32 . 2009-05-23 06:31	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2009-05-22 19:29 . 2009-05-22 19:29	--------	d-----w	c:\documents and settings\Tkaczu\Dane aplikacji\Malwarebytes

2009-05-22 19:28 . 2009-05-22 19:28	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes

2009-05-22 18:56 . 2009-05-22 18:56	32	--s-a-w	c:\windows\system32\2694761504.dat

2009-05-22 18:55 . 2009-05-22 18:54	49664	--sh--r	c:\windows\system32\ansis.exe

2009-05-17 18:43 . 2009-05-17 18:43	--------	d-----w	c:\windows\Performance

2009-05-17 18:40 . 2009-05-17 18:40	--------	d-----w	c:\documents and settings\Tkaczu\Ustawienia lokalne\Dane aplikacji\Microsoft Corporation

2009-05-13 11:49 . 2009-05-23 12:08	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\OpenFM

2009-05-09 13:39 . 2009-05-09 13:39	--------	d-----w	c:\windows\Downloaded Installations

2009-05-09 11:49 . 2009-05-09 11:51	--------	d-----w	c:\documents and settings\Tkaczu\Dane aplikacji\Tibia

2009-05-09 09:59 . 2009-05-09 09:59	--------	d-----w	c:\windows\system32\Adobe

2009-05-07 14:25 . 2009-05-07 14:25	--------	d-----w	c:\documents and settings\LocalService\Pulpit

2009-05-06 11:08 . 2009-05-06 11:08	--------	d-----w	c:\program files\CCleaner

2009-05-04 19:55 . 2009-05-04 19:55	--------	d-----w	c:\documents and settings\Tkaczu\Ustawienia lokalne\Dane aplikacji\Conduit

2009-05-04 19:55 . 2009-05-05 06:54	--------	d-----w	c:\documents and settings\Tkaczu\Ustawienia lokalne\Dane aplikacji\Free_Lunch_Design

2009-05-04 19:55 . 2009-05-04 19:55	--------	d-----w	c:\program files\Free_Lunch_Design

2009-04-28 13:46 . 2009-04-28 13:46	868352	----a-w	c:\documents and settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe

2009-04-28 13:46 . 2009-04-28 13:46	53760	----a-w	c:\documents and settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\zlib.dll

2009-04-28 13:46 . 2009-04-28 13:46	640000	----a-w	c:\documents and settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\dbghelp.dll

2009-04-28 13:46 . 2009-04-28 13:46	1712128	----a-w	c:\documents and settings\All Users\Dane aplikacji\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\GdiPlus.dll

2009-04-28 09:47 . 2009-04-28 09:47	499712	----a-w	c:\windows\system32\msvcp71.dll

2009-04-26 06:03 . 2009-04-26 06:03	--------	d-----w	c:\documents and settings\Tkaczu\Dane aplikacji\NwDocx

2009-04-26 06:03 . 2009-04-26 06:03	--------	d-----w	c:\documents and settings\Tkaczu\Dane aplikacji\Docx2Rtf

2009-04-25 21:01 . 2003-06-18 23:31	17920	----a-w	c:\windows\system32\mdimon.dll

2009-04-25 20:56 . 2009-04-25 20:58	--------	d-----w	c:\windows\SHELLNEW

2009-04-25 18:28 . 2009-04-25 18:28	--------	d-----w	c:\documents and settings\Tkaczu\Ustawienia lokalne\Dane aplikacji\Microsoft Help

2009-04-25 18:27 . 2009-04-25 18:59	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Microsoft Help

2009-04-25 15:28 . 2009-04-25 17:05	--------	d-----w	c:\documents and settings\Tkaczu\Dane aplikacji\GetRightToGo

2009-04-25 13:49 . 2009-04-25 13:49	56	---ha-w	c:\windows\system32\ezsidmv.dat

2009-04-25 13:49 . 2009-05-12 14:39	--------	d-----w	c:\documents and settings\Tkaczu\Dane aplikacji\skypePM

2009-04-25 13:39 . 2009-05-12 14:47	--------	d-----w	c:\documents and settings\Tkaczu\Dane aplikacji\Skype

2009-04-25 13:39 . 2009-04-25 13:39	--------	d-----w	c:\program files\Common Files\Skype

2009-04-25 13:39 . 2009-04-25 13:39	--------	d-----r	c:\program files\Skype

2009-04-25 13:38 . 2009-04-25 13:39	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Skype

2009-04-25 11:33 . 2009-04-25 11:33	--------	d-----w	c:\documents and settings\Tkaczu\Dane aplikacji\teamspeak2


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-23 20:34 . 2009-01-21 18:09	--------	d--h--w	c:\program files\InstallShield Installation Information

2009-05-20 14:19 . 2009-02-06 12:45	--------	d-----w	c:\documents and settings\Tkaczu\Dane aplikacji\Hamachi

2009-05-20 13:59 . 2009-01-22 16:10	--------	d-----w	c:\documents and settings\Tkaczu\Dane aplikacji\GanymedeNet

2009-05-20 12:51 . 2009-01-22 16:10	--------	d-----w	c:\program files\Ganymede

2009-05-14 19:21 . 2009-01-25 17:32	--------	d-----w	c:\program files\NAPI-PROJEKT

2009-05-08 10:53 . 2009-02-13 14:05	43288	----a-w	c:\documents and settings\Tkaczu\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-04-25 16:52 . 2009-04-25 16:52	32	----a-w	c:\documents and settings\All Users\Dane aplikacji\ezsid.dat

2009-04-24 14:21 . 2009-03-04 20:48	--------	d-----w	c:\documents and settings\Tkaczu\Dane aplikacji\gtk-2.0

2009-04-20 17:22 . 2009-02-13 13:55	6890	--sha-w	c:\windows\system32\KGyGaAvL.sys

2009-04-20 17:22 . 2009-02-13 13:55	248	--sh--r	c:\windows\system32\AA1D1A5F01.sys

2009-04-20 11:46 . 2009-04-20 11:46	--------	d-----w	c:\documents and settings\Tkaczu\Dane aplikacji\OpenFM

2009-04-19 20:42 . 2009-04-19 17:31	--------	d-----w	c:\program files\EsetOnlineScanner

2009-04-16 11:35 . 2009-04-16 09:12	--------	d-----w	c:\program files\WhatPulse

2009-04-16 09:32 . 2009-04-16 09:30	--------	d-----w	c:\documents and settings\Tkaczu\Dane aplikacji\WhatPulse

2009-04-12 08:43 . 2008-04-15 12:00	74230	----a-w	c:\windows\system32\perfc015.dat

2009-04-12 08:43 . 2008-04-15 12:00	448004	----a-w	c:\windows\system32\perfh015.dat

2009-04-12 08:10 . 2009-04-12 08:10	--------	d-----w	c:\program files\GIMP-2.0

2009-04-09 13:21 . 2009-04-09 13:21	55768	----a-w	c:\windows\system32\drivers\epfwtdi.sys

2009-04-09 13:21 . 2009-04-09 13:21	33096	----a-w	c:\windows\system32\drivers\epfwndis.sys

2009-04-09 13:21 . 2009-04-09 13:21	133000	----a-w	c:\windows\system32\drivers\epfw.sys

2009-04-09 13:18 . 2009-04-09 13:18	107256	----a-w	c:\windows\system32\drivers\ehdrv.sys

2009-04-09 13:10 . 2009-04-09 13:10	113960	----a-w	c:\windows\system32\drivers\eamon.sys

2009-04-08 09:34 . 2009-01-21 21:43	--------	d-----w	c:\documents and settings\Tkaczu\Dane aplikacji\foobar2000

2009-04-05 06:50 . 2009-02-14 11:34	--------	d-----w	c:\documents and settings\Tkaczu\Dane aplikacji\Nowe Gadu-Gadu

2009-03-31 16:11 . 2009-03-31 16:11	57344	----a-w	c:\documents and settings\Tkaczu\Dane aplikacji\Sun\Java\Deployment\cache\6.0\50\5b902232-469ece5f-n\Decora-SSE.dll

2009-03-31 16:11 . 2009-03-31 16:11	24064	----a-w	c:\documents and settings\Tkaczu\Dane aplikacji\Sun\Java\Deployment\cache\6.0\15\4e09eacf-2d1cd9e0-n\Decora-D3D.dll

2009-03-31 16:11 . 2009-03-31 16:11	114688	----a-w	c:\documents and settings\Tkaczu\Dane aplikacji\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5cae349a-n\jogl_cg.dll

2009-03-31 16:11 . 2009-03-31 16:11	20480	----a-w	c:\documents and settings\Tkaczu\Dane aplikacji\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5cae349a-n\jogl_awt.dll

2009-03-31 16:11 . 2009-03-31 16:11	315392	----a-w	c:\documents and settings\Tkaczu\Dane aplikacji\Sun\Java\Deployment\cache\6.0\62\6baea4fe-5cae349a-n\jogl.dll

2009-03-31 16:11 . 2009-03-31 16:11	20480	----a-w	c:\documents and settings\Tkaczu\Dane aplikacji\Sun\Java\Deployment\cache\6.0\45\4f710eed-526590e6-n\gluegen-rt.dll

2009-03-31 16:11 . 2009-03-31 16:11	348160	----a-w	c:\documents and settings\Tkaczu\Dane aplikacji\Sun\Java\Deployment\cache\6.0\33\258cea61-52e3552e-n\msvcr71.dll

2009-03-31 16:11 . 2009-03-31 16:11	499712	----a-w	c:\documents and settings\Tkaczu\Dane aplikacji\Sun\Java\Deployment\cache\6.0\33\258cea61-52e3552e-n\msvcp71.dll

2009-03-31 16:11 . 2009-03-31 16:11	499712	----a-w	c:\documents and settings\Tkaczu\Dane aplikacji\Sun\Java\Deployment\cache\6.0\33\258cea61-52e3552e-n\jmc.dll

2009-03-31 16:09 . 2009-01-30 07:27	--------	d-----w	c:\program files\Java

2009-03-31 16:07 . 2009-03-31 16:07	152576	----a-w	c:\documents and settings\Tkaczu\Dane aplikacji\Sun\Java\jre1.6.0_13\lzma.dll

2009-03-09 03:19 . 2009-01-30 07:27	410984	-c--a-w	c:\windows\system32\deploytk.dll

.


------- Sigcheck -------


[-] 2004-08-03 22:44	693248	7D46293106E58CA7878509CCC4071F2F	c:\windows\system32\wininet.dll


[-] 2008-05-12 18:25	361344	68F06FE0021B01E670AF37B8C5964FDF	c:\windows\system32\drivers\tcpip.sys


[-] 2004-08-03 22:44	975872	196C130D31317FE53DE984220B5E13B9	c:\windows\explorer.exe


[-] 2004-08-03 22:44	101888	6DB9EBC8D26603F3B04C7C2809AAF935	c:\windows\system32\wuauclt.exe

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]

2008-11-23 21:03	1784856	----a-w	c:\program files\Free_Lunch_Design\tbFree.dll


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

"WhatPulse"="c:\program files\WhatPulse\WhatPulse.exe" [2009-04-04 2812928]

"Nowe Gadu-Gadu"="f:\programy\Nowe Gadu-Gadu\gg.exe" [2009-04-20 9818728]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-03-24 3309568]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-03-24 46080]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

"egui"="f:\programy\ESET Smart Security\egui.exe" [2009-04-09 2029640]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-03-24 782336]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-15 100864]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute	REG_MULTI_SZ \[u]0[/u]


[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"d:\\Age of Empires III\\age3.exe"=

"d:\\Age of Empires III\\age3y.exe"=

"d:\\Age of Empires III\\age3x.exe"=

"c:\\Program Files\\Hamachi\\hamachi.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"d:\\Bitwa o Środziemie 2\\game.dat"=

"d:\\Król nazguli\\game.dat"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"53:UDP"= 53:UDP:Promo


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)


R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-04-09 107256]

R2 ekrn;ESET Service;f:\programy\ESET Smart Security\ekrn.exe [2009-04-09 731840]

R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2009-01-21 820133]

S2 JavaQuickStarterServicewuauserv;Java Quick Starter JavaQuickStarterServicewuauserv; [x]

S3 EverestDriver;Lavalys EVEREST Kernel Driver;f:\programy\EVEREST Home Edition\kerneld.wnt [2005-08-18 7168]

.

- - - - USUNIĘTO PUSTE WPISY - - - -


SafeBoot-procexp90.Sys



.

------- Skan uzupełniający -------

.

uStart Page = hxxp://google.pl/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&ksport do programu Microsoft Excel - f:\programy\Office\OFFICE11\EXCEL.EXE/3000

IE: {{B46B0919-62BA-4D99-A5C4-916B57A6805C} - {B46B0919-62BA-4D99-A5C4-916B57A6805C} -

FF - ProfilePath - c:\documents and settings\Tkaczu\Dane aplikacji\Mozilla\Firefox\Profiles\tycokrye.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q=

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&q=

FF - component: c:\program files\Mozilla Firefox\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\components\FFAlert.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPPOKER.dll

FF - plugin: f:\programy\Opera\program\plugins\npdsplay.dll

FF - plugin: f:\programy\Opera\program\plugins\npganymedenet.dll

FF - plugin: f:\programy\Opera\program\plugins\NPOFFICE.DLL

FF - plugin: f:\programy\Opera\program\plugins\NPSWF32.dll

FF - plugin: f:\programy\Opera\program\plugins\npwmsdrm.dll

FF - plugin: f:\programy\Real Alternative\browser\plugins\nppl3260.dll

FF - plugin: f:\programy\Real Alternative\browser\plugins\nprpjplug.dll

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-24 08:38

Windows 5.1.2600 Dodatek Service Pack 3 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  



**************************************************************************


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]

"ImagePath"="\??\f:\programy\EVEREST Home Edition\kerneld.wnt"

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\961ad306-5297-65a9-c042-86c8e66e327]

@Denied: (Full) (AuthenticatedUsers)

@Denied: (Full) (Administrators)

"1sthr76rjsxo6"=hex:66,32,31,38,61,31,37,34,2d,32,37,36,66,2d,34,37,32,33,2d,

   61,39,39,32,2d,30,65,31,34,65,36,34,39,32,62,31,38

"1cwv1g0t9hvt5"=hex:65,00,00,00,f8,00,00,00,51,5a,51,64,74,6b,61,63,7a,75,00,

   00,00,00,00,00,00,00,00,00,74,a1,18,f2,6f,27,23,47,a9,92,0e,14,e6,49,2b,18,\

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'lsass.exe'(1012)

c:\windows\system32\scecli.dll


- - - - - - - > 'explorer.exe'(3084)

c:\windows\system32\ntshrui.dll

c:\windows\system32\msi.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\program files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\rundll32.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\windows\system32\PSIService.exe

f:\programy\Opera\opera.exe

.

**************************************************************************

.

Czas ukończenia: 2009-05-24 8:45 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-05-24 06:44


Przed: 1 007 865 856 bajtów wolnych

Po: 1 046 269 952 bajtów wolnych


WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect


246

(Agatonster) #4

tkaczu ,

Proszę zapoznać się z tematem Ważny komunikat dotyczący tytułowania tematów i poprawić tytuł na konkretny, mówiący o problemie. W celu dokonania zaleconej korekty proszę użyć przycisku Edytuj przy poście otwierającym ten temat.

W związku ze zmianą, jaka obowiązuje przy wklejaniu logów na forum - przeczytaj i zastosuj się do Tematu

Zignorowanie zalecenia będzie skutkowało usunięciem tematu do Kosza.


(96jasio96) #5

:arrow: Usuń folder C:\Qoobox

:arrow: Wyłącz i włącz przywracanie systemu

:arrow: Usuń zbędniki z autostartu

:arrow: Usuń śmieci i wyczyść rejestr CCleaner'em

:arrow: Wykonaj pełne skanowanie Dr.Web CureIt!