Spowolnienie pracy komputera


(andrzejm) #1

Witam . bardzo długo się uruchamia,dioda od pracy dysku długo się świeci jakby coś ciągle robił a użycie procesora sięga 100% daję logi z góry dzięki

Logfile of HijackThis v1.99.1

Scan saved at 20:24:58, on 2008-03-24

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\system32\LXSUPMON.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Skype\Phone\Skype.exe

D:\Nowy folder\Gadu-Gadu\gg.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXAZPSWX.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXAZJSWX.EXE

D:\andrzej\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [VTTimer] VTTimer.exe

O4 - HKLM..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN

O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:


HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]

"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]

"Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]

"VTTimer" = "VTTimer.exe" ["S3 Graphics, Inc."]

"VTTrayp" = "VTtrayp.exe" ["S3 Graphics Co., Ltd."]

"LXSUPMON" = "C:\WINDOWS\system32\LXSUPMON.EXE RUN" ["Lexmark International Inc."]

"avgnt" = ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

HKLM\Software\Microsoft\Active Setup\Installed Components\

<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}(Default) = "IE7 Uninstall Stub"

\StubPath = "C:\WINDOWS\system32\ieudinit.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{22BF413B-C6D2-4d91-82A9-A0F997BA588C}(Default) = "Skype add-on (mastermind)"

-> {HKLM...CLSID} = "Skype add-on (mastermind)"

\InProcServer32(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]

{AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided)

-> {HKLM...CLSID} = "Google Toolbar Helper"

\InProcServer32(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"

-> {HKLM...CLSID} = "IE Microsoft AutoComplete"

\InProcServer32(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"

-> {HKLM...CLSID} = "History Band"

\InProcServer32(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

\InProcServer32(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning"

-> {HKLM...CLSID} = "Shell Extension for Malware scanning"

\InProcServer32(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

\InProcServer32(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Classes*\shellex\ContextMenuHandlers\

Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"

-> {HKLM...CLSID} = "Shell Extension for Malware scanning"

\InProcServer32(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

Shell Extension for Malware scanning(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}"

-> {HKLM...CLSID} = "Shell Extension for Malware scanning"

\InProcServer32(Default) = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:


Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:


Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Idylla.bmp"

Startup items in "Andrzej" & "All Users" startup folders:


C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]

Winsock2 Service Provider DLLs:


Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 11

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:


Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"

-> {HKLM...CLSID} = "&Google"

\InProcServer32(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)

-> {HKLM...CLSID} = "&Google"

\InProcServer32(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{77BF5300-1474-4EC7-9980-D32B190E9B07}\

"ButtonText" = "Skype"

"CLSIDExtension" = "{77BF5300-1474-4EC7-9980-D32B190E9B07}"

-> {HKLM...CLSID} = "Skype add-on (button)"

\InProcServer32(Default) = "C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll" ["Skype Technologies S.A."]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):


AntiVir PersonalEdition Classic Guard, AntiVirService, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"]

AntiVir PersonalEdition Classic Scheduler, AntiVirScheduler, ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"]

LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]

Print Monitors:


HKLM\System\CurrentControlSet\Control\Print\Monitors\

Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]


  • This report excludes default entries except where indicated.

  • To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

  • To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 66 seconds, including 15 seconds for message boxes)


(Taaz4) #2

W HijackThis usuń te wpisy:

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Daj loga z ComboFix (instrukcja: viewtopic.php?f=16&t=36654 )

Przeskanuj kompa antywirusem i jeżeli wykryje wirusa to napisz gdzie występuje (podaj ścieżkę do pliku)

:slight_smile:


(andrzejm) #3

daję log z ComboFix

ComboFix 08-03-24.1 - Andrzej 2008-03-24 22:48:47.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.138 [GMT 1:00]

Running from: C:\Documents and Settings\Andrzej\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))

.

2008-03-24 19:46 . 2008-03-24 20:01

2008-03-24 13:08 . 2008-03-24 13:08

2008-03-24 13:08 . 2006-10-05 03:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys

2008-03-24 13:08 . 2006-10-05 03:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys

2008-03-23 21:44 . 2008-03-24 19:23 69 --a------ C:\WINDOWS\NeroDigital.ini

2008-03-23 21:20 . 2008-03-23 21:20

2008-03-23 21:00 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2008-03-23 21:00 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2008-03-23 21:00 . 2004-08-03 22:58 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys

2008-03-23 21:00 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2008-03-23 19:14 . 2008-03-23 19:14

2008-03-23 12:40 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

2008-03-23 12:40 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

2008-03-23 12:39 . 2008-03-23 12:39

2008-03-23 12:39 . 2008-03-23 12:39

2008-03-23 12:39 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2008-03-23 12:39 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2008-03-23 12:39 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2008-03-23 12:39 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2008-03-23 12:39 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2008-03-23 12:39 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2008-03-23 12:27 . 2008-03-24 18:09

2008-03-23 12:27 . 2008-03-23 12:27 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2008-03-23 12:25 . 2008-03-23 12:25

2008-03-23 12:25 . 2008-03-23 12:25

2008-03-23 12:25 . 2008-03-24 22:43

2008-03-23 12:24 . 2008-03-23 12:25

2008-03-22 21:39 . 2008-03-22 21:42

2008-03-22 21:07 . 2008-03-22 21:07

2008-03-22 20:35 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

2008-03-22 20:08 . 2008-03-22 20:35

2008-03-22 19:47 . 2008-03-24 11:02

2008-03-22 19:25 . 2008-03-22 19:27

2008-03-22 18:54 . 2008-03-22 18:54

2008-03-22 18:50 . 2008-03-22 18:50

2008-03-22 18:50 . 2008-03-22 18:52

2008-03-22 17:35 . 2008-03-22 17:36

2008-03-21 21:44 . 2008-03-21 21:44

2008-03-21 21:44 . 2008-03-21 21:44

2008-03-21 21:04 . 2008-03-21 21:04

2008-03-21 21:03 . 2008-03-21 21:03 427 --a------ C:\WINDOWS\ODBC.INI

2008-03-21 20:58 . 2008-03-21 20:58

2008-03-21 20:56 . 2008-03-21 20:56

2008-03-21 20:40 . 2008-03-21 20:40

2008-03-21 20:39 . 2006-06-14 10:00 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys

2008-03-21 20:39 . 2006-06-14 10:00 82,944 --a–c— C:\WINDOWS\system32\dllcache\wdmaud.sys

2008-03-21 20:39 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys

2008-03-21 20:39 . 2004-08-03 23:07 52,864 --a–c— C:\WINDOWS\system32\dllcache\dmusic.sys

2008-03-21 20:39 . 2005-07-15 09:48 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe

2008-03-21 20:39 . 2006-06-14 09:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys

2008-03-21 20:39 . 2006-06-14 09:47 6,400 --a–c— C:\WINDOWS\system32\dllcache\splitter.sys

2008-03-21 20:37 . 2008-03-21 20:37

2008-03-21 20:37 . 2008-03-21 20:37

2008-03-21 20:37 . 2008-03-21 20:37

2008-03-21 20:37 . 2006-05-19 01:01 18,796,544 -r------- C:\WINDOWS\system32\alsndmgr.cpl

2008-03-21 20:36 . 2006-03-20 04:48 315,392 -r------- C:\WINDOWS\alcupd.exe

2008-03-21 20:36 . 2005-11-18 04:20 217,088 -ra------ C:\WINDOWS\Alcrmv.exe

2008-03-21 20:35 . 2008-03-21 20:35

2008-03-21 20:35 . 2008-03-21 20:40

2008-03-21 20:35 . 2005-06-17 04:41 61,440 --a------ C:\WINDOWS\system32\vuins32.dll

2008-03-21 20:35 . 2006-03-15 03:51 43,008 --a------ C:\WINDOWS\system32\drivers\fetnd5bv.sys

2008-03-21 20:34 . 2006-03-30 19:18 100,992 -ra------ C:\WINDOWS\system32\drivers\viamraid.sys

2008-03-21 20:34 . 2006-02-23 04:38 9,728 -ra------ C:\WINDOWS\system32\drivers\videX32.sys

2008-03-21 20:33 . 2008-03-21 20:35

2008-03-21 20:32 . 2008-03-21 20:36

2008-03-21 20:32 . 2006-10-11 04:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS

2008-03-21 20:32 . 2008-03-21 20:32 4,224 --a------ C:\WINDOWS\Ascd_tmp.ini

2008-03-21 20:00 . 2007-12-07 03:14 6,066,176 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll

2008-03-21 20:00 . 2007-07-01 04:31 2,455,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-03-21 20:00 . 2007-07-01 04:36 1,036,288 -----c— C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-03-21 20:00 . 2007-12-07 03:14 459,264 -----c— C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-03-21 20:00 . 2007-12-07 03:14 383,488 -----c— C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-03-21 20:00 . 2007-12-07 03:14 267,776 -----c— C:\WINDOWS\system32\dllcache\iertutil.dll

2008-03-21 20:00 . 2007-12-07 03:14 63,488 -----c— C:\WINDOWS\system32\dllcache\icardie.dll

2008-03-21 20:00 . 2007-12-07 03:14 52,224 -----c— C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-03-21 20:00 . 2007-12-06 12:00 13,824 -----c— C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-03-21 19:59 . 2008-03-21 20:02

2008-03-21 17:08 . 2004-08-04 01:35 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2008-03-21 17:08 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2008-03-21 17:07 . 2004-08-04 01:44 77,312 --a------ C:\WINDOWS\system32\usbui.dll

2008-03-21 17:07 . 2004-08-04 00:07 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS

2008-03-21 17:07 . 2001-08-17 21:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys

2008-03-21 17:07 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2008-03-21 17:05 . 2008-03-21 17:05

2008-03-21 17:05 . 2008-03-21 17:05

2008-03-21 17:05 . 2008-03-21 16:14

2008-03-21 17:05 . 2008-03-21 17:05

2008-03-21 17:05 . 2008-03-21 17:05

2008-03-21 17:05 . 2008-03-21 17:05

2008-03-21 17:05 . 2008-03-21 17:05

2008-03-21 17:05 . 2008-03-21 17:05

2008-03-21 17:05 . 2008-03-21 17:05

2008-03-21 17:05 . 2008-03-24 13:08

2008-03-21 17:05 . 2008-03-21 21:00

2008-03-21 17:05 . 2008-03-21 16:15

2008-03-21 17:05 . 2008-03-23 12:27

2008-03-21 17:04 . 2008-03-21 16:33

2008-03-21 17:03 . 2008-03-21 16:23 261 --a------ C:\WINDOWS\system32$winnt$.inf

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-21 19:55 --------- d-----w C:\Program Files\microsoft frontpage

2008-03-21 15:16 --------- d-----w C:\Program Files\Usługi online

2008-03-05 15:03 479,752 ----a-w C:\WINDOWS\system32\XAudio2_0.dll

2008-03-05 15:03 238,088 ----a-w C:\WINDOWS\system32\xactengine3_0.dll

2008-03-05 15:00 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_3.dll

2008-03-05 14:56 3,786,760 ----a-w C:\WINDOWS\system32\D3DX9_37.dll

2008-03-05 14:56 1,420,824 ----a-w C:\WINDOWS\system32\D3DCompiler_37.dll

2008-02-23 02:38 43,872 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys

2008-02-05 22:07 462,864 ----a-w C:\WINDOWS\system32\d3dx10_37.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 11:00 15360]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2008-03-22 21:42 171448]

“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-02-06 18:21 21898024]

“Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2008-02-26 02:23 443968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SoundMan”=“SOUNDMAN.EXE” [2006-03-02 00:22 577536 C:\WINDOWS\soundman.exe]

“VTTimer”=“VTTimer.exe” [2005-03-07 20:33 53248 C:\WINDOWS\system32\VTTimer.exe]

“VTTrayp”=“VTtrayp.exe” [2006-07-10 19:33 176128 C:\WINDOWS\system32\VTTrayp.exe]

“LXSUPMON”=“C:\WINDOWS\system32\LXSUPMON.exe” [2002-02-04 17:29 886272]

“avgnt”=“C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” [2008-03-21 21:55 249896]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 11:00 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]

S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-24 22:50:28

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-03-24 22:51:20

ComboFix-quarantined-files.txt 2008-03-24 21:51:03

ComboFix2.txt 2008-03-24 20:25:30

.

2008-03-23 11:52:32 — E O F —


(Gutek) #4

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350

W logu z Combo nic nie widzę