Wolny komp rozlanczanie z gry + wscntfy.exe pomozcie :(

0racle · 2 Grudzień 2007 20:25

Witam mam problem dzisiaj włączyłem kompa chciałem sobie pograć w grę (lineage 2) wchodzę do gry łącze sie i jak juz jestem to wyskakuje komunikat disconect login again w dodatku internet zaczął wolno wczytywać strony pomóżcie plzz

log poniżej

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:17:24, on 2007-12-02 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\CTHELPER.EXE C:\windows\services.exe C:\Program Files\CachemanXP\CachemanXP.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [services] C:\windows\services.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\Program Files\CachemanXP\CachemanXP.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe – End of file - 4181 bytes

dorzucę log z Silent Runners może pomoże w stwierdzeniu problemu

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “Komunikator” = “C:\Program Files\Tlen.pl\tlen.exe” [“o2.pl Sp. z o.o.”] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “nod32kui” = ““C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE” ["Eset "] “WINDVDPatch” = “CTHELPER.EXE” [“Creative Technology Ltd”] “UpdReg” = “C:\WINDOWS\UpdReg.EXE” [“Creative Technology Ltd.”] “Jet Detection” = ““C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”” [empty string] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “services” = “C:\windows\services.exe” [null data] “NvCplDaemon” = “RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RunDLL32.exe NvMCTray.dll,NvTaskbarInit” [MS] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}(Default) = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar Helper” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “AcroIEHlprObj Class” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx” [empty string] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\system32\hticons.dll” [“Hilgraeve, Inc.”] “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” = “NOD32 Context Menu Shell Extension” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] “{B327765E-D724-4347-8B16-78AE18552FC3}” = “NeroDigitalIconHandler” -> {HKLM…CLSID} = “NeroDigitalIconHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{7F1CF152-04F8-453A-B34C-E609530A9DC8}” = “NeroDigitalPropSheetHandler” -> {HKLM…CLSID} = “NeroDigitalPropSheetHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] “{32020A01-506E-484D-A2A8-BE3CF17601C3}” = “AlcoholShellEx” -> {HKLM…CLSID} = “AlcoholShellEx” \InProcServer32(Default) = “C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll” [“Alcohol Soft Development Team”] “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu” -> {HKLM…CLSID} = “Portable Media Devices Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\Audiodev.dll” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}” = “Shell Extensions for RealOne Player” -> {HKLM…CLSID} = “RealOne Player Context Menu Class” \InProcServer32(Default) = “C:\Program Files\Real\RealPlayer\rpshell.dll” [“RealNetworks, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “C:\WINDOWS\system32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “C:\WINDOWS\system32\nvshell.dll” [“NVIDIA Corporation”] “{5E2121EE-0300-11D4-8D3B-444553540000}” = “Catalyst Context Menu extension” -> {HKLM…CLSID} = “SimpleShlExt Class” \InProcServer32(Default) = “C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll” [empty string] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ “AppInit_DLLs” = (value not set) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> AtiExtEvent\DLLName = “Ati2evxx.dll” [“ATI Technologies Inc.”] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {7D4D6379-F301-4311-BEBA-E26EB0561882}(Default) = “NeroDigitalExt.NeroDigitalColumnHandler” -> {HKLM…CLSID} = “NeroDigitalColumnHandler Class” \InProcServer32(Default) = “C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll” [“Nero AG”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension(Default) = “{B089FE88-FB52-11D3-BDF1-0050DA34150D}” -> {HKLM…CLSID} = “NOD32 Context Menu Shell Extension” \InProcServer32(Default) = “C:\Program Files\Eset\nodshex.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoLowDiskSpaceChecks” = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: imon.dll ["Eset "], 01 - 05, 11 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 22 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.6.0_01” \InProcServer32(Default) = “C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll” [“Sun Microsystems, Inc.”] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = (no title provided) -> {HKLM…CLSID} = “Yahoo! Toolbar” \InProcServer32(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll” [“Yahoo! Inc.”] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ CachemanXP, CachemanXPService, “C:\Program Files\CachemanXP\CachemanXP.exe” [“OuterTechnologies”] NOD32 Kernel Service, NOD32krn, ““C:\Program Files\Eset\nod32krn.exe”” ["Eset "] NVIDIA Display Driver Service, NVSvc, “C:\WINDOWS\system32\nvsvc32.exe” [“NVIDIA Corporation”] Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe” [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Monitor języka PJL\Driver = “PJLMON.DLL” [MS] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 76 seconds, including 3 seconds for message boxes)

proszę pomóżcie nie chce sam kombinować żebym później nie musiał robić formata

Gutek · 2 Grudzień 2007 21:33

Pobierz program SDFix

0racle · 2 Grudzień 2007 21:55

raport

SDFix: Version 1.116 Run by Maniek on 2007-12-02 at 22:47 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\services.exe - Deleted Removing Temp Files… ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-02 22:51:19 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden services & system hive … [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “h0”=dword:00000001 “ujdew”=hex:35,63,c2,cd,8a,1b,f3,27,ad,b2,e7,cb,04,a9,16,10,76,f5,8b,ae,f4,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000000 “khjeh”=hex:3e,86,5b,47,27,28,fc,69,e1,f8,23,c3,4d,b7,ad,32,35,60,fb,8e,30,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch] “Epoch”=dword:0000000b [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] “s1”=dword:e3667250 “s2”=dword:71cc3c33 “h0”=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “h0”=dword:00000001 “ujdew”=hex:35,63,c2,cd,8a,1b,f3,27,ad,b2,e7,cb,04,a9,16,10,76,f5,8b,ae,f4,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000000 “khjeh”=hex:bb,93,6e,d1,64,8d,ca,2c,c2,2a,a5,ef,a5,67,2b,23,a1,bb,a8,00,9c,… “p0”=“C:\Program Files\DAEMON Tools” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] “a0”=hex:20,01,00,00,a0,52,63,62,61,77,18,6f,88,54,db,cf,f4,52,fc,88,36,… “khjeh”=hex:2a,5b,55,1a,02,d6,47,ad,98,bf,d2,1c,b1,7f,52,e2,ac,27,70,f4,7f,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] “khjeh”=hex:3e,10,0a,10,2d,09,1b,a2,24,f1,2d,aa,0e,b4,ba,91,22,60,f2,b1,22,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] “h0”=dword:00000001 “ujdew”=hex:35,63,c2,cd,8a,1b,f3,27,ad,b2,e7,cb,04,a9,16,10,76,f5,8b,ae,f4,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000000 “khjeh”=hex:bb,93,6e,d1,64,8d,ca,2c,c2,2a,a5,ef,a5,67,2b,23,a1,bb,a8,00,9c,… “p0”=“C:\Program Files\DAEMON Tools” [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] “a0”=hex:20,01,00,00,a0,52,63,62,61,77,18,6f,88,54,db,cf,f4,52,fc,88,36,… “khjeh”=hex:2a,5b,55,1a,02,d6,47,ad,98,bf,d2,1c,b1,7f,52,e2,ac,27,70,f4,7f,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] “khjeh”=hex:3e,10,0a,10,2d,09,1b,a2,24,f1,2d,aa,0e,b4,ba,91,22,60,f2,b1,22,… scanning hidden registry entries … [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] “DisplayName”=“Alcohol 120%” [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Sun 15 Apr 2007 444 …HR — “C:\Documents and Settings\Maniek\Dane aplikacji\SecuROM\UserData\securom_v7_01.bak” Finished!

Gutek · 2 Grudzień 2007 22:18

Na koniec - Daj log z ComboFix

0racle · 2 Grudzień 2007 22:35

u mnie combofix wyzucil error wiec wrzucam log z Deckard’s System Scanner jednak sie udalo z combofix tzn zrobic scan sciagnoile mg oz dzialu “przyklejony…”

log z combofix

ComboFix 07-12-02.5 - Maniek 2007-12-02 23:48:54.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.451 [GMT 1:00] Running from: C:\Documents and Settings\Maniek\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))) . 2007-12-02 23:30 . 2007-12-02 23:30 2007-12-02 22:47 . 2007-12-02 22:47 2007-12-02 21:16 . 2007-12-02 21:16 2007-12-02 21:03 . 2007-12-02 21:03 2007-12-02 19:28 . 2007-12-02 22:53 3,375,549 --a------ C:\WINDOWS{00000002-00000000-0000000A-00001102-00000002-80651102}.BAK 2007-11-16 20:00 . 2007-11-16 20:00 2007-11-16 20:00 . 2007-11-16 20:00 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-27 19:57 --------- d-----w C:\Documents and Settings\Maniek\Dane aplikacji\uTorrent 2007-11-26 01:27 --------- d-----w C:\Program Files\rmDC++0.403D[1] 2007-10-30 19:26 --------- d-----w C:\Documents and Settings\Maniek\Dane aplikacji\ATI 2007-10-28 21:03 --------- d-----w C:\Documents and Settings\Maniek\Dane aplikacji\CTdeveloping 2007-10-26 04:23 --------- d-----w C:\Documents and Settings\Maniek\Dane aplikacji\Tlen.pl 2007-10-24 19:17 --------- d-----w C:\Documents and Settings\Maniek\Dane aplikacji\Skype 2007-10-22 12:48 --------- d-----w C:\Program Files\Tlen.pl . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Komunikator”=“C:\Program Files\Tlen.pl\tlen.exe” [2007-10-16 11:53] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-08 09:47] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-03-11 15:40] “WINDVDPatch”=“CTHELPER.EXE” [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE] “UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 01:00] “Jet Detection”=“C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” [2001-11-29 01:00] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “nwiz”=“nwiz.exe” [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“RunDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44] R2 CachemanXPService;CachemanXP;C:\Program Files\CachemanXP\CachemanXP.exe S0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys S2 BT878;BtCap, WDM Video Capture;C:\WINDOWS\system32\drivers\BT878.SYS S2 BTTUNER;BtTuner, WDM TV Tuner;C:\WINDOWS\system32\drivers\BTTUNER.SYS S2 BTXBAR;BtXBar, WDM Crossbar;C:\WINDOWS\system32\drivers\BTXBAR.SYS S3 SF-620;SF-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\SF-620.sys *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-02 23:50:21 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-02 23:51:00 . — E O F —

log z main.txt

Deckard’s System Scanner v20071014.68 Run by Maniek on 2007-12-02 23:30:38 Computer is in Normal Mode. -------------------------------------------------------------------------------- – System Restore -------------------------------------------------------------- Failed to create restore point; System Restore is disabled (service is not running). Backed up registry hives. Performed disk cleanup. – HijackThis (run as Maniek.exe) ---------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:31:17, on 2007-12-02 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CachemanXP\CachemanXP.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Documents and Settings\Maniek\Pulpit\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Maniek.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU…\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\Program Files\CachemanXP\CachemanXP.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe – End of file - 4124 bytes – File Associations ----------------------------------------------------------- .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL “%1”,%* .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser “%1”,%* – Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 npkcrypt - e:\gry\lineage ii\system\npkcrypt.sys R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys S0 st3shark - c:\windows\system32\drivers\st3shark.sys (file missing) S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing) S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing) S2 BT878 (BtCap, WDM Video Capture) - c:\windows\system32\drivers\bt878.sys S2 BTTUNER (BtTuner, WDM TV Tuner) - c:\windows\system32\drivers\bttuner.sys S2 BTXBAR (BtXBar, WDM Crossbar) - c:\windows\system32\drivers\btxbar.sys S3 hamachi (Hamachi Network Interface) - c:\windows\system32\drivers\hamachi.sys S3 SF-620 (SF-620 USB Infrared Adapter) - c:\windows\system32\drivers\sf-620.sys S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing) – Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CachemanXPService (CachemanXP) - c:\program files\cachemanxp\cachemanxp.exe – Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318} Description: Stacja dysków CD-ROM Device ID: SCSI\CDROM&VEN_XQ3150B&PROD_VQC812H&REV_1.0\5&3508CE1C&1&000 Manufacturer: (Standardowe stacje dysków CD-ROM) Name: XQ3150B VQC812H SCSI CdRom Device PNP Device ID: SCSI\CDROM&VEN_XQ3150B&PROD_VQC812H&REV_1.0\5&3508CE1C&1&000 Service: cdrom Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: WAN Miniport (L2TP) Device ID: ROOT\MS_L2TPMINIPORT\0000 Manufacturer: Microsoft Name: WAN Miniport (L2TP) PNP Device ID: ROOT\MS_L2TPMINIPORT\0000 Service: Rasl2tp Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: WAN Miniport (IP) Device ID: ROOT\MS_NDISWANIP\0000 Manufacturer: Microsoft Name: WAN Miniport (IP) PNP Device ID: ROOT\MS_NDISWANIP\0000 Service: NdisWan Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Miniport WAN (PPPOE) Device ID: ROOT\MS_PPPOEMINIPORT\0000 Manufacturer: Microsoft Name: Miniport WAN (PPPOE) PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000 Service: RasPppoe Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: WAN Miniport (PPTP) Device ID: ROOT\MS_PPTPMINIPORT\0000 Manufacturer: Microsoft Name: WAN Miniport (PPTP) PNP Device ID: ROOT\MS_PPTPMINIPORT\0000 Service: PptpMiniport Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Sterownik miniport Harmonogramu pakietów Device ID: ROOT\MS_PSCHEDMP\0001 Manufacturer: Microsoft Name: WAN Miniport (IP) - Sterownik miniport Harmonogramu pakietów PNP Device ID: ROOT\MS_PSCHEDMP\0001 Service: PSched Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318} Description: Device ID: ROOT\PRINTER\0000 Manufacturer: Name: PNP Device ID: ROOT\PRINTER\0000 Service: Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318} Description: Device ID: ROOT\PRINTER\0001 Manufacturer: Name: PNP Device ID: ROOT\PRINTER\0001 Service: Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318} Description: NERO IMAGEDRIVE SCSI Controller Device ID: IMAGEDRV\NEROIMAGEDRV\0000 Manufacturer: Ahead Software AG Name: NERO IMAGEDRIVE SCSI Controller PNP Device ID: IMAGEDRV\NEROIMAGEDRV\0000 Service: imagedrv – Files created between 2007-11-02 and 2007-12-02 ----------------------------- 2007-12-02 22:47:40 0 d-------- C:\WINDOWS\SDFIX 2007-12-02 22:46:16 0 d-------- C:\WINDOWS\CSC 2007-12-02 21:16:42 0 d-------- C:\Program Files\Trend Micro 2007-11-16 20:00:16 0 d-------- C:\Program Files\Yahoo! 2007-11-16 20:00:05 0 d-------- C:\Program Files\CCleaner – Find3M Report --------------------------------------------------------------- 2007-12-02 22:55:19 448348 --a----c- C:\WINDOWS\system32\perfh015.dat 2007-12-02 22:55:19 74450 --a----c- C:\WINDOWS\system32\perfc015.dat 2007-12-02 22:45:30 24 --a----c- C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat 2007-12-02 22:45:30 24 --a----c- C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat 2007-12-02 21:03:17 0 d-------- C:\Documents and Settings\Maniek\Dane aplikacji\WinPatrol 2007-11-27 20:57:48 0 d-------- C:\Documents and Settings\Maniek\Dane aplikacji\uTorrent 2007-11-26 02:27:46 0 d-------- C:\Program Files\rmDC++0.403D[1] 2007-10-30 20:26:51 0 d-------- C:\Documents and Settings\Maniek\Dane aplikacji\ATI 2007-10-28 22:03:54 0 d-------- C:\Documents and Settings\Maniek\Dane aplikacji\CTdeveloping 2007-10-26 05:23:21 0 d-------- C:\Documents and Settings\Maniek\Dane aplikacji\Tlen.pl 2007-10-24 20:17:18 0 d-------- C:\Documents and Settings\Maniek\Dane aplikacji\Skype 2007-10-22 13:48:31 0 d-------- C:\Program Files\Tlen.pl – Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-03-11 15:40] “WINDVDPatch”=“CTHELPER.EXE” [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE] “UpdReg”=“C:\WINDOWS\UpdReg.EXE” [2000-05-11 01:00] “Jet Detection”=“C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” [2001-11-29 01:00] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 10:50] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-10-22 11:22] “nwiz”=“nwiz.exe” [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“NvMCTray.dll” [2006-10-22 11:22 C:\WINDOWS\system32\nvmctray.dll] “KernelFaultCheck”=“C:\WINDOWS\system32\dumprep 0 -k” [] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Komunikator”=“C:\Program Files\Tlen.pl\tlen.exe” [2007-10-16 11:53] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-08 09:47] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoLowDiskSpaceChecks”=1 (0x1) *Newly Created Service* - CATCHME – End of Deckard’s System Scanner: finished at 2007-12-02 23:31:51 ------------

a tu z extra.txt

Deckard’s System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- – System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: Polish CPU 0: Intel® Celeron® CPU 2.00GHz Percentage of Memory in Use: 32% Physical Memory (total/avail): 767.47 MiB / 520.38 MiB Pagefile Memory (total/avail): 1875.33 MiB / 1663.97 MiB Virtual Memory (total/avail): 2047.88 MiB / 1932.55 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 10.74 GiB total, 6.24 GiB free. D: is Fixed (NTFS) - 97.65 GiB total, 23.76 GiB free. E: is Fixed (NTFS) - 124.48 GiB total, 14.14 GiB free. F: is CDROM (CDFS) \.\PHYSICALDRIVE0 - WDC WD2500JB-00GVC0 - 232.88 GiB - 3 partitions \PARTITION0 (bootable) - Instalowalny system plików - 10.74 GiB - C: \PARTITION1 - Rozszerzona z rozszerzonym przerwaniem 13 - 222.14 GiB - D: - E: – Security Center ------------------------------------------------------------- AUOptions is disabled. – Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Maniek\Dane aplikacji CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=MANIEK-48C37502 ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Maniek LOGONSERVER=\MANIEK-48C37502 NewEnvironment1=C:\Program Files\ATI Technologies\ATI.ACE\ NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0207 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Maniek\USTAWI~1\Temp TMP=C:\DOCUME~1\Maniek\USTAWI~1\Temp USERDOMAIN=MANIEK-48C37502 USERNAME=Maniek USERPROFILE=C:\Documents and Settings\Maniek windir=C:\WINDOWS – User Profiles --------------------------------------------------------------- Maniek (admin) – Add/Remove Programs --------------------------------------------------------- --> “C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE” /X /U /S --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 --> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe” -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe” -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe” -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe” -l0x9 /remove --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf “SubEdit-Player” --> C:\Program Files\SubEdit-Player\Odinstaluj.exe ACDSee --> C:\PROGRA~1\ACDSYS~1\ACDSee\UNWISE.EXE C:\PROGRA~1\ACDSYS~1\ACDSee\INSTALL.LOG Adobe Acrobat 5.0 CE --> C:\WINDOWS\ISUN0415.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0 CE\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0 CE\NT\Uninst.dll" ALLPlayer V2.1 --> C:\Program Files\MarBit\ALLPlayer\UnGins.exe “C:\Program Files\MarBit\ALLPlayer\install.log” ALLPlayer V2.2.L --> “C:\Program Files\MarBit\ALLPlayer\unins000.exe” Archiwizator WinRAR --> C:\Program Files\WinRAR\uninstall.exe ATI Catalyst Control Center --> MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B} ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean CachemanXP 1.1 --> C:\PROGRA~1\CACHEM~1\UNINST~1\UNWISE.EXE C:\PROGRA~1\CACHEM~1\UNINST~1\install.log CCleaner (remove only) --> “C:\Program Files\CCleaner\uninst.exe” DFX 8 for Winamp --> “C:\Program Files\Winamp\uninstall_dfx.exe” Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat ffdshow [rev 780] [2007-01-15] --> “C:\Program Files\ffdshow\unins000.exe” Gadu-Gadu 7.7 --> C:\Program Files\Gadu-Gadu\Setup.exe GraveLand C5 Patch --> MsiExec.exe /I{A04B4F9D-8E55-414D-9681-8B997595D2F7} Hero Editor V0.90 --> C:\WINDOWS\st6unst.exe -n “C:\Program Files\Hero Editor\ST6UNST.LOG” HijackThis 2.0.2 --> “C:\Program Files\Trend Micro\HijackThis\HijackThis.exe” /uninstall J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060} Java SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Lineage II --> C:\Program Files\InstallShield Installation Information{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}\setup.exe -runfromtemp -l0x0009 -removeonly Lineage II Red Dragon --> “C:\WINDOWS\Lineage II Red Dragon\uninstall.exe” “/U:E:\Gry\Lineage II\uninstall\uninstall.xml” Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110415-6000-11D3-8CFE-0150048383C9} mIRC --> “E:\Dane\mIRC\mirc.exe” -uninstall Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe Nero 7 Demo --> MsiExec.exe /I{AEE7FA17-11D2-3243-509B-29B594FC1045} NOD32 Antivirus System --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL NOD32 FiX v2.1 --> “C:\Program Files\Eset\unins000.exe” NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 Registry Mechanic 5.1 --> “C:\Program Files\Registry Mechanic\unins000.exe” Skype 3.0 --> “C:\Program Files\Skype\Phone\unins000.exe” Skype Plugin Manager --> MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} Sound Blaster Live! Web 2K/XP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup “C:\Program Files\InstallShield Installation Information{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe” -l0x9 Sp5 --> MsiExec.exe /I{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C} Sp5Intl --> MsiExec.exe /I{FD4B33E1-24AE-4535-AA7B-162B30FB57CD} Sp5TTInt --> MsiExec.exe /I{E415C943-37E5-473F-8BAE-043C56734124} SpCommon --> MsiExec.exe /I{6C3959C6-943E-44B3-BAAD-570B04B134E5} SpeechRedist --> MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE} SpPhones --> MsiExec.exe /I{4DFF1415-4C29-44A8-BFD4-2BCE249C4991} sXe Injected --> “E:\Gry\CS 1.6\sXe Injected\uninstall.exe” Tlen.pl --> “C:\Program Files\Tlen.pl\uninstall.exe” Unreal Tournament 2004 --> e:\Gry\UT2004\System\Setup.exe uninstall “UT2004” Winamp (remove only) --> “C:\Program Files\Winamp\UninstWA.exe” WinXP Manager --> MsiExec.exe /I{26230539-8DAE-46CF-BC7A-E8BCA8205DCF} Xvid 1.1.2 final uninstall --> “C:\Program Files\Xvid\unins000.exe” Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe – Application Event Log ------------------------------------------------------- Event Record #/Type3132 / Error Event Submitted/Written: 11/08/2007 04:55:28 PM Event ID/Source: 1000 / Application Error Event Description: Aplikacja powodująca błąd PrawkoB.exe, wersja 0.0.0.0, moduł powodujący błąd msvbvm60.dll, wersja 6.0.97.82, adres błędu 0x000fd09e. Przetwarzanie zdarzenia określonego nośnika dla [PrawkoB.exe!ws!] – Security Event Log ---------------------------------------------------------- No Errors/Warnings found. – System Event Log ------------------------------------------------------------ Event Record #/Type24400 / Warning Event Submitted/Written: 12/02/2007 11:29:07 PM Event ID/Source: 4226 / Tcpip Event Description: Protokół TCP/IP osiągnął limit zabezpieczeń ustalony dla liczby równoczesnych prób połączeń TCP. Event Record #/Type24396 / Warning Event Submitted/Written: 12/02/2007 10:53:14 PM Event ID/Source: 20027 / Rasman Event Description: Nie można uruchomić Menedżera połączeń usługi Dostęp zdalny, ponieważ nie można otworzyć sieci NDISWAN. Event Record #/Type24385 / Error Event Submitted/Written: 12/02/2007 10:51:21 PM Event ID/Source: 7023 / Service Control Manager Event Description: Usługa Usługa przywracania systemu zakończyła działanie; wystąpił następujący błąd: %%2 Event Record #/Type24384 / Error Event Submitted/Written: 12/02/2007 10:51:21 PM Event ID/Source: 7000 / Service Control Manager Event Description: Nie można uruchomić usługi BtXBar, WDM Crossbar z powodu następującego błędu: %%1058 Event Record #/Type24383 / Error Event Submitted/Written: 12/02/2007 10:51:21 PM Event ID/Source: 7000 / Service Control Manager Event Description: Nie można uruchomić usługi BtTuner, WDM TV Tuner z powodu następującego błędu: %%1058 – End of Deckard’s System Scanner: finished at 2007-12-02 23:31:51 ------------

Złączono Posta : 03.12.2007 (Pon) 12:53

Dziś zobaczylem jeszcze taki proces w menadżerze zadań wscntfy.exe i nie moge go usunac po chwili pojawia sie ponownie czym to usunąć ?

Gutek · 3 Grudzień 2007 16:15

W logu nic nie widzę.

wscntfy.exe - od Microsoft Windows Security Center