XP: Explorer.exe ciągle w kółko się wyłącza


(Kubek1200) #1

Gdy zaloguję się to po 5 sekundach wyłącza i włącza mi się w kółko explorer.exe wydając dźwięk.

Czasem się uspokoi, ale jak explorer się zawiesi to w menedżerze zadań zamykam proces, a gdy go znowu włącze przez menedżer zadań to zaczyna się znowu...

Jeszcze nigdy nie spotkałem się z takim nieznośnym problemem.

Podejrzewam, że to jest jakiś wirus, który mi antywirus nie wykrył.


(Dawid Czernek) #2

Daj log z HjackThis.

Instrukcja: http://forum.dobreprogramy.pl/hijackthis-rsit-otl-dds-inne-instrukcja-t36654.html


(Kubek1200) #3

Log HJT:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:36:16, on 2009-10-27

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe

C:\WINDOWS\system32\ASTSRV.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\TUProgSt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Documents and Settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

C:\DOCUME~1\KUBEK~1.KUB\USTAWI~1\Temp\d.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll

O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\KUBEK~1.KUB\USTAWI~1\Temp\d.exe

O4 - Startup: Skrót do egui.lnk = C:\Program Files\ESET\ESET Smart Security\egui.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256487646531

O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe

O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Findbasic Service - Unknown owner - C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Findbasic\findbasic131.exe

O23 - Service: Usługa Google Update (gupdate1c9ef5be5f3a182) (gupdate1c9ef5be5f3a182) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe

O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe


--

End of file - 5035 bytes

(Olixxx94) #4

Fix w HijackThis. Daj log z OTL.


(Kubek1200) #5

log:

http://wklej.org/id/187435/

-- Dodane 27.10.2009 (Wt) 18:35 --

Oj.

to nie ten log OTL

po raz kolejny...

-- Dodane 27.10.2009 (Wt) 21:41 --

To jest dobry log OTL:

http://wklej.org/id/187451/

-- Dodane 29.10.2009 (Cz) 11:34 --

Log Combofix:

ComboFix 09-10-28.06 - kubek 2009-10-29 11:22.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2038.1343 [GMT 1:00]

Uruchomiony z: c:\documents and settings\kubek.KUBEKXP-PC\Moje dokumenty\Downloads\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\kubek.KUBEKXP-PC\Pulpit\CFScript.txt

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Zapora osobista *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

 * Utworzono nowy punkt przywracania

 * Rezydentny antywirus jest aktywny



FILE ::

"c:\windows\kgqfweltedw.dll"

"c:\windows\mrvtdpqe.exe"

"c:\windows\nqgpedlr.dll"

"c:\windows\okmdepgb.dll"

"c:\windows\system32\khfEVPFx.dll"

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\$recycle.bin\S-1-5-21-88592010-846006287-4006485344-1000

c:\windows\system32\404Fix.exe

c:\windows\system32\Agent.OMZ.Fix.exe

c:\windows\system32\dumphive.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\o4Patch.exe

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe


.

((((((((((((((((((((((((( Pliki utworzone od 2009-09-28 do 2009-10-29 )))))))))))))))))))))))))))))))

.


2009-12-29 11:30 . 2009-12-29 11:30	--------	d-----w-	c:\program files\Winstep

2009-12-29 11:27 . 2009-10-14 08:18	--------	d-----w-	c:\program files\Microsoft Silverlight

2009-12-28 17:31 . 2009-12-28 17:31	--------	d-----w-	c:\documents and settings\^^^Kubek^^^\IECompatCache

2009-12-28 17:31 . 2009-12-28 17:31	--------	d-----w-	c:\documents and settings\^^^Kubek^^^\PrivacIE

2009-12-28 17:30 . 2009-12-28 17:30	--------	d-----w-	c:\documents and settings\^^^Kubek^^^\Ustawienia lokalne\Dane aplikacji\Ahead

2009-12-28 17:30 . 2009-12-28 17:30	--------	d-----w-	c:\documents and settings\^^^Kubek^^^\IETldCache

2009-12-28 17:30 . 2009-12-28 17:44	--------	d-----w-	c:\documents and settings\^^^Kubek^^^\Ustawienia lokalne\Dane aplikacji\Microsoft

2009-12-28 17:30 . 2009-12-28 17:44	--------	d-----w-	c:\documents and settings\^^^Kubek^^^\Ulubione

2009-12-28 17:30 . 2009-12-28 17:44	--------	d-----w-	c:\documents and settings\^^^Kubek^^^\Szablony

2009-12-28 17:30 . 2009-12-28 17:44	--------	d-----w-	c:\documents and settings\^^^Kubek^^^\Dane aplikacji

2009-12-28 17:30 . 2009-10-25 14:43	--------	d-----w-	c:\documents and settings\^^^Kubek^^^\Ustawienia lokalne

2009-12-28 17:30 . 2009-12-28 17:44	--------	d-s---w-	c:\documents and settings\^^^Kubek^^^

2009-12-28 09:45 . 2009-12-28 09:45	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\TuneUp Software

2009-12-28 09:44 . 2009-10-15 13:33	--------	d-----w-	c:\program files\TuneUp Utilities 2009

2009-12-28 09:44 . 2009-12-28 09:44	--------	d-sh--w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\{55A29068-F2CE-456C-9148-C869879E2357}

2009-12-28 09:15 . 2009-12-28 09:15	172910	----a-w-	C:\cc_20091228_101523.reg

2009-12-25 15:32 . 2009-10-14 08:18	--------	d-----w-	C:\wamp

2009-12-25 10:17 . 2009-09-24 16:55	49016	----a-w-	c:\windows\system32\GDIPFONTCACHEV1.DAT

2009-12-24 10:36 . 2009-12-24 10:36	--------	d-----w-	C:\Adobe

2009-12-22 17:07 . 2009-12-22 17:08	--------	d-----w-	C:\3a07cbfef00f8827fae4ef

2009-12-22 17:06 . 2009-12-22 17:22	--------	d-----w-	c:\windows\SxsCaPendDel

2009-12-22 07:36 . 2009-10-14 08:19	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Documents

2009-12-22 07:22 . 2009-10-14 08:20	--------	dc-h--w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\{62902F53-D725-44F9-B385-979CC0E00E8A}

2009-12-20 09:10 . 2009-12-20 09:10	--------	d-----w-	c:\program files\GIMP-2.0

2009-12-20 08:37 . 2009-12-20 08:37	--------	d-----w-	c:\program files\Unlocker

2009-12-20 07:50 . 2009-12-20 07:50	--------	d-----w-	c:\program files\My Drive Meter

2009-10-29 10:08 . 2005-05-03 18:43	69632	------w-	c:\windows\Alcmtr.exe

2009-10-29 07:44 . 2009-09-10 13:45	4224	-c--a-w-	c:\windows\system32\dllcache\beep.sys

2009-10-29 07:44 . 2009-09-10 13:45	4224	----a-w-	c:\windows\system32\drivers\beep.sys

2009-10-27 19:31 . 2009-10-27 19:31	--------	d-----w-	c:\program files\Lavalys

2009-10-27 13:02 . 2009-08-29 07:52	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll

2009-10-27 13:02 . 2009-08-29 07:52	594432	-c----w-	c:\windows\system32\dllcache\msfeeds.dll

2009-10-27 13:02 . 2009-08-29 07:52	55296	-c----w-	c:\windows\system32\dllcache\msfeedsbs.dll

2009-10-27 13:02 . 2009-08-29 07:52	1986048	-c----w-	c:\windows\system32\dllcache\iertutil.dll

2009-10-27 13:02 . 2009-08-29 07:52	246272	-c----w-	c:\windows\system32\dllcache\ieproxy.dll

2009-10-27 13:02 . 2009-08-29 11:22	11069952	-c----w-	c:\windows\system32\dllcache\ieframe.dll

2009-10-27 10:41 . 2009-10-27 11:12	--------	d---a-w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\TEMP

2009-10-27 10:39 . 2009-06-03 18:06	180224	----a-w-	c:\windows\system32\cnvshell.dll

2009-10-27 10:15 . 2004-04-19 17:53	1706800	----a-w-	c:\windows\system32\gdiplus.dll

2009-10-27 10:15 . 2009-10-27 11:18	--------	d-----w-	c:\program files\ImageConverter Plus

2009-10-27 10:00 . 2009-10-27 10:06	--------	d-----w-	c:\program files\IconXP 2.03

2009-10-27 09:54 . 2009-10-27 10:05	--------	d-----w-	c:\program files\IconXP

2009-10-27 09:09 . 2009-10-27 10:32	--------	d-----w-	c:\program files\CubicExplorer

2009-10-27 08:54 . 2009-10-27 08:55	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\GHISLER

2009-10-25 17:12 . 2009-10-25 17:12	--------	d-----w-	c:\program files\Sun

2009-10-25 16:16 . 2009-10-26 06:37	--------	d-----w-	c:\program files\Findbasic

2009-10-25 16:16 . 2009-10-25 16:19	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Findbasic

2009-10-25 16:16 . 2009-10-27 08:55	--------	d-----w-	c:\windows\Icons

2009-10-25 16:16 . 2009-10-25 16:20	--------	d-----w-	c:\program files\FileSubmit

2009-10-25 14:20 . 2009-10-25 14:20	--------	d-----w-	c:\windows\NLDRV

2009-10-25 13:58 . 2009-04-10 15:19	180224	----a-w-	c:\windows\system32\igfxres.dll

2009-10-25 13:50 . 2009-09-10 13:45	7680	-c--a-w-	c:\windows\system32\dllcache\migregdb.exe

2009-10-25 13:49 . 2009-09-10 13:45	56832	-c--a-w-	c:\windows\system32\dllcache\convlog.exe

2009-10-25 13:46 . 2009-09-10 13:45	16384	-c--a-w-	c:\windows\system32\dllcache\isignup.exe

2009-10-25 13:37 . 2008-04-14 19:51	152064	----a-w-	c:\windows\system32\irftp.exe

2009-10-25 13:37 . 2008-04-14 19:51	8192	----a-w-	c:\windows\system32\wshirda.dll

2009-10-25 13:37 . 2008-04-14 19:50	28672	----a-w-	c:\windows\system32\irmon.dll

2009-10-25 13:29 . 2009-09-10 13:45	13312	-c--a-w-	c:\windows\system32\dllcache\irclass.dll

2009-10-25 13:29 . 2009-09-10 13:45	13312	----a-w-	c:\windows\system32\irclass.dll

2009-10-25 13:29 . 2009-09-10 13:45	24661	-c--a-w-	c:\windows\system32\dllcache\spxcoins.dll

2009-10-25 13:29 . 2009-09-10 13:45	24661	----a-w-	c:\windows\system32\spxcoins.dll

2009-10-23 18:15 . 2009-10-23 18:17	--------	d-----w-	c:\windows\vf_hip

2009-10-23 18:15 . 2009-10-23 18:16	--------	d-----w-	c:\program files\Hide IP Platinum

2009-10-23 17:57 . 2009-10-23 18:08	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Hide IP NG

2009-10-23 17:57 . 2009-10-23 18:08	--------	d-----w-	c:\program files\Hide IP NG

2009-10-23 15:47 . 2009-10-23 15:47	--------	d-----w-	c:\program files\Gadget Extractor

2009-10-23 15:43 . 2009-10-23 15:43	--------	d-----w-	c:\program files\Windows Sidebar

2009-10-23 15:42 . 2009-10-23 15:42	--------	d-----w-	C:\b71a55e9fb9838ee6e9ea6e75147735e

2009-10-23 15:41 . 2009-10-23 15:41	--------	d-----w-	c:\program files\Alky for Applications

2009-10-23 07:28 . 2009-10-23 07:30	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Nitro PDF

2009-10-23 07:28 . 2009-09-15 08:16	17728	----a-w-	c:\windows\system32\nitrolocalui.dll

2009-10-23 07:28 . 2009-09-15 08:15	26432	----a-w-	c:\windows\system32\nitrolocalmon.dll

2009-10-23 07:27 . 2009-10-23 07:27	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Nitro PDF

2009-10-23 07:27 . 2009-10-23 07:27	--------	d-----w-	c:\program files\Common Files\Nitro PDF

2009-10-23 07:27 . 2009-10-23 07:27	--------	d-----w-	c:\program files\Nitro PDF

2009-10-23 07:26 . 2009-10-23 07:26	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Downloaded Installations

2009-10-15 21:44 . 2009-10-15 21:44	--------	d-----w-	C:\98f502015a4805735a

2009-10-14 12:55 . 2009-10-14 12:56	--------	d-----w-	C:\v

2009-10-14 09:18 . 2009-10-14 09:23	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\AveDesk

2009-10-14 09:17 . 2009-10-14 09:20	--------	d-----w-	c:\program files\AveDesk

2009-10-13 17:25 . 2009-10-13 17:25	--------	d-----w-	c:\program files\Microsoft Device Emulator

2009-10-13 17:25 . 2009-10-13 17:25	--------	d-----w-	c:\program files\Windows Mobile 6 SDK

2009-10-12 18:55 . 2009-10-12 18:55	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Stardock

2009-10-12 18:31 . 2009-10-12 18:31	604416	----a-w-	c:\windows\system32\TUProgSt.exe

2009-10-12 18:30 . 2009-10-12 18:30	361216	----a-w-	c:\windows\system32\TuneUpDefragService.exe

2009-10-12 15:13 . 2009-10-25 17:20	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\.VirtualBox

2009-10-11 15:23 . 2009-10-11 15:23	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Ceiiular

2009-10-11 15:20 . 2009-10-11 15:20	--------	d-----w-	c:\program files\Show Desktop

2009-10-11 15:06 . 2009-10-11 15:06	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Library

2009-10-11 15:06 . 2009-10-11 15:06	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\com.adobe.ExMan

2009-10-11 14:57 . 2009-10-11 14:57	--------	d-----w-	c:\windows\system32\wbem\Repository

2009-10-11 08:01 . 2009-10-11 08:18	--------	d-----w-	C:\ts2

2009-10-09 16:43 . 2009-10-09 16:45	--------	d-----w-	C:\pen

2009-10-09 08:09 . 2009-10-09 08:09	--------	d-----w-	C:\Windows 7 (E)

2009-10-09 07:30 . 2009-10-11 08:08	--------	d-----w-	C:\windowsxp

2009-10-02 15:18 . 2009-10-02 15:18	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Opera

2009-10-02 15:18 . 2009-10-25 14:04	--------	d-----w-	c:\program files\Opera

2009-10-02 15:08 . 2009-10-02 15:08	0	----a-w-	c:\windows\nsreg.dat

2009-10-02 15:08 . 2009-10-02 15:08	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Mozilla

2009-10-01 15:49 . 2009-09-15 15:17	--------	d-----w-	C:\antysledz

2009-10-01 15:34 . 2009-10-11 15:05	--------	d-----w-	c:\program files\Adobe Media Player

2009-10-01 15:01 . 2009-10-11 15:06	--------	d-----r-	C:\MSOCache

2009-10-01 13:59 . 2009-10-01 13:59	--------	d-----w-	c:\program files\Kwyshell

2009-10-01 13:35 . 2009-09-09 19:15	115856	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys

2009-10-01 13:35 . 2009-09-09 19:15	91856	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys

2009-10-01 13:35 . 2009-09-09 19:15	41424	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys

2009-10-01 13:23 . 2009-10-01 13:23	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\ABBYY

2009-10-01 13:20 . 2009-10-01 13:20	--------	d-----w-	c:\program files\Common Files\ABBYY

2009-10-01 13:16 . 2009-10-01 13:30	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\ABBYY

2009-10-01 13:16 . 2009-10-01 13:30	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\ABBYY

2009-10-01 13:16 . 2009-10-01 13:23	--------	d-----w-	c:\program files\ABBYY FineReader 9.0

2009-10-01 13:12 . 2009-10-01 13:13	--------	d-----w-	c:\temp\FR90PE

2009-10-01 13:12 . 2009-10-01 13:12	--------	d-----w-	C:\temp

2009-10-01 12:38 . 2009-10-01 12:38	--------	d-----w-	c:\windows\tessdata

2009-10-01 12:38 . 2009-10-01 12:38	--------	d-----w-	c:\program files\Softi Software

2009-10-01 12:37 . 2009-10-01 12:37	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Softi Software


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-22 08:45 . 2009-05-14 15:20	163712	----a-w-	c:\windows\system32\drivers\vidstub.sys

2009-12-22 07:23 . 2009-03-04 18:07	--------	d-----w-	c:\program files\Common Files\Stardock

2009-10-29 10:22 . 2008-04-15 12:00	490866	----a-w-	c:\windows\system32\perfh015.dat

2009-10-29 10:22 . 2008-04-15 12:00	84078	----a-w-	c:\windows\system32\perfc015.dat

2009-10-29 10:17 . 2009-04-12 14:38	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\ipla

2009-10-29 10:08 . 2009-02-26 16:14	--------	d-----w-	c:\program files\Realtek

2009-10-27 12:31 . 2009-09-10 13:44	--------	d-----w-	c:\program files\Weemi

2009-10-27 12:25 . 2009-06-26 10:14	--------	d-----w-	c:\program files\Microsoft Studio

2009-10-27 11:46 . 2009-09-10 13:45	3539968	----a-w-	c:\windows\system32\logonuiX.exe

2009-10-27 11:18 . 2009-05-24 17:18	--------	d-----w-	c:\program files\Thoosje Vista Sidebar

2009-10-27 11:18 . 2009-04-22 08:26	--------	d-----w-	c:\program files\DivX

2009-10-27 11:18 . 2009-03-20 17:09	--------	d-----w-	c:\program files\Inno Setup 5

2009-10-27 11:18 . 2009-04-15 07:42	--------	d-----w-	c:\program files\Free FLV Converter

2009-10-27 11:18 . 2009-03-04 18:02	--------	d-----w-	c:\program files\Avanquest update

2009-10-27 11:02 . 2009-02-27 19:52	--------	d-----w-	c:\program files\Windows Media Connect 2

2009-10-27 09:14 . 2009-03-31 08:16	--------	d-----w-	c:\program files\WinFlip

2009-10-25 13:44 . 2009-04-10 14:58	23016	----a-w-	c:\windows\system32\emptyregdb.dat

2009-10-23 18:33 . 2009-04-26 08:12	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\BitTorrent

2009-10-23 17:09 . 2009-04-01 15:40	--------	d-----w-	c:\program files\ESET

2009-10-23 15:47 . 2009-04-10 15:09	49464	----a-w-	c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-10-15 21:43 . 2009-05-10 12:57	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help

2009-10-14 10:57 . 2009-02-27 16:39	--------	d-----w-	c:\program files\Styler

2009-10-14 08:20 . 2009-05-14 17:37	--------	d-----w-	c:\program files\ViGlance

2009-10-14 08:20 . 2009-03-31 05:46	--------	d-----w-	c:\program files\Visplore

2009-10-14 08:20 . 2009-08-31 18:23	--------	d-----w-	c:\program files\DebugMode

2009-10-14 08:19 . 2009-08-12 18:12	--------	d-----w-	c:\program files\NAPI-PROJEKT

2009-10-14 08:18 . 2009-05-14 17:35	--------	d-----w-	c:\program files\ViStart

2009-10-12 18:50 . 2009-06-26 08:10	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Electronic Arts

2009-10-01 15:33 . 2009-02-26 07:29	--------	d-----w-	c:\program files\Common Files\Adobe

2009-09-27 07:44 . 2009-08-31 21:27	664	----a-w-	c:\windows\system32\d3d9caps.dat

2009-09-23 13:53 . 2009-07-21 07:21	--------	d-----w-	c:\program files\Gem Ball Ancient Legends

2009-09-23 13:52 . 2009-03-06 08:00	--------	d-----w-	c:\program files\Stardock

2009-09-23 13:35 . 2009-06-26 08:10	--------	d-----w-	c:\program files\Electronic Arts

2009-09-23 13:32 . 2009-03-14 18:52	--------	d-----w-	c:\program files\EA GAMES

2009-09-22 15:40 . 2009-09-22 15:40	--------	d-----w-	c:\program files\4t Tray Minimizer

2009-09-15 08:17 . 2009-09-15 08:17	61760	----a-w-	c:\windows\system32\ASTSRV.EXE

2009-09-13 08:42 . 2009-09-13 08:42	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\TuneUp Software

2009-09-09 19:15 . 2009-09-09 19:15	133648	----a-w-	c:\windows\system32\VBoxNetFltNotify.dll

2009-09-09 19:15 . 2009-09-09 19:15	100368	----a-w-	c:\windows\system32\drivers\VBoxNetFlt.sys

2009-09-07 15:18 . 2009-09-07 15:18	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\GlobalSCAPE

2009-09-07 13:40 . 2009-09-07 13:17	153509	----a-w-	c:\windows\hpoins14.dat

2009-09-07 13:30 . 2009-09-07 13:30	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\HP Product Assistant

2009-09-07 13:30 . 2009-05-10 12:50	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\HP

2009-09-07 13:29 . 2009-09-07 13:29	--------	d-----w-	c:\program files\Hewlett-Packard

2009-09-07 13:18 . 2009-09-07 13:18	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Malwarebytes

2009-09-04 08:04 . 2009-09-04 08:04	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Dane aplikacji\RealHideIP

2009-09-01 07:06 . 2009-04-23 09:56	--------	d-----w-	c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Nowe Gadu-Gadu

2009-08-31 18:45 . 2009-07-15 11:50	--------	d-----w-	c:\program files\bobyte

2009-08-29 07:52 . 2009-09-10 13:45	916480	----a-w-	c:\windows\system32\wininet.dll

2009-08-12 17:09 . 2009-08-12 17:09	226010	----a-w-	C:\cc_20090812_190919.reg

2009-08-03 11:36 . 2009-08-12 17:12	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-03 11:36 . 2009-08-12 17:12	19096	----a-w-	c:\windows\system32\drivers\mbam.sys

.


------- Sigcheck -------


[-] 2009-09-10 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-06-13 16377344]


c:\documents and settings\kubek.KUBEKXP-PC\Menu Start\Programy\Autostart\

4t Tray Minimizer.lnk - c:\program files\4t Tray Minimizer\4t-min.exe [2009-9-22 1091584]

Skr˘t do egui.lnk - c:\program files\ESET\ESET Smart Security\egui.exe [2009-5-14 2029640]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"EditLevel"= 0 (0x0)

"NoCommonGroups"= 0 (0x0)


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"UIHost"="c:\windows\system32\logonui.exe"


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2008-09-16 07:44	174328	----a-w-	c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll


[HKLM\~\startupfolder\C:^Documents and Settings^kubek.KUBEKXP-PC^Menu Start^Programy^Autostart^ViGlance OneStep.exe]

path=c:\documents and settings\kubek.KUBEKXP-PC\Menu Start\Programy\Autostart\ViGlance OneStep.exe

backup=c:\windows\pss\ViGlance OneStep.exeStartup


[HKLM\~\startupfolder\C:^Documents and Settings^Kubek2^Menu Start^Programy^Autostart^Styler.lnk]

path=c:\documents and settings\Kubek2\Menu Start\Programy\Autostart\Styler.lnk

backup=c:\windows\pss\Styler.lnkStartup


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"ctfmon.exe"=c:\windows\system32\ctfmon.exe


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin


[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4


R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]

R0 Si3124;Si3124;c:\windows\system32\drivers\si3124.sys [2009-09-10 69248]

R0 Si3531;Si3531;c:\windows\system32\drivers\Si3531.sys [2009-09-10 212520]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-05-14 107256]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-10-01 115856]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-10-01 41424]

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]

R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]

R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-09-15 188736]

R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-10-12 604416]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-10-01 91856]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-09-09 100368]

R3 xpvcom;XPVCOM Port;c:\windows\system32\drivers\XPVCOM.sys [2007-03-23 30032]

S2 CoLinuxDriver;CoLinuxDriver;\??\c:\ubuntu\Portable_Ubuntu\linux.sys --> c:\ubuntu\Portable_Ubuntu\linux.sys [?]

S2 Findbasic Service;Findbasic Service;c:\documents and settings\All Users.WINDOWS\Dane aplikacji\Findbasic\findbasic131.exe [2009-10-25 54776]

S2 gupdate1c9ef5be5f3a182;Usługa Google Update (gupdate1c9ef5be5f3a182);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 133104]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]


--- Inne Usługi/Sterowniki w Pamięci ---


*NewlyCreated* - CLASSPNP_2

*NewlyCreated* - MBR

*Deregistered* - CLASSPNP_2

*Deregistered* - mbr


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]

"c:\program files\Windows Sidebar\sidebar.exe" /RegServer

.

Zawartość folderu 'Zaplanowane zadania'


2009-10-29 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]


2009-10-29 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-17 14:52]


2009-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 14:57]


2009-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 14:57]


2009-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1491950412-2009852829-4049741679-1003Core.job

- c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-10 17:06]


2009-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1491950412-2009852829-4049741679-1003UA.job

- c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-10 17:06]


2009-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1425521274-1177238915-1003.job

- c:\documents and settings\kubek.KUBEKXP-PC\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2009-04-10 17:06]


2009-10-29 c:\windows\Tasks\User_Feed_Synchronization-{F18B4246-7B93-4B2B-932B-4B1708AC5A73}.job

- c:\windows\system32\msfeedssync.exe [2009-09-10 13:45]

.

.

------- Skan uzupełniający -------

.

FF - ProfilePath - c:\documents and settings\kubek.KUBEKXP-PC\Dane aplikacji\Mozilla\Firefox\Profiles\9snnallf.default\

.


**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-29 11:31

Windows 5.1.2600 Dodatek Service Pack 3 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------


[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)


[HKEY_USERS\S-1-5-21-1491950412-2009852829-4049741679-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2E774316-4A34-AD93-7E3D-2FA9BB15338B}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"haoecdjcjhjcbkfj"=hex:6a,61,6a,64,6a,68,63,6b,62,6a,63,65,6b,64,62,6f,70,65,

   66,6f,00,ea

"iamemceihflomihehd"=hex:6a,61,6a,64,6a,68,63,6b,62,6a,63,65,6b,64,62,6f,70,65,

   66,6f,00,00

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'winlogon.exe'(1396)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

c:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll

.

Czas ukończenia: 2009-10-29 11:33

ComboFix-quarantined-files.txt 2009-10-29 10:33

ComboFix2.txt 2009-10-25 14:43


Przed: 18 247 036 928 bajtów wolnych

Po: 18 269 405 184 bajtów wolnych


- - End Of File - - B24238B21702E962C86F838BCFBBDA6C