Witam serdecznie.
Proszę o sprawdzenie mojego log-a, ponieważ od kilku dni komputer mi się zawiesza i jest problem z wyłączeniem komputera poprzez START --> ZAMKNIJ SYSTEM.
Logfile of HijackThis v1.99.1
Scan saved at 11:27:29, on 2007-06-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\program files\voipcheapcom\voipcheapcom.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
c:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.o2.pl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://en.uk.acer.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipCheapCom] "C:\program files\voipcheapcom\voipcheapcom.exe" -nosplash -minimized
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O8 - Extra context menu item: Open With JPEGCompress - res://C:\Program Files\JPEGCompress\owjc.dll/CONTEXT_HANDLE.HTM
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1166028007359
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
ComboFix 07-06-17 - D:\ComboFix.exe “Martinez” - 2007-06-17 16:28:19 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\Martinez\Desktop.\internet explorer.lnk ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\nm ((((((((((((((((((((((((( Files Created from 2007-05-17 to 2007-06-17 ))))))))))))))))))))))))))))))) 2007-06-17 16:28 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-17 11:27 218,112 --a------ C:\HijackThis.exe 2007-06-12 19:57 100,448 --a------ C:\WINDOWS\system32\drivers\pctfw1.sys 2007-06-12 19:57 2007-06-12 19:15 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-06-12 19:15 2007-06-12 19:15 2007-06-12 19:14 2007-06-09 17:11 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-06-09 17:11 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-06-09 17:11 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-06-09 17:11 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-06-09 17:11 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2007-06-09 17:11 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-06-09 17:11 2007-06-09 17:11 2007-06-07 20:50 2007-06-07 18:14 2007-06-07 18:14 2007-06-03 19:27 2007-06-03 19:27 2007-06-03 15:32 2007-05-28 15:58 2007-05-27 19:10 2007-05-27 19:10 2007-05-26 12:52 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-05-26 12:52 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-05-26 12:52 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-05-26 12:37 47,226 --a------ C:\WINDOWS\system32\interceptor.sys 2007-05-26 12:37 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL 2007-05-26 12:37 16,512 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS 2007-05-25 22:33 2007-05-25 22:08 2007-05-22 17:52 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll 2007-05-18 21:53 9,600 -ra------ C:\WINDOWS\system32\BUFADPT.SYS 2007-05-18 21:47 2007-05-17 18:16 720,896 --a------ C:\WINDOWS\iun6002.exe (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-17 15:29:58 12 ----a-w C:\WINDOWS\bthservsdp.dat 2007-06-17 11:20:16 -------- d-----w C:\DOCUME~1\Martinez\APPLIC~1\Azureus 2007-06-17 09:55:42 -------- d-----w C:\DOCUME~1\Martinez\APPLIC~1\Skype 2007-06-16 17:49:16 -------- d-----w C:\Program Files\Lexmark 1200 Series 2007-06-16 10:42:09 -------- d-----w C:\DOCUME~1\Martinez\APPLIC~1\foobar2000 2007-06-13 12:25:00 -------- d-----w C:\Program Files\VoipCheapCom 2007-06-12 18:52:01 -------- d-----w C:\Program Files\eMule 2007-06-12 18:14:48 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-06-12 10:14:00 -------- d-----w C:\DOCUME~1\Martinez\APPLIC~1\VoipCheapCom 2007-06-03 14:40:12 -------- d-----w C:\Program Files\Azureus 2007-05-26 11:36:50 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-05-25 21:35:06 3,555 ----a-w C:\WINDOWS\mozver.dat 2007-05-25 17:26:31 -------- d-----w C:\DOCUME~1\Martinez\APPLIC~1\Vso 2007-05-25 17:26:30 87,608 ----a-w C:\DOCUME~1\Martinez\APPLIC~1\ezpinst.exe 2007-05-25 17:26:30 47,360 ----a-w C:\DOCUME~1\Martinez\APPLIC~1\pcouffin.sys 2007-05-20 10:54:04 -------- d-----w C:\DOCUME~1\Martinez\APPLIC~1\Real 2007-05-17 17:25:26 4,212 —h–w C:\WINDOWS\system32\zllictbl.dat 2007-05-16 18:27:22 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-15 17:56:49 -------- d-----w C:\DOCUME~1\Martinez\APPLIC~1\PCToolsFirewallPlus 2007-05-12 19:05:59 -------- d-----w C:\DOCUME~1\Martinez\APPLIC~1\FlashGet 2007-05-09 20:46:57 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 2007-05-08 19:23:10 10,752 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-05-07 16:09:23 -------- d-----w C:\Program Files\IVT Corporation 2007-05-07 16:04:11 -------- d–h--w C:\Program Files\Zero G Registry 2007-05-07 12:42:19 -------- d-----w C:\DOCUME~1\Martinez\APPLIC~1\FastStone 2007-05-07 12:42:15 -------- d-----w C:\Program Files\FastStone Image Viewer 2007-05-06 17:55:30 -------- d-----w C:\Program Files\Picasa2 2007-05-06 15:18:27 -------- d-----w C:\Program Files\Skype 2007-05-06 15:18:26 -------- d-----w C:\Program Files\Common Files\Skype 2007-05-06 13:39:56 -------- d-----w C:\DOCUME~1\Martinez\APPLIC~1\Media Player Classic 2007-05-06 13:38:50 -------- d-----w C:\Program Files\K-Lite Codec Pack 2007-05-06 11:27:20 -------- d-----w C:\Program Files\Google 2007-05-05 13:45:53 -------- d-----w C:\Program Files\Windows Media Connect 2 2007-05-03 13:09:52 -------- d-----w C:\Program Files\MarBit 2007-05-03 13:05:23 -------- d-----w C:\Program Files\JPEGCompress 2007-05-03 13:04:23 -------- d-----w C:\Program Files\foobar2000 2007-05-03 13:01:31 -------- d-----w C:\Program Files\Winamp 2007-05-02 20:00:48 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS 2007-05-02 18:25:27 -------- d-----w C:\Program Files\ABBYY FineReader 5.0 Sprint 2007-05-02 18:25:05 -------- d-----w C:\Program Files\ABBYY FineReader 6.0 2007-05-02 18:11:43 -------- d-----w C:\Program Files\Yahoo! 2007-05-02 07:38:04 -------- d-----w C:\Program Files\Kaspersky Lab 2007-05-02 07:35:02 -------- d-----w C:\Program Files\jv16 PowerTools 2006 2007-05-02 07:26:27 -------- d-----w C:\Program Files\Common Files\Motive 2007-05-02 07:13:19 -------- d-----w C:\Program Files\SubEdit-Player 2007-04-27 15:22:04 55,904 ----a-w C:\WINDOWS\system32\drivers\pctfw.sys 2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll 2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-04-16 21:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll 2007-04-16 21:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll 2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 09:56] {53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 09:04] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 22:22] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “LaunchApp”=“Alaunch” [] “nwiz”=“nwiz.exe” [2006-07-11 23:19 C:\WINDOWS\system32\nwiz.exe] “RTHDCPL”=“RTHDCPL.EXE” [2006-06-01 01:48 C:\WINDOWS\RTHDCPL.exe] “SkyTel”=“SkyTel.EXE” [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe] “Alcmtr”=“ALCMTR.EXE” [2005-05-03 03:43 C:\WINDOWS\Alcmtr.exe] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2007-02-13 19:29] “Lexmark 1200 Series”=“C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe” [2006-03-16 08:25] “BluetoothAuthenticationAgent”=“bthprops.cpl” [2004-08-10 21:00 C:\WINDOWS\system32\bthprops.cpl] “nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2007-05-26 12:52] “00PCTFW”=“C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe” [2007-04-28 08:13] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-07-11 23:19] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-10 21:00] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24] “VoipCheapCom”=“C:\program files\voipcheapcom\voipcheapcom.exe” [2007-05-15 18:44] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “InstallVisualStyle”=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles “InstallTheme”=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoRemoteRecursiveEvents”=1 (0x1) “ClearRecentDocsOnExit”=1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSaveSettings”=0 (0x0) “ClearRecentDocsOnExit”=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipCheapCom] “C:\Program Files\VoipCheapCom\VoipCheapCom.exe” -nosplash -minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs BthServ HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs UxTuneUp Contents of the ‘Scheduled Tasks’ folder 2007-06-15 16:29:38 C:\WINDOWS\tasks\1-Click Maintenance.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-17 16:31:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services{00001000-0000-1000-8000-00805f9b34fb}] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services{00001115-0000-1000-8000-00805f9b34fb}] Completion time: 2007-06-17 16:32:52 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-06-17 16:32 — E O F —
Złączono Posta : 17.06.2007 (Nie) 22:24
Czy ktoś pomoże w sprawdzeniu loga ?
qrczak13
(qrczak13)
17 Czerwiec 2007 21:43
#4