slodka
(Malinka987)
21 Kwiecień 2009 19:20
#1
komputer chodzi strasznie powoli.często się zawiesza,zużycie procesora jest 100% a na dodatek robi screeny stron przeglądanych przeglądarką czy to jakiś wirus???
Logfile of HijackThis v1.99.1
Scan saved at 20:59:23, on 2009-04-21
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\bin\btwdins.exe
C:\Documents and Settings\Admin\Moje dokumenty\Odebrane pliki\progamy\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogle.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66024
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRfox000
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - D:\Program Files\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O15 - Trusted Zone: http://*.mks.com.pl
O15 - Trusted Zone: www.gry.pl
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
[code]
Leon1
(Leon$)
21 Kwiecień 2009 19:40
#2
usuń HijackThisem >> Fix checked
Pobierz Combofix http://www.searchengines.pl/index.php?s … ntry395642 uruchom dwuklikiem
pokaż log
Podczas pobierania i skanu Combofixem proszę wyłączyć wszelkie zapory i antywirusy
Menadżer zadań >> procesy
podaj jaki proces pobiera 100%
slodka
(Malinka987)
21 Kwiecień 2009 20:12
#4
ComboFix 09-04-21.A8 - Admin 2009-04-21 21:59.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.383.58 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: Zapora osobista *enabled*
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dane aplikacji\WinAntiVirus Pro 2006
c:\windows\system32\Process.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-03-21 do 2009-04-21 )))))))))))))))))))))))))))))))
.
2009-04-21 19:56 . 2009-04-21 19:56 231441 ----a-w C:\Apr_21_2009__21_48_29.jpg
2009-04-21 19:55 . 2009-04-21 19:55 178262 ----a-w C:\Apr_21_2009__21_34_20.jpg
2009-04-21 19:54 . 2009-04-21 19:54 277149 ----a-w C:\Apr_21_2009__21_21_50.jpg
2009-04-21 19:53 . 2009-04-21 19:53 207325 ----a-w C:\Apr_21_2009__21_08_12.jpg
2009-04-21 19:52 . 2009-04-21 19:52 520785 ----a-w C:\Apr_21_2009__20_59_31.jpg
2009-04-21 19:51 . 2009-04-21 19:51 439734 ----a-w C:\Apr_21_2009__20_53_11.jpg
2009-04-19 18:57 . 2009-04-19 18:57 3072 --sha-w c:\windows\system32\Thumbs.db
2009-04-19 18:55 . 2009-04-19 18:55 354560 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-19 18:55 . 2008-04-04 12:51 28416 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-18 07:12 . 2009-04-21 19:57 -------- d-sh--w c:\windows\system32\Sys32
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 19:56 . 2009-04-21 19:56 231357 ----a-w C:\Apr_21_2009__21_48_34.jpg
2009-04-21 19:55 . 2009-04-21 19:55 178194 ----a-w C:\Apr_21_2009__21_34_25.jpg
2009-04-21 19:54 . 2009-04-21 19:54 267256 ----a-w C:\Apr_21_2009__21_21_44.jpg
2009-04-21 19:53 . 2009-04-21 19:53 204310 ----a-w C:\Apr_21_2009__21_08_07.jpg
2009-04-21 19:52 . 2009-04-21 19:52 475746 ----a-w C:\Apr_21_2009__20_59_26.jpg
2009-04-21 19:51 . 2009-04-21 19:51 439734 ----a-w C:\Apr_21_2009__20_53_06.jpg
2009-04-21 18:10 . 2008-12-12 06:19 -------- d-----w c:\documents and settings\Admin\Dane aplikacji\Skype
2009-04-19 18:55 . 2008-06-25 14:48 -------- d-----w c:\program files\TuneUp Utilities 2008
2009-04-19 17:14 . 2007-09-25 10:35 -------- d-----w c:\program files\SpywareBlaster
2009-03-31 14:00 . 2001-10-26 15:15 598058 ----a-w c:\windows\system32\perfh015.dat
2009-03-31 14:00 . 2001-10-26 15:15 123660 ----a-w c:\windows\system32\perfc015.dat
2009-03-22 16:37 . 2007-02-23 19:15 -------- d-----w c:\program files\mIRC
2009-02-26 18:56 . 2005-06-10 13:55 -------- d-----w c:\program files\OpenOffice.org1.1.4
2009-02-25 21:10 . 2005-06-10 13:35 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-25 21:08 . 2005-06-18 15:54 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\BVRP Software
2008-09-24 18:03 . 2007-03-17 19:03 47360 -c--a-w c:\documents and settings\Admin\Dane aplikacji\pcouffin.sys
2008-06-26 14:31 . 2008-06-26 14:31 1269760 ----a-w c:\documents and settings\NetworkService\NTUSER.DAT.tmp
2008-06-26 14:31 . 2008-06-26 14:28 1273856 ----a-w c:\documents and settings\LocalService\NTUSER.DAT.tmp
2008-06-21 08:13 . 2006-01-20 16:25 30520 -c--a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-06-20 19:22 . 2005-06-18 13:48 30520 -c--a-w c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-02-16 20:05 . 2007-03-17 19:03 87608 -c--a-w c:\documents and settings\Admin\Dane aplikacji\ezpinst.exe
2007-06-02 14:51 . 2007-06-02 14:51 70728 -c--a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\xpinstal.dll
2008-06-26 14:15 . 2008-06-26 14:15 23 --sha-w c:\windows\system32\afecd_d.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]
"TAOL Agent"="c:\windows\system32\Sys32\TAOL.exe" [2009-04-18 486912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Gadu-Gadu\\GG.EXE"=
"e:\\eMule\\eMule\\emule.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Gry\\Metin2.us\\Metin2.us\\metin2.bin"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Gry\\Metin2.pl\\metin2.bin"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-26 3584]
R3 jswmidin;jswmidin; [x]
R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\DRIVERS\hmumdm.sys [2007-03-27 88960]
R3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\YH-820.sys [2004-09-09 7552]
R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]
R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
R3 SER120;OTI Serial port driver;c:\windows\system32\DRIVERS\SER120.sys [2005-03-22 32910]
R4 getPlus(R) Helper;getPlus(R) Helper; [x]
S1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-08 603904]
S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\Drivers\aexpamdrv.sys [2004-09-01 21824]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2003-04-08 820133]
--- Inne Usługi/Sterowniki w Pamięci ---
*NewlyCreated* - TUNEUP.DEFRAG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2436293b-ed4a-11dd-95f2-00e04cff5839}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Zawartość folderu 'Zaplanowane zadania'
2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.gogle.pl/
uDefault_Search_URL = hxxp://ie.search.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Google Search
IE: Backward &Links
IE: Cac&hed Snapshot of Page
IE: Si&milar Pages
IE: Translate into English
Trusted Zone: com.pl\*.mks
Trusted Zone: gry.pl\www
Trusted Zone: mojegry.pl\www
Trusted Zone: www.jn.pl
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\uduy3fhp.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 22:02
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-04-21 22:05
ComboFix-quarantined-files.txt 2009-04-21 20:04
Przed: 992 903 168 bajtów wolnych
Po: 988 987 392 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
166
[code]
– Dodane 21.04.2009 (Wt) 22:13 –
najwięcej użycie pamięci pobiera firefox
– Dodane 21.04.2009 (Wt) 22:25 –
http://wstaw.org/p/795c/
– Dodane 21.04.2009 (Wt) 22:28 –
i takich obrazków jest mnóstwo po ponad 1000 pare razy dziennie
Leon1
(Leon$)
21 Kwiecień 2009 20:37
#5
Otwórz notatnik i wklej
zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
Powinno rozpocząć się usuwanie
Potem log z usuwania Combofix
CPU - dużo pobiera Combofix
natomiast dużo pamięci zajmuje FF - to normalne
nic nie widę
slodka
(Malinka987)
21 Kwiecień 2009 21:13
#6
ComboFix 09-04-21.A8 - Admin 2009-04-21 23:02.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.383.50 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: Zapora osobista *enabled*
* Utworzono nowy punkt przywracania
FILE ::
c:\windows\system32\afecd_d.dll
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\afecd_d.dll
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_JSWMIDIN
-------\Service_jswmidin
((((((((((((((((((((((((( Pliki utworzone od 2009-03-21 do 2009-04-21 )))))))))))))))))))))))))))))))
.
2009-04-19 18:57 . 2009-04-19 18:57 3072 --sha-w c:\windows\system32\Thumbs.db
2009-04-19 18:55 . 2009-04-19 18:55 354560 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-19 18:55 . 2008-04-04 12:51 28416 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-18 07:12 . 2009-04-21 21:06 -------- d-sh--w c:\windows\system32\Sys32
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 18:10 . 2008-12-12 06:19 -------- d-----w c:\documents and settings\Admin\Dane aplikacji\Skype
2009-04-19 18:55 . 2008-06-25 14:48 -------- d-----w c:\program files\TuneUp Utilities 2008
2009-04-19 17:14 . 2007-09-25 10:35 -------- d-----w c:\program files\SpywareBlaster
2009-03-31 14:00 . 2001-10-26 15:15 598058 ----a-w c:\windows\system32\perfh015.dat
2009-03-31 14:00 . 2001-10-26 15:15 123660 ----a-w c:\windows\system32\perfc015.dat
2009-03-22 16:37 . 2007-02-23 19:15 -------- d-----w c:\program files\mIRC
2009-02-26 18:56 . 2005-06-10 13:55 -------- d-----w c:\program files\OpenOffice.org1.1.4
2009-02-25 21:10 . 2005-06-10 13:35 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-25 21:08 . 2005-06-18 15:54 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\BVRP Software
2008-09-24 18:03 . 2007-03-17 19:03 47360 -c--a-w c:\documents and settings\Admin\Dane aplikacji\pcouffin.sys
2008-06-26 14:31 . 2008-06-26 14:31 1269760 ----a-w c:\documents and settings\NetworkService\NTUSER.DAT.tmp
2008-06-26 14:31 . 2008-06-26 14:28 1273856 ----a-w c:\documents and settings\LocalService\NTUSER.DAT.tmp
2008-06-21 08:13 . 2006-01-20 16:25 30520 -c--a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-06-20 19:22 . 2005-06-18 13:48 30520 -c--a-w c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-02-16 20:05 . 2007-03-17 19:03 87608 -c--a-w c:\documents and settings\Admin\Dane aplikacji\ezpinst.exe
2007-06-02 14:51 . 2007-06-02 14:51 70728 -c--a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]
"TAOL Agent"="c:\windows\system32\Sys32\TAOL.exe" [2009-04-18 486912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Gadu-Gadu\\GG.EXE"=
"e:\\eMule\\eMule\\emule.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Gry\\Metin2.us\\Metin2.us\\metin2.bin"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Gry\\Metin2.pl\\metin2.bin"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-26 3584]
R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\DRIVERS\hmumdm.sys [2007-03-27 88960]
R3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\YH-820.sys [2004-09-09 7552]
R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]
R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
R3 SER120;OTI Serial port driver;c:\windows\system32\DRIVERS\SER120.sys [2005-03-22 32910]
R4 getPlus(R) Helper;getPlus(R) Helper; [x]
S1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-08 603904]
S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\Drivers\aexpamdrv.sys [2004-09-01 21824]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2003-04-08 820133]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2436293b-ed4a-11dd-95f2-00e04cff5839}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Zawartość folderu 'Zaplanowane zadania'
2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.gogle.pl/
uDefault_Search_URL = hxxp://ie.search.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Google Search
IE: Backward &Links
IE: Cac&hed Snapshot of Page
IE: Si&milar Pages
IE: Translate into English
Trusted Zone: com.pl\*.mks
Trusted Zone: gry.pl\www
Trusted Zone: mojegry.pl\www
Trusted Zone: www.jn.pl
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\uduy3fhp.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 23:08
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1656)
c:\windows\system32\Sys32\TAOL.007
c:\windows\system32\Sys32\TAOL.006
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\program files\bin\btwdins.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-04-21 23:12 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-04-21 21:12
Przed: 987 189 248 bajtów wolnych
Po: 942 284 800 bajtów wolnych
161
[code]
ComboFix 09-04-21.A8 - Admin 2009-04-21 23:02.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.383.50 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: Zapora osobista *enabled*
* Utworzono nowy punkt przywracania
FILE ::
c:\windows\system32\afecd_d.dll
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\afecd_d.dll
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_JSWMIDIN
-------\Service_jswmidin
((((((((((((((((((((((((( Pliki utworzone od 2009-03-21 do 2009-04-21 )))))))))))))))))))))))))))))))
.
2009-04-19 18:57 . 2009-04-19 18:57 3072 --sha-w c:\windows\system32\Thumbs.db
2009-04-19 18:55 . 2009-04-19 18:55 354560 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-19 18:55 . 2008-04-04 12:51 28416 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-18 07:12 . 2009-04-21 21:06 -------- d-sh--w c:\windows\system32\Sys32
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 18:10 . 2008-12-12 06:19 -------- d-----w c:\documents and settings\Admin\Dane aplikacji\Skype
2009-04-19 18:55 . 2008-06-25 14:48 -------- d-----w c:\program files\TuneUp Utilities 2008
2009-04-19 17:14 . 2007-09-25 10:35 -------- d-----w c:\program files\SpywareBlaster
2009-03-31 14:00 . 2001-10-26 15:15 598058 ----a-w c:\windows\system32\perfh015.dat
2009-03-31 14:00 . 2001-10-26 15:15 123660 ----a-w c:\windows\system32\perfc015.dat
2009-03-22 16:37 . 2007-02-23 19:15 -------- d-----w c:\program files\mIRC
2009-02-26 18:56 . 2005-06-10 13:55 -------- d-----w c:\program files\OpenOffice.org1.1.4
2009-02-25 21:10 . 2005-06-10 13:35 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-25 21:08 . 2005-06-18 15:54 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\BVRP Software
2008-09-24 18:03 . 2007-03-17 19:03 47360 -c--a-w c:\documents and settings\Admin\Dane aplikacji\pcouffin.sys
2008-06-26 14:31 . 2008-06-26 14:31 1269760 ----a-w c:\documents and settings\NetworkService\NTUSER.DAT.tmp
2008-06-26 14:31 . 2008-06-26 14:28 1273856 ----a-w c:\documents and settings\LocalService\NTUSER.DAT.tmp
2008-06-21 08:13 . 2006-01-20 16:25 30520 -c--a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-06-20 19:22 . 2005-06-18 13:48 30520 -c--a-w c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-02-16 20:05 . 2007-03-17 19:03 87608 -c--a-w c:\documents and settings\Admin\Dane aplikacji\ezpinst.exe
2007-06-02 14:51 . 2007-06-02 14:51 70728 -c--a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]
"TAOL Agent"="c:\windows\system32\Sys32\TAOL.exe" [2009-04-18 486912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Gadu-Gadu\\GG.EXE"=
"e:\\eMule\\eMule\\emule.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Gry\\Metin2.us\\Metin2.us\\metin2.bin"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Gry\\Metin2.pl\\metin2.bin"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-26 3584]
R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\DRIVERS\hmumdm.sys [2007-03-27 88960]
R3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\YH-820.sys [2004-09-09 7552]
R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]
R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
R3 SER120;OTI Serial port driver;c:\windows\system32\DRIVERS\SER120.sys [2005-03-22 32910]
R4 getPlus(R) Helper;getPlus(R) Helper; [x]
S1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-08 603904]
S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\Drivers\aexpamdrv.sys [2004-09-01 21824]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2003-04-08 820133]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2436293b-ed4a-11dd-95f2-00e04cff5839}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Zawartość folderu 'Zaplanowane zadania'
2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.gogle.pl/
uDefault_Search_URL = hxxp://ie.search.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Google Search
IE: Backward &Links
IE: Cac&hed Snapshot of Page
IE: Si&milar Pages
IE: Translate into English
Trusted Zone: com.pl\*.mks
Trusted Zone: gry.pl\www
Trusted Zone: mojegry.pl\www
Trusted Zone: www.jn.pl
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\uduy3fhp.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 23:08
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1656)
c:\windows\system32\Sys32\TAOL.007
c:\windows\system32\Sys32\TAOL.006
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
d:\program files\bin\btwdins.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-04-21 23:12 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-04-21 21:12
Przed: 987 189 248 bajtów wolnych
Po: 942 284 800 bajtów wolnych
161
– Dodane 21.04.2009 (Wt) 23:25 – to spowolnione działanie komputera(przechodzenie z jednej zakładki na drugą to trzeba czasem czekać około 1 minuty) i robienie mnóstwo screenów to chyba nie jest normalne działanie komputera? I wogóle pisanie na tym komputerze graniczy z cudem i gdzie go boli??? – Dodane 22.04.2009 (Śr) 9:52 – nic to nie pomogło dalej wariuje wiesza sie robi screeny tyle ze dziś zrobił sobie z wczorajszego dnia:))))) – Dodane 22.04.2009 (Śr) 9:54 – pomocy plis – Dodane 22.04.2009 (Śr) 11:10 – -- Dodane 22.04.2009 (Śr) 13:16 – pomoze mi ktos z tym logiem???
Leon1
(Leon$)
22 Kwiecień 2009 13:33
#7
Otwórz notatnik i wklej
zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
Powinno rozpocząć się usuwanie
Potem log z usuwania Combofix
slodka
(Malinka987)
22 Kwiecień 2009 13:57
#8
ComboFix 09-04-22.A23 - Admin 2009-04-22 15:48.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.383.48 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: Zapora osobista *enabled*
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Sys32
c:\windows\system32\Sys32\AKV.exe
c:\windows\system32\Sys32\Apr_18_2009__09_13_10.jpg
c:\windows\system32\Sys32\TAOL.001
c:\windows\system32\Sys32\TAOL.002
c:\windows\system32\Sys32\TAOL.006
c:\windows\system32\Sys32\TAOL.007
c:\windows\system32\Sys32\TAOL.009
c:\windows\system32\Sys32\TAOL.009.tmp
c:\windows\system32\Sys32\TAOL.exe
c:\windows\system32\Sys32\VAKK.001
c:\windows\system32\Sys32\VAKK.002
c:\windows\system32\Sys32\VAKK.006
c:\windows\system32\Sys32\VAKK.007
c:\windows\system32\Sys32\VAKK.009
c:\windows\system32\Sys32\VAKK.009.tmp
c:\windows\system32\Sys32\VAKK.exe
.
((((((((((((((((((((((((( Pliki utworzone od 2009-03-22 do 2009-04-22 )))))))))))))))))))))))))))))))
.
2009-04-22 12:58 . 2009-04-22 12:58 228600 ----a-w C:\Apr_22_2009__14_42_37.jpg
2009-04-22 12:57 . 2009-04-22 12:57 230687 ----a-w C:\Apr_22_2009__14_28_56.jpg
2009-04-22 12:56 . 2009-04-22 12:56 177736 ----a-w C:\Apr_22_2009__14_19_42.jpg
2009-04-22 12:55 . 2009-04-22 12:55 272555 ----a-w C:\Apr_22_2009__14_12_02.jpg
2009-04-22 12:54 . 2009-04-22 12:54 230069 ----a-w C:\Apr_22_2009__13_59_27.jpg
2009-04-22 12:53 . 2009-04-22 12:53 307242 ----a-w C:\Apr_22_2009__13_53_21.jpg
2009-04-22 12:53 . 2009-04-22 12:53 305509 ----a-w C:\Apr_22_2009__13_53_16.jpg
2009-04-22 12:53 . 2009-04-22 12:53 304578 ----a-w C:\Apr_22_2009__13_53_10.jpg
2009-04-22 12:51 . 2009-04-22 12:51 238829 ----a-w C:\Apr_22_2009__13_43_26.jpg
2009-04-22 12:50 . 2009-04-22 12:50 303382 ----a-w C:\Apr_22_2009__13_36_39.jpg
2009-04-22 12:49 . 2009-04-22 12:49 244929 ----a-w C:\Apr_22_2009__13_24_14.jpg
2009-04-22 12:48 . 2009-04-22 12:48 145497 ----a-w C:\Apr_22_2009__13_11_18.jpg
2009-04-22 12:47 . 2009-04-22 12:47 15394 ----a-w C:\Keys_Apr_22_2009__14_47.html
2009-04-22 11:00 . 2009-04-22 11:00 310651 ----a-w C:\Apr_22_2009__12_30_24.jpg
2009-04-22 10:59 . 2009-04-22 10:59 414615 ----a-w C:\Apr_22_2009__12_13_07.jpg
2009-04-22 10:58 . 2009-04-22 10:58 185954 ----a-w C:\Apr_22_2009__11_59_28.jpg
2009-04-22 10:57 . 2009-04-22 10:57 248258 ----a-w C:\Apr_22_2009__11_46_34.jpg
2009-04-22 10:56 . 2009-04-22 10:56 183462 ----a-w C:\Apr_22_2009__11_37_47.jpg
2009-04-22 09:35 . 2009-04-22 09:35 183477 ----a-w C:\Apr_22_2009__11_33_20.jpg
2009-04-22 09:34 . 2009-04-22 09:34 201306 ----a-w C:\Apr_22_2009__11_09_04.jpg
2009-04-22 09:33 . 2009-04-22 09:33 201247 ----a-w C:\Apr_22_2009__10_51_05.jpg
2009-04-22 08:41 . 2009-04-22 08:41 219159 ----a-w C:\Apr_22_2009__10_36_22.jpg
2009-04-22 08:41 . 2009-04-22 08:41 267907 ----a-w C:\Apr_22_2009__10_30_55.jpg
2009-04-22 08:41 . 2009-04-22 08:41 237618 ----a-w C:\Apr_22_2009__10_30_50.jpg
2009-04-22 08:41 . 2009-04-22 08:41 191128 ----a-w C:\Apr_22_2009__10_30_44.jpg
2009-04-22 08:41 . 2009-04-22 08:41 183601 ----a-w C:\Apr_22_2009__10_30_37.jpg
2009-04-22 08:41 . 2009-04-22 08:41 155412 ----a-w C:\Apr_22_2009__10_30_32.jpg
2009-04-22 08:41 . 2009-04-22 08:41 314127 ----a-w C:\Apr_22_2009__10_30_21.jpg
2009-04-22 08:41 . 2009-04-22 08:41 283568 ----a-w C:\Apr_22_2009__10_30_26.jpg
2009-04-22 08:41 . 2009-04-22 08:41 265895 ----a-w C:\Apr_22_2009__10_30_15.jpg
2009-04-22 08:41 . 2009-04-22 08:41 318333 ----a-w C:\Apr_22_2009__10_30_09.jpg
2009-04-22 08:39 . 2009-04-22 08:39 315991 ----a-w C:\Apr_22_2009__10_19_23.jpg
2009-04-22 08:38 . 2009-04-22 08:38 278858 ----a-w C:\Apr_22_2009__10_08_39.jpg
2009-04-22 08:37 . 2009-04-22 08:37 249483 ----a-w C:\Apr_22_2009__09_55_39.jpg
2009-04-22 08:36 . 2009-04-22 08:36 214263 ----a-w C:\Apr_22_2009__09_39_11.jpg
2009-04-22 07:48 . 2009-04-22 07:48 -------- d-----w c:\documents and settings\Admin\Dane aplikacji\Malwarebytes
2009-04-22 07:47 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-22 07:47 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-22 07:47 . 2009-04-22 07:47 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-04-22 07:29 . 2009-04-22 07:29 193517 ----a-w C:\Apr_22_2009__09_17_26.jpg
2009-04-22 07:28 . 2009-04-22 07:28 212525 ----a-w C:\Apr_22_2009__09_07_32.jpg
2009-04-22 07:27 . 2009-04-22 07:27 235260 ----a-w C:\Apr_21_2009__23_20_49.jpg
2009-04-22 07:26 . 2009-04-22 07:26 263563 ----a-w C:\Apr_21_2009__22_50_53.jpg
2009-04-22 07:25 . 2009-04-22 07:25 257464 ----a-w C:\Apr_21_2009__22_37_02.jpg
2009-04-22 07:24 . 2009-04-22 07:24 171283 ----a-w C:\Apr_21_2009__22_24_52.jpg
2009-04-22 07:23 . 2009-04-22 07:23 205721 ----a-w C:\Apr_21_2009__22_12_01.jpg
2009-04-19 18:57 . 2009-04-19 18:57 3072 --sha-w c:\windows\system32\Thumbs.db
2009-04-19 18:55 . 2009-04-19 18:55 354560 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-19 18:55 . 2008-04-04 12:51 28416 ----a-w c:\windows\system32\uxtuneup.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 12:58 . 2009-04-22 12:58 228589 ----a-w C:\Apr_22_2009__14_42_32.jpg
2009-04-22 12:57 . 2009-04-22 12:57 230687 ----a-w C:\Apr_22_2009__14_28_51.jpg
2009-04-22 12:56 . 2009-04-22 12:56 177716 ----a-w C:\Apr_22_2009__14_19_36.jpg
2009-04-22 12:55 . 2009-04-22 12:55 299470 ----a-w C:\Apr_22_2009__14_11_55.jpg
2009-04-22 12:54 . 2009-04-22 12:54 228152 ----a-w C:\Apr_22_2009__13_59_21.jpg
2009-04-22 12:52 . 2009-04-22 12:52 304623 ----a-w C:\Apr_22_2009__13_53_05.jpg
2009-04-22 12:51 . 2009-04-22 12:51 238644 ----a-w C:\Apr_22_2009__13_43_34.jpg
2009-04-22 12:50 . 2009-04-22 12:50 332499 ----a-w C:\Apr_22_2009__13_36_33.jpg
2009-04-22 12:49 . 2009-04-22 12:49 244649 ----a-w C:\Apr_22_2009__13_24_19.jpg
2009-04-22 12:48 . 2009-04-22 12:48 145354 ----a-w C:\Apr_22_2009__13_11_23.jpg
2009-04-22 11:01 . 2009-04-22 11:01 105595 ----a-w C:\Apr_22_2009__12_56_46.jpg
2009-04-22 11:00 . 2009-04-22 11:00 307577 ----a-w C:\Apr_22_2009__12_30_17.jpg
2009-04-22 10:59 . 2009-04-22 10:59 370732 ----a-w C:\Apr_22_2009__12_13_01.jpg
2009-04-22 10:58 . 2009-04-22 10:58 138180 ----a-w C:\Apr_22_2009__11_59_33.jpg
2009-04-22 10:57 . 2009-04-22 10:57 232572 ----a-w C:\Apr_22_2009__11_46_40.jpg
2009-04-22 10:56 . 2009-04-22 10:56 183462 ----a-w C:\Apr_22_2009__11_37_42.jpg
2009-04-22 09:35 . 2009-04-22 09:35 183477 ----a-w C:\Apr_22_2009__11_33_15.jpg
2009-04-22 09:34 . 2009-04-22 09:34 199393 ----a-w C:\Apr_22_2009__11_08_59.jpg
2009-04-22 09:33 . 2009-04-22 09:33 198468 ----a-w C:\Apr_22_2009__10_51_00.jpg
2009-04-22 08:40 . 2009-04-22 08:40 319398 ----a-w C:\Apr_22_2009__10_30_03.jpg
2009-04-22 08:39 . 2009-04-22 08:39 315991 ----a-w C:\Apr_22_2009__10_19_17.jpg
2009-04-22 08:38 . 2009-04-22 08:38 278858 ----a-w C:\Apr_22_2009__10_08_34.jpg
2009-04-22 08:37 . 2009-04-22 08:37 249483 ----a-w C:\Apr_22_2009__09_55_33.jpg
2009-04-22 08:36 . 2009-04-22 08:36 173427 ----a-w C:\Apr_22_2009__09_39_16.jpg
2009-04-22 07:30 . 2009-04-22 07:30 208048 ----a-w C:\Apr_22_2009__09_23_01.jpg
2009-04-22 07:29 . 2009-04-22 07:29 193516 ----a-w C:\Apr_22_2009__09_17_32.jpg
2009-04-22 07:28 . 2009-04-22 07:28 213511 ----a-w C:\Apr_22_2009__09_07_27.jpg
2009-04-22 07:27 . 2009-04-22 07:27 232466 ----a-w C:\Apr_21_2009__23_20_43.jpg
2009-04-22 07:26 . 2009-04-22 07:26 257955 ----a-w C:\Apr_21_2009__22_50_59.jpg
2009-04-22 07:25 . 2009-04-22 07:25 247397 ----a-w C:\Apr_21_2009__22_36_56.jpg
2009-04-22 07:24 . 2009-04-22 07:24 216367 ----a-w C:\Apr_21_2009__22_24_47.jpg
2009-04-22 07:23 . 2009-04-22 07:23 211589 ----a-w C:\Apr_21_2009__22_11_54.jpg
2009-04-21 18:10 . 2008-12-12 06:19 -------- d-----w c:\documents and settings\Admin\Dane aplikacji\Skype
2009-04-19 18:55 . 2008-06-25 14:48 -------- d-----w c:\program files\TuneUp Utilities 2008
2009-04-19 17:14 . 2007-09-25 10:35 -------- d-----w c:\program files\SpywareBlaster
2009-03-31 14:00 . 2001-10-26 15:15 598058 ----a-w c:\windows\system32\perfh015.dat
2009-03-31 14:00 . 2001-10-26 15:15 123660 ----a-w c:\windows\system32\perfc015.dat
2009-03-22 16:37 . 2007-02-23 19:15 -------- d-----w c:\program files\mIRC
2009-02-26 18:56 . 2005-06-10 13:55 -------- d-----w c:\program files\OpenOffice.org1.1.4
2009-02-25 21:10 . 2005-06-10 13:35 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-25 21:08 . 2005-06-18 15:54 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\BVRP Software
2008-09-24 18:03 . 2007-03-17 19:03 47360 -c--a-w c:\documents and settings\Admin\Dane aplikacji\pcouffin.sys
2008-06-26 14:31 . 2008-06-26 14:31 1269760 ----a-w c:\documents and settings\NetworkService\NTUSER.DAT.tmp
2008-06-26 14:31 . 2008-06-26 14:28 1273856 ----a-w c:\documents and settings\LocalService\NTUSER.DAT.tmp
2008-06-21 08:13 . 2006-01-20 16:25 30520 -c--a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-06-20 19:22 . 2005-06-18 13:48 30520 -c--a-w c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-02-16 20:05 . 2007-03-17 19:03 87608 -c--a-w c:\documents and settings\Admin\Dane aplikacji\ezpinst.exe
2007-06-02 14:51 . 2007-06-02 14:51 70728 -c--a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Gadu-Gadu\\GG.EXE"=
"e:\\eMule\\eMule\\emule.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Gry\\Metin2.us\\Metin2.us\\metin2.bin"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Gry\\Metin2.pl\\metin2.bin"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-26 3584]
R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\DRIVERS\hmumdm.sys [2007-03-27 88960]
R3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\YH-820.sys [2004-09-09 7552]
R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]
R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
R3 SER120;OTI Serial port driver;c:\windows\system32\DRIVERS\SER120.sys [2005-03-22 32910]
R4 getPlus(R) Helper;getPlus(R) Helper; [x]
S1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-08 603904]
S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\Drivers\aexpamdrv.sys [2004-09-01 21824]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2003-04-08 820133]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2436293b-ed4a-11dd-95f2-00e04cff5839}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Zawartość folderu 'Zaplanowane zadania'
2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.gogle.pl/
uDefault_Search_URL = hxxp://ie.search.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Google Search
IE: Backward &Links
IE: Cac&hed Snapshot of Page
IE: Si&milar Pages
IE: Translate into English
Trusted Zone: com.pl\*.mks
Trusted Zone: gry.pl\www
Trusted Zone: mojegry.pl\www
Trusted Zone: www.jn.pl
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\uduy3fhp.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 15:52
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-04-22 15:55
ComboFix-quarantined-files.txt 2009-04-22 13:54
ComboFix2.txt 2009-04-21 21:12
Przed: 240 816 128 bajtów wolnych
Po: 228 130 816 bajtów wolnych
232
[code]
Leon1
(Leon$)
22 Kwiecień 2009 14:22
#9
Otwórz notatnik i wklej
zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
Powinno rozpocząć się usuwanie
Potem log z usuwania Combofix
Pobierz HijackThis viewtopic.php?f=16&t=36654 przeskanuj system daj log
slodka
(Malinka987)
22 Kwiecień 2009 14:37
#10
ComboFix 09-04-22.A23 - Admin 2009-04-22 16:30.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.383.73 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: Zapora osobista *enabled*
* Utworzono nowy punkt przywracania
FILE ::
C:\Apr_21_2009__22_11_54.jp
C:\Apr_21_2009__22_12_01.jpg
C:\Apr_21_2009__22_24_47.jpg
C:\Apr_21_2009__22_24_52.jpg
C:\Apr_21_2009__22_36_56.jpg
C:\Apr_21_2009__22_37_02.jpg
C:\Apr_21_2009__22_50_53.jpg
C:\Apr_21_2009__22_50_59.jpg
C:\Apr_21_2009__23_20_43.jpg
C:\Apr_21_2009__23_20_49.jpg
C:\Apr_22_2009__09_07_27.jpg
C:\Apr_22_2009__09_07_32.jpg
C:\Apr_22_2009__09_17_26.jpg
C:\Apr_22_2009__09_17_32.jpg
C:\Apr_22_2009__09_23_01.jpg
C:\Apr_22_2009__09_39_11.jpg
C:\Apr_22_2009__09_39_16.jpg
C:\Apr_22_2009__09_55_33.jpg
C:\Apr_22_2009__09_55_39.jpg
C:\Apr_22_2009__10_08_34.jpg
C:\Apr_22_2009__10_08_39.jpg
C:\Apr_22_2009__10_19_17.jpg
C:\Apr_22_2009__10_19_23.jpg
C:\Apr_22_2009__10_30_03.jpg
C:\Apr_22_2009__10_30_09.jpg
C:\Apr_22_2009__10_30_15.jpg
C:\Apr_22_2009__10_30_21.jpg
C:\Apr_22_2009__10_30_26.jpg
C:\Apr_22_2009__10_30_32.jpg
C:\Apr_22_2009__10_30_37.jpg
C:\Apr_22_2009__10_30_44.jpg
C:\Apr_22_2009__10_30_50.jpg
C:\Apr_22_2009__10_30_55.jpg
C:\Apr_22_2009__10_36_22.jpg
C:\Apr_22_2009__10_51_00.jpg
C:\Apr_22_2009__10_51_05.jpg
C:\Apr_22_2009__11_08_59.jpg
C:\Apr_22_2009__11_09_04.jpg
C:\Apr_22_2009__11_33_15.jpg
C:\Apr_22_2009__11_33_20.jpg
C:\Apr_22_2009__11_37_42.jpg
C:\Apr_22_2009__11_37_47.jpg
C:\Apr_22_2009__11_46_34.jpg
C:\Apr_22_2009__11_46_40.jpg
C:\Apr_22_2009__11_59_28.jpg
C:\Apr_22_2009__11_59_33.jpg
C:\Apr_22_2009__12_13_01.jpg
C:\Apr_22_2009__12_13_07.jpg
C:\Apr_22_2009__12_30_17.jpg
C:\Apr_22_2009__12_30_24.jpg
C:\Apr_22_2009__12_56_46.jpg
C:\Apr_22_2009__13_11_18.jpg
C:\Apr_22_2009__13_11_23.jpg
C:\Apr_22_2009__13_24_14.jpg
C:\Apr_22_2009__13_24_19.jpg
C:\Apr_22_2009__13_36_33.jpg
C:\Apr_22_2009__13_36_39.jpg
C:\Apr_22_2009__13_43_26.jpg
C:\Apr_22_2009__13_43_34.jpg
C:\Apr_22_2009__13_53_05.jpg
C:\Apr_22_2009__13_53_10.jpg
C:\Apr_22_2009__13_53_16.jpg
C:\Apr_22_2009__13_53_21.jpg
C:\Apr_22_2009__13_59_21.jpg
C:\Apr_22_2009__13_59_27.jpg
C:\Apr_22_2009__14_11_55.jpg
C:\Apr_22_2009__14_12_02.jpg
C:\Apr_22_2009__14_19_36.jpg
C:\Apr_22_2009__14_19_42.jpg
C:\Apr_22_2009__14_28_51.jpg
C:\Apr_22_2009__14_28_56.jpg
C:\Apr_22_2009__14_42_32.jpg
C:\Apr_22_2009__14_42_37.jpg
C:\Keys_Apr_22_2009__14_47.html
.
((((((((((((((((((((((((( Pliki utworzone od 2009-03-22 do 2009-04-22 )))))))))))))))))))))))))))))))
.
2009-04-22 07:48 . 2009-04-22 07:48 -------- d-----w c:\documents and settings\Admin\Dane aplikacji\Malwarebytes
2009-04-22 07:47 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-22 07:47 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-22 07:47 . 2009-04-22 07:47 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2009-04-19 18:57 . 2009-04-19 18:57 3072 --sha-w c:\windows\system32\Thumbs.db
2009-04-19 18:55 . 2009-04-19 18:55 354560 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-19 18:55 . 2008-04-04 12:51 28416 ----a-w c:\windows\system32\uxtuneup.dll
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-21 18:10 . 2008-12-12 06:19 -------- d-----w c:\documents and settings\Admin\Dane aplikacji\Skype
2009-04-19 18:55 . 2008-06-25 14:48 -------- d-----w c:\program files\TuneUp Utilities 2008
2009-04-19 17:14 . 2007-09-25 10:35 -------- d-----w c:\program files\SpywareBlaster
2009-03-31 14:00 . 2001-10-26 15:15 598058 ----a-w c:\windows\system32\perfh015.dat
2009-03-31 14:00 . 2001-10-26 15:15 123660 ----a-w c:\windows\system32\perfc015.dat
2009-03-22 16:37 . 2007-02-23 19:15 -------- d-----w c:\program files\mIRC
2009-02-26 18:56 . 2005-06-10 13:55 -------- d-----w c:\program files\OpenOffice.org1.1.4
2009-02-25 21:10 . 2005-06-10 13:35 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-25 21:08 . 2005-06-18 15:54 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\BVRP Software
2008-09-24 18:03 . 2007-03-17 19:03 47360 -c--a-w c:\documents and settings\Admin\Dane aplikacji\pcouffin.sys
2008-06-26 14:31 . 2008-06-26 14:31 1269760 ----a-w c:\documents and settings\NetworkService\NTUSER.DAT.tmp
2008-06-26 14:31 . 2008-06-26 14:28 1273856 ----a-w c:\documents and settings\LocalService\NTUSER.DAT.tmp
2008-06-21 08:13 . 2006-01-20 16:25 30520 -c--a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-06-20 19:22 . 2005-06-18 13:48 30520 -c--a-w c:\documents and settings\Admin\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2008-02-16 20:05 . 2007-03-17 19:03 87608 -c--a-w c:\documents and settings\Admin\Dane aplikacji\ezpinst.exe
2007-06-02 14:51 . 2007-06-02 14:51 70728 -c--a-w c:\documents and settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 18:2007-06-11 14:12 39:32 . c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Gadu-Gadu\\GG.EXE"=
"e:\\eMule\\eMule\\emule.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Gry\\Metin2.us\\Metin2.us\\metin2.bin"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Gry\\Metin2.pl\\metin2.bin"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-10-26 3584]
R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 MobileAdapter;Huawei Mobile Adapter USB Modem and USB Serial;c:\windows\system32\DRIVERS\hmumdm.sys [2007-03-27 88960]
R3 PortlUSB;PortlUSB;c:\windows\system32\DRIVERS\YH-820.sys [2004-09-09 7552]
R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]
R3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
R3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
R3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
R3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
R3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
R3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
R3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
R3 SER120;OTI Serial port driver;c:\windows\system32\DRIVERS\SER120.sys [2005-03-22 32910]
R4 getPlus(R) Helper;getPlus(R) Helper; [x]
S1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2005-12-30 3072]
S1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\DRIVERS\msikbd2k.sys [2001-12-20 6656]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 28672]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2008-12-08 603904]
S3 AEXPAM;Philips SmartManage Service;c:\windows\system32\Drivers\aexpamdrv.sys [2004-09-01 21824]
S3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [2003-04-08 820133]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2436293b-ed4a-11dd-95f2-00e04cff5839}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
Zawartość folderu 'Zaplanowane zadania'
2009-04-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.gogle.pl/
uDefault_Search_URL = hxxp://ie.search.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: &Google Search
IE: Backward &Links
IE: Cac&hed Snapshot of Page
IE: Si&milar Pages
IE: Translate into English
Trusted Zone: com.pl\*.mks
Trusted Zone: gry.pl\www
Trusted Zone: mojegry.pl\www
Trusted Zone: www.jn.pl
DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab
FF - ProfilePath - c:\documents and settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\uduy3fhp.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-22 16:33
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
.
Czas ukończenia: 2009-04-22 16:36
ComboFix-quarantined-files.txt 2009-04-22 14:36
ComboFix2.txt 2009-04-22 13:55
ComboFix3.txt 2009-04-21 21:12
Przed: 1 005 535 232 bajtów wolnych
Po: 994 828 288 bajtów wolnych
214
[code]
Leon1
(Leon$)
22 Kwiecień 2009 15:01
#11
Log wygląda na czysty
Pobierz CCleaner http://www.filehippo.com/download_ccleaner/
przeskanuj nim i wyczyść rejestr.
zrób optymalizacje uruchamiania
http://cybertrash.netarteria.pl/cyber/i … 378.0.html
usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.
Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl
przeskanuj obszar Mój komputer http://www.kaspersky.pl/virusscanner.html gdy będą wirusy pokaż raport
slodka
(Malinka987)
22 Kwiecień 2009 15:01
#12
Logfile of HijackThis v1.99.1
Scan saved at 16:59:49, on 2009-04-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Admin\Moje dokumenty\Odebrane pliki\progamy\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogle.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66024
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O15 - Trusted Zone: http://*.mks.com.pl
O15 - Trusted Zone: www.gry.pl
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Urządzenie mobilne Apple (Apple Mobile Device) - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
[code]
Leon1
(Leon$)
22 Kwiecień 2009 15:04
#14
log czysty zrób co zaleciłem poprzednio