obo utworzono 15 września 2007 utworzono 15 września 2007 Gdy windows się już załaduje komp pratktycznie przestaje reagować. Zastanawiałem się co jest. Włączyłem (czekałem z 5 minut) Menedżera zadań i zobaczyłem że jest tam proces IEXPLORE.exe i wykorzystuje on 99% mocy procesora :/ Kiedy proces wyłaczam, pojawia się znowu i to samo. Tak kilka razy i jest ok. To znaczy nadal jest w procesach IEXPLORE ale już nie wykorzystuje pracy procesora w takim stopniu i można używać kompa. Co jest grane? Dodam że żadne okno mi się nie otwiera. To jakby Internet Explorer uruchamiał się przy starcie i pracował w tle. Żadnych wirów chyba nie ma. Sprawdzałem NOD'em i skanerem online Kaspersy. Logi z HijackThis: Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:36:02, on 2007-09-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\CTHELPER.EXE D:\Programy\Corel\Graphics9\Register\Remind32.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe c:\Program Files\Internet Explorer\iexplore.exe D:\Moje dokumenty\Folder Michała\Software\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file) O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [tlz] C:\WINDOWS\47681728.exe O4 - HKCU\..\Run: [soundMan] " SOUNDMAN.EXE" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Rejestrowanie produktów Corela.lnk = D:\Programy\Corel\Graphics9\Register\Remind32.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programy\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint – Dodaj do listy drukowania - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint – Drukuj - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint – Drukuj z dużą szybkością - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint – Podgląd - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\Programy\FlashGet\jc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - D:\Programy\FlashGet\jc_all.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virussca...can_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 5500 bytes
slake1 komentarz 15 września 2007 komentarz 15 września 2007 O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)O4 - HKCU\..\Run: [tlz] C:\WINDOWS\47681728.exe Plik na czerwono usuń ręcznie w trybie awaryjnym z wyłączonym przywracaniem systemu, a wpisy zafixuj. Pokaż log z Silent Runners i ComboFix.
obo komentarz 15 września 2007 Autor komentarz 15 września 2007 Ok. Postaram się usunąć ten plik A jak się fixuje wpisy? Lod z Silent Runners: "Silent Runners.vbs", revision 52, http://www.silentrunners.org/Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "Gadu-Gadu" = ""D:\Programy\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] "tlz" = "C:\WINDOWS\47681728.exe" [file not found] "SoundMan" = "" SOUNDMAN.EXE"" [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"] "UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."] "Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [empty string] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "Easy-PrintToolBox" = "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" ["CANON INC."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "D:\Programy\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {68F9551E-0411-48E4-9AAF-4BC42A6A46BE}\(Default) = (no title provided) -> {HKLM...CLSID} = "EWPBrowseObject Class" \InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] "{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook" \InProcServer32\(Default) = "D:\Programy\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "D:\Programy\Microsoft Office\Office10\msohev.dll" [MS] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "D:\Programy\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"] "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "D:\Programy\7-Zip\7-zip.dll" ["Igor Pavlov"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{740470CC-C8E1-4325-BD9B-03DD0C0C226C}" = "System Registry Hook" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "haspnt32.dll" [file not found] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "D:\Programy\7-Zip\7-zip.dll" ["Igor Pavlov"] NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}" -> {HKLM...CLSID} = "7-Zip Shell Extension" \InProcServer32\(Default) = "D:\Programy\7-Zip\7-zip.dll" ["Igor Pavlov"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data] WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}" -> {HKLM...CLSID} = "WinZip" \InProcServer32\(Default) = "D:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."] Default executables: -------------------- HKLM\Software\Classes\scrfile\shell\open\command\ = (key not found) HKLM\Software\Classes\scrfile\ Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoRun" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoClose" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableTaskMgr" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options| Remove Task Manager} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "DisableTaskMgr" = (REG_DWORD) hex:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Komp\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Startup items in "Komp" & "All Users" startup folders: ------------------------------------------------------ C:\Documents and Settings\Komp\Menu Start\Programy\Autostart "Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Rejestrowanie produktów Corela" -> shortcut to: "D:\Programy\Corel\Graphics9\Register\Remind32.exe" ["IntelliQuest Communications, Inc."] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Microsoft Office" -> shortcut to: "D:\Programy\Microsoft Office\Office10\OSA.EXE -b -l" [MS] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 17 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 16 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint" -> {HKLM...CLSID} = "Easy-WebPrint" \InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] StarWind iSCSI Service, StarWindService, "D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor iP3300\Driver = "CNMLM84.DLL" ["CANON INC."] ---------- (launch time: 2007-09-15 18:22:07) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 148 seconds, including 13 seconds for message boxes) Log z ComboFix: ComboFix 07-09-14.2 - "Komp" 2007-09-15 18:29:17.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.67 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\6_exception.nls . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\smtpdrv ((((((((((((((((((((((((( Files Created from 2007-08-15 to 2007-09-15 ))))))))))))))))))))))))))))))) . 2007-09-15 18:27 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-14 20:01 7,153 C:\WINDOWS\system32\SOUNDMAN.EXE 2007-09-11 15:05 <DIR> d-------- C:\DOCUME~1\Komp\DANEAP~1\Corel 2007-09-11 15:02 368,912 --------- C:\WINDOWS\system32\VBAR332.DLL 2007-09-11 15:02 1,039,360 --------- C:\WINDOWS\system32\MSJET35.DLL 2007-09-11 15:01 607,744 --------- C:\WINDOWS\system32\Decslib.dll 2007-09-11 14:58 <DIR> d-------- C:\WINDOWS\Corel 2007-09-09 17:49 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys 2007-09-09 17:45 96,256 --a------ C:\WINDOWS\system32\drivers\sptd1405.sys 2007-09-09 17:45 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-09-09 16:38 <DIR> d-------- C:\WINDOWS\Cache 2007-09-07 16:00 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared 2007-09-07 16:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Macrovision 2007-09-05 17:30 <DIR> d-------- C:\WINDOWS\ShellNew 2007-09-04 20:33 <DIR> d-------- C:\DOCUME~1\Komp\DANEAP~1\Real 2007-09-04 20:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Real 2007-09-03 16:00 3,608 --a------ C:\WINDOWS\system32\drivers\port_nt.sys 2007-09-02 16:31 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2007-09-01 17:38 <DIR> dr------- C:\DOCUME~1\LOCALS~1\Moje dokumenty 2007-08-31 22:56 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-08-31 22:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-08-31 22:56 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2007-08-31 22:56 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-08-31 18:12 <DIR> d---s---- C:\DOCUME~1\Komp\UserData 2007-08-31 17:25 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2007-08-31 14:28 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-08-31 13:29 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-08-31 13:27 <DIR> d-------- C:\DOCUME~1\Komp\DANEAP~1\Apple Computer 2007-08-31 10:37 153 --a------ C:\WINDOWS\system32\delFSF.bat 2007-08-30 23:09 <DIR> d-------- C:\WINDOWS\Web Download 2007-08-30 23:08 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80651102}.dat 2007-08-30 23:08 24 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80651102}.dat 2007-08-30 19:48 <DIR> d-------- C:\WINDOWS\system32\fads 2007-08-30 19:48 <DIR> d-------- C:\WINDOWS\system32\AdCache 2007-08-30 18:33 <DIR> d-------- C:\DOCUME~1\Komp\DANEAP~1\Gadu-Gadu 2007-08-30 17:45 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-08-30 17:45 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2007-08-30 17:45 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-08-30 17:44 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-08-30 17:44 4,527,488 --a------ C:\WINDOWS\system32\nv4_disp.dll 2007-08-30 17:44 3,994,624 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys 2007-08-30 17:44 3,994,624 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-08-30 17:44 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE 2007-08-30 17:43 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-08-30 17:43 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-08-30 17:43 42,240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS 2007-08-30 17:43 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys 2007-08-30 17:43 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys 2007-08-30 17:43 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys 2007-08-30 17:43 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys 2007-08-30 17:43 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2007-08-30 17:42 161,792 --a------ C:\WINDOWS\system32\CNMLM84.DLL 2007-08-30 17:42 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information 2007-08-30 17:42 <DIR> d--h----- C:\Program Files\CanonBJ 2007-08-30 17:42 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\DANEAP~1\CanonBJ 2007-08-30 17:40 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Ustawienia lokalne 2007-08-30 17:40 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Dane aplikacji 2007-08-30 17:40 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Dane aplikacji 2007-08-30 17:40 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Menu Start 2007-08-30 17:40 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Menu Start 2007-08-30 17:40 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenty 2007-08-30 17:40 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Szablony 2007-08-30 17:40 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Szablony 2007-08-30 17:40 <DIR> d-------- C:\Program Files\Canon 2007-08-30 17:40 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Ulubione 2007-08-30 17:40 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Pulpit 2007-08-30 17:40 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Moje dokumenty 2007-08-30 17:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Ulubione 2007-08-30 17:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pulpit 2007-08-30 17:27 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2007-08-30 17:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Adobe Systems 2007-08-30 17:21 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2007-08-30 17:21 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2007-08-30 17:20 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-08-30 17:20 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-08-30 17:20 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-08-30 17:20 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-08-30 17:20 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-08-30 17:20 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-08-30 17:19 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-08-30 16:57 545 --a------ C:\WINDOWS\UC.PIF 2007-08-30 16:57 545 --a------ C:\WINDOWS\RAR.PIF 2007-08-30 16:57 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-08-30 16:57 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-08-30 16:57 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-08-30 16:57 545 --a------ C:\WINDOWS\LHA.PIF 2007-08-30 16:57 545 --a------ C:\WINDOWS\ARJ.PIF 2007-08-30 16:57 <DIR> d-------- C:\totalcmd 2007-08-30 16:45 <DIR> d--h----- C:\Program Files\InstallShield Installation Information 2007-08-30 16:44 6,752 --------- C:\WINDOWS\system32\PFMODNT.SYS 2007-08-30 16:44 <DIR> d-------- C:\Program Files\Creative 2007-08-30 16:42 6,016 -ra------ C:\WINDOWS\system32\ntsim.sys 2007-08-30 16:42 40,448 -ra------ C:\WINDOWS\system32\drivers\fetnd5b.sys 2007-08-30 16:42 307,200 --a------ C:\WINDOWS\IsUn0415.exe 2007-08-30 16:40 <DIR> d-------- C:\Program Files\QuickTime 2007-08-30 16:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple Computer 2007-08-30 16:39 26,880 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS 2007-08-30 16:38 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-08-30 16:38 <DIR> d-------- C:\DOCUME~1\Komp\WINDOWS 2007-08-30 16:35 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-15 18:33 1033728 --a------ C:\WINDOWS\explorer.exe 2007-09-14 20:01 7153 --a------ C:\WINDOWS\system32\ SOUNDMAN.EXE 2007-08-30 15:57 --------- d-------- C:\Program Files\microsoft frontpage --------- C:\Program Files\Usługi online . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22] "nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-30 16:34] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54] "WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00] "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="D:\Programy\Gadu-Gadu\gg.exe" [2007-05-10 16:36] "tlz"="C:\WINDOWS\47681728.exe" [] "SoundMan"=" SOUNDMAN.EXE" [2007-09-14 20:01 C:\WINDOWS\system32\ SOUNDMAN.EXE] C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\ Microsoft Office.lnk - D:\Programy\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04] C:\DOCUME~1\Komp\MENUST~1\Programy\AUTOST~1\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50] Rejestrowanie produkt˘w Corela.lnk - D:\Programy\Corel\Graphics9\Register\Remind32.exe [2005-06-09 15:39:31] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{740470CC-C8E1-4325-BD9B-03DD0C0C226C}"= haspnt32.dll [ ] R2 port_nt;port_nt;\??\c:\windows\system32\drivers\port_nt.sys S3 NTSIM;NTSIM;\??\C:\WINDOWS\system32\ntsim.sys . Contents of the 'Scheduled Tasks' folder "2007-09-13 16:42:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-15 18:33:10 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\explorer.exe:extractor.jpg 41984 bytes executable C:\WINDOWS\explorer.exe:httpcomm 9883 bytes executable C:\WINDOWS\explorer.exe:mian.nest 6656 bytes executable C:\WINDOWS\explorer.exe:submitter.jpg 273920 bytes executable scan completed successfully hidden files: 4 ************************************************************************** . Completion time: 2007-09-15 18:35:20 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-15 18:35 . --- E O F --- EDIT >> Kurde nie potrafie wejść w Tryb Awaryjny. Podczas uruchamiania nie moge wcisnąć F8 bo u mnie to jest BOOT MENU. A kiedy wciskam F8 kiedy już ładuje się Windows to i tak nic się nie dzieje :/ Jak najlepiej wejść w Tryb Awaryjny z wyłączonym przywracaniem systemu?
CatchMe komentarz 15 września 2007 komentarz 15 września 2007 http://stopwirusom.pl/wiedza_ogolna/jak_wy..._awaryjny_.html
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.