x-kom hosting

Internet Explorer Sam Mi Się Włącza Podczas Startu Windowsa

obo
utworzono
utworzono

Gdy windows się już załaduje komp pratktycznie przestaje reagować. Zastanawiałem się co jest. Włączyłem (czekałem z 5 minut) Menedżera zadań i zobaczyłem że jest tam proces IEXPLORE.exe i wykorzystuje on 99% mocy procesora :/ Kiedy proces wyłaczam, pojawia się znowu i to samo. Tak kilka razy i jest ok. To znaczy nadal jest w procesach IEXPLORE ale już nie wykorzystuje pracy procesora w takim stopniu i można używać kompa.

Co jest grane? Dodam że żadne okno mi się nie otwiera. To jakby Internet Explorer uruchamiał się przy starcie i pracował w tle.

Żadnych wirów chyba nie ma. Sprawdzałem NOD'em i skanerem online Kaspersy.

Logi z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:36:02, on 2007-09-15

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\CTHELPER.EXE

D:\Programy\Corel\Graphics9\Register\Remind32.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

c:\Program Files\Internet Explorer\iexplore.exe

D:\Moje dokumenty\Folder Michała\Software\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programy\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [tlz] C:\WINDOWS\47681728.exe

O4 - HKCU\..\Run: [soundMan] " SOUNDMAN.EXE"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Rejestrowanie produktów Corela.lnk = D:\Programy\Corel\Graphics9\Register\Remind32.exe

O4 - Global Startup: Microsoft Office.lnk = D:\Programy\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\Programy\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint – Dodaj do listy drukowania - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint – Drukuj - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint – Drukuj z dużą szybkością - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint – Podgląd - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\Programy\FlashGet\jc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - D:\Programy\FlashGet\jc_all.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virussca...can_unicode.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--

End of file - 5500 bytes

slake1
komentarz
komentarz
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O4 - HKCU\..\Run: [tlz] C:\WINDOWS\47681728.exe

Plik na czerwono usuń ręcznie w trybie awaryjnym z wyłączonym przywracaniem systemu, a wpisy zafixuj.

Pokaż log z Silent Runners i ComboFix.

obo
komentarz
komentarz

Ok. Postaram się usunąć ten plik ;)

A jak się fixuje wpisy?

Lod z Silent Runners:

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"Gadu-Gadu" = ""D:\Programy\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

"tlz" = "C:\WINDOWS\47681728.exe" [file not found]

"SoundMan" = "" SOUNDMAN.EXE"" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]

"UpdReg" = "C:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]

"Jet Detection" = ""C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"" [empty string]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"Easy-PrintToolBox" = "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" ["CANON INC."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "D:\Programy\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}\(Default) = (no title provided)

-> {HKLM...CLSID} = "EWPBrowseObject Class"

\InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"

-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "D:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "D:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "D:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "D:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"

\InProcServer32\(Default) = "D:\Programy\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "D:\Programy\Microsoft Office\Office10\msohev.dll" [MS]

"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"

-> {HKLM...CLSID} = "AlcoholShellEx"

\InProcServer32\(Default) = "D:\Programy\ALCOHO~1\ALCOHO~1\axshlex.dll" ["Alcohol Soft Development Team"]

"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"

-> {HKLM...CLSID} = "7-Zip Shell Extension"

\InProcServer32\(Default) = "D:\Programy\7-Zip\7-zip.dll" ["Igor Pavlov"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{740470CC-C8E1-4325-BD9B-03DD0C0C226C}" = "System Registry Hook"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "haspnt32.dll" [file not found]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = "7-Zip Shell Extension"

\InProcServer32\(Default) = "D:\Programy\7-Zip\7-zip.dll" ["Igor Pavlov"]

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "D:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = "7-Zip Shell Extension"

\InProcServer32\(Default) = "D:\Programy\7-Zip\7-zip.dll" ["Igor Pavlov"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "D:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"

-> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "D:\Programy\WinRAR\rarext.dll" [null data]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "D:\PROGRAMY\WINZIP\WZSHLSTB.DLL" ["WinZip Computing, Inc."]

Default executables:

--------------------

HKLM\Software\Classes\scrfile\shell\open\command\ = (key not found)

HKLM\Software\Classes\scrfile\

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoRun" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

"NoClose" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableTaskMgr" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options|

Remove Task Manager}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

"DisableTaskMgr" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\Komp\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:

---------------------

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]

Startup items in "Komp" & "All Users" startup folders:

------------------------------------------------------

C:\Documents and Settings\Komp\Menu Start\Programy\Autostart

"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"Rejestrowanie produktów Corela" -> shortcut to: "D:\Programy\Corel\Graphics9\Register\Remind32.exe" ["IntelliQuest Communications, Inc."]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart

"Microsoft Office" -> shortcut to: "D:\Programy\Microsoft Office\Office10\OSA.EXE -b -l" [MS]

Enabled Scheduled Tasks:

------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" [file not found]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 17

%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 16

%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"

-> {HKLM...CLSID} = "Easy-WebPrint"

\InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

StarWind iSCSI Service, StarWindService, "D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe" ["Rocket Division Software"]

Print Monitors:

---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\

Canon BJ Language Monitor iP3300\Driver = "CNMLM84.DLL" ["CANON INC."]

---------- (launch time: 2007-09-15 18:22:07)

<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 148 seconds, including 13 seconds for message boxes)

Log z ComboFix:

ComboFix 07-09-14.2 - "Komp" 2007-09-15 18:29:17.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.67 [GMT 2:00]

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\system32\6_exception.nls

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\smtpdrv

((((((((((((((((((((((((( Files Created from 2007-08-15 to 2007-09-15 )))))))))))))))))))))))))))))))

.

2007-09-15 18:27 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-09-14 20:01 7,153 C:\WINDOWS\system32\SOUNDMAN.EXE

2007-09-11 15:05 <DIR> d-------- C:\DOCUME~1\Komp\DANEAP~1\Corel

2007-09-11 15:02 368,912 --------- C:\WINDOWS\system32\VBAR332.DLL

2007-09-11 15:02 1,039,360 --------- C:\WINDOWS\system32\MSJET35.DLL

2007-09-11 15:01 607,744 --------- C:\WINDOWS\system32\Decslib.dll

2007-09-11 14:58 <DIR> d-------- C:\WINDOWS\Corel

2007-09-09 17:49 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys

2007-09-09 17:45 96,256 --a------ C:\WINDOWS\system32\drivers\sptd1405.sys

2007-09-09 17:45 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys

2007-09-09 16:38 <DIR> d-------- C:\WINDOWS\Cache

2007-09-07 16:00 <DIR> d-------- C:\Program Files\Common Files\Macromedia Shared

2007-09-07 16:00 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Macrovision

2007-09-05 17:30 <DIR> d-------- C:\WINDOWS\ShellNew

2007-09-04 20:33 <DIR> d-------- C:\DOCUME~1\Komp\DANEAP~1\Real

2007-09-04 20:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Real

2007-09-03 16:00 3,608 --a------ C:\WINDOWS\system32\drivers\port_nt.sys

2007-09-02 16:31 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy

2007-09-01 17:38 <DIR> dr------- C:\DOCUME~1\LOCALS~1\Moje dokumenty

2007-08-31 22:56 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

2007-08-31 22:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll

2007-08-31 22:56 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys

2007-08-31 22:56 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-08-31 18:12 <DIR> d---s---- C:\DOCUME~1\Komp\UserData

2007-08-31 17:25 <DIR> d-------- C:\WINDOWS\system32\NtmsData

2007-08-31 14:28 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-08-31 13:29 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-08-31 13:27 <DIR> d-------- C:\DOCUME~1\Komp\DANEAP~1\Apple Computer

2007-08-31 10:37 153 --a------ C:\WINDOWS\system32\delFSF.bat

2007-08-30 23:09 <DIR> d-------- C:\WINDOWS\Web Download

2007-08-30 23:08 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000A-00001102-00000002-80651102}.dat

2007-08-30 23:08 24 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000A-00001102-00000002-80651102}.dat

2007-08-30 19:48 <DIR> d-------- C:\WINDOWS\system32\fads

2007-08-30 19:48 <DIR> d-------- C:\WINDOWS\system32\AdCache

2007-08-30 18:33 <DIR> d-------- C:\DOCUME~1\Komp\DANEAP~1\Gadu-Gadu

2007-08-30 17:45 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys

2007-08-30 17:45 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys

2007-08-30 17:45 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

2007-08-30 17:44 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys

2007-08-30 17:44 4,527,488 --a------ C:\WINDOWS\system32\nv4_disp.dll

2007-08-30 17:44 3,994,624 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys

2007-08-30 17:44 3,994,624 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-08-30 17:44 163,840 --a------ C:\WINDOWS\BJPSUNST.EXE

2007-08-30 17:43 77,312 --a------ C:\WINDOWS\system32\usbui.dll

2007-08-30 17:43 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll

2007-08-30 17:43 42,240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS

2007-08-30 17:43 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys

2007-08-30 17:43 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys

2007-08-30 17:43 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys

2007-08-30 17:43 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys

2007-08-30 17:43 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll

2007-08-30 17:42 161,792 --a------ C:\WINDOWS\system32\CNMLM84.DLL

2007-08-30 17:42 <DIR> d--h----- C:\WINDOWS\system32\CanonIJ Uninstaller Information

2007-08-30 17:42 <DIR> d--h----- C:\Program Files\CanonBJ

2007-08-30 17:42 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\DANEAP~1\CanonBJ

2007-08-30 17:40 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Ustawienia lokalne

2007-08-30 17:40 <DIR> dr-h----- C:\DOCUME~1\DEFAUL~1\Dane aplikacji

2007-08-30 17:40 <DIR> dr-h----- C:\DOCUME~1\ALLUSE~1\Dane aplikacji

2007-08-30 17:40 <DIR> dr------- C:\DOCUME~1\DEFAUL~1\Menu Start

2007-08-30 17:40 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Menu Start

2007-08-30 17:40 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Dokumenty

2007-08-30 17:40 <DIR> d--h----- C:\DOCUME~1\DEFAUL~1\Szablony

2007-08-30 17:40 <DIR> d--h----- C:\DOCUME~1\ALLUSE~1\Szablony

2007-08-30 17:40 <DIR> d-------- C:\Program Files\Canon

2007-08-30 17:40 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Ulubione

2007-08-30 17:40 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Pulpit

2007-08-30 17:40 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\Moje dokumenty

2007-08-30 17:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Ulubione

2007-08-30 17:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Pulpit

2007-08-30 17:27 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared

2007-08-30 17:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Adobe Systems

2007-08-30 17:21 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys

2007-08-30 17:21 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys

2007-08-30 17:20 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll

2007-08-30 17:20 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll

2007-08-30 17:20 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll

2007-08-30 17:20 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe

2007-08-30 17:20 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll

2007-08-30 17:20 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll

2007-08-30 17:19 <DIR> d-------- C:\Program Files\Common Files\Ahead

2007-08-30 16:57 545 --a------ C:\WINDOWS\UC.PIF

2007-08-30 16:57 545 --a------ C:\WINDOWS\RAR.PIF

2007-08-30 16:57 545 --a------ C:\WINDOWS\PKZIP.PIF

2007-08-30 16:57 545 --a------ C:\WINDOWS\PKUNZIP.PIF

2007-08-30 16:57 545 --a------ C:\WINDOWS\NOCLOSE.PIF

2007-08-30 16:57 545 --a------ C:\WINDOWS\LHA.PIF

2007-08-30 16:57 545 --a------ C:\WINDOWS\ARJ.PIF

2007-08-30 16:57 <DIR> d-------- C:\totalcmd

2007-08-30 16:45 <DIR> d--h----- C:\Program Files\InstallShield Installation Information

2007-08-30 16:44 6,752 --------- C:\WINDOWS\system32\PFMODNT.SYS

2007-08-30 16:44 <DIR> d-------- C:\Program Files\Creative

2007-08-30 16:42 6,016 -ra------ C:\WINDOWS\system32\ntsim.sys

2007-08-30 16:42 40,448 -ra------ C:\WINDOWS\system32\drivers\fetnd5b.sys

2007-08-30 16:42 307,200 --a------ C:\WINDOWS\IsUn0415.exe

2007-08-30 16:40 <DIR> d-------- C:\Program Files\QuickTime

2007-08-30 16:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Apple Computer

2007-08-30 16:39 26,880 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS

2007-08-30 16:38 306,688 --a------ C:\WINDOWS\IsUninst.exe

2007-08-30 16:38 <DIR> d-------- C:\DOCUME~1\Komp\WINDOWS

2007-08-30 16:35 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-09-15 18:33 1033728 --a------ C:\WINDOWS\explorer.exe

2007-09-14 20:01 7153 --a------ C:\WINDOWS\system32\ SOUNDMAN.EXE

2007-08-30 15:57 --------- d-------- C:\Program Files\microsoft frontpage

--------- C:\Program Files\Usługi online

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22]

"nwiz"="nwiz.exe" [2006-10-22 12:22 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22]

"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-30 16:34]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]

"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 C:\WINDOWS\system32\CTHELPER.EXE]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]

"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 03:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Gadu-Gadu"="D:\Programy\Gadu-Gadu\gg.exe" [2007-05-10 16:36]

"tlz"="C:\WINDOWS\47681728.exe" []

"SoundMan"=" SOUNDMAN.EXE" [2007-09-14 20:01 C:\WINDOWS\system32\ SOUNDMAN.EXE]

C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\

Microsoft Office.lnk - D:\Programy\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04]

C:\DOCUME~1\Komp\MENUST~1\Programy\AUTOST~1\

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

Rejestrowanie produkt˘w Corela.lnk - D:\Programy\Corel\Graphics9\Register\Remind32.exe [2005-06-09 15:39:31]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{740470CC-C8E1-4325-BD9B-03DD0C0C226C}"= haspnt32.dll [ ]

R2 port_nt;port_nt;\??\c:\windows\system32\drivers\port_nt.sys

S3 NTSIM;NTSIM;\??\C:\WINDOWS\system32\ntsim.sys

.

Contents of the 'Scheduled Tasks' folder

"2007-09-13 16:42:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-15 18:33:10

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\explorer.exe:extractor.jpg 41984 bytes executable

C:\WINDOWS\explorer.exe:httpcomm 9883 bytes executable

C:\WINDOWS\explorer.exe:mian.nest 6656 bytes executable

C:\WINDOWS\explorer.exe:submitter.jpg 273920 bytes executable

scan completed successfully

hidden files: 4

**************************************************************************

.

Completion time: 2007-09-15 18:35:20 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-09-15 18:35

.

--- E O F ---

EDIT >> Kurde nie potrafie wejść w Tryb Awaryjny. Podczas uruchamiania nie moge wcisnąć F8 bo u mnie to jest BOOT MENU. A kiedy wciskam F8 kiedy już ładuje się Windows to i tak nic się nie dzieje :/

Jak najlepiej wejść w Tryb Awaryjny z wyłączonym przywracaniem systemu?

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.