james312 utworzono 8 października 2008 utworzono 8 października 2008 czy mozecie sprawdzic logsa ?? bo komp mi cos ostatnio zamula no ma juz swoje lata ale zamulac nie powinien i jak sie pozniej to usuwa ?? xd ( nigdy tego nie robilem) Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:36:34, on 2008-10-11Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\windows\System32\smss.exeC:\windows\system32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\windows\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\windows\system32\nvsvc32.exeC:\windows\system32\IoctlSvc.exeC:\windows\system32\PnkBstrA.exeC:\windows\system32\svchost.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeC:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeC:\windows\Explorer.EXEC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exeC:\PROGRA~1\NEOSTR~1\CnxMon.exeC:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeC:\windows\system32\RUNDLL32.EXEC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exeC:\PROGRA~1\Samsung\SAMSUN~1\LAUNCH~1.EXEC:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\windows\system32\ctfmon.exeC:\Program Files\Microsoft ActiveSync\Wcescomm.exeC:\Program Files\AutoConnect\AutoConnect.exeC:\Program Files\DAEMON Tools Pro\DTProAgent.exeC:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\Program Files\Gadu-Gadu\gg.exeC:\windows\system32\devldr32.exeC:\Program Files\Winamp\winamp.exeC:\Program Files\Opera\opera.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=66024R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66024R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66024R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66024R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TPR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaR3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLLO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)O2 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Google Update Helper - {77D7E795-33C5-4323-974D-A2A49AB75517} - C:\Program Files\Google\Update\1.2.131.11\GoopdateBho.dllO2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLLO3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLLO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exeO4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exeO4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exeO4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exeO4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"O4 - HKLM\..\Run: [s60TrayApplication] C:\PROGRA~1\Samsung\SAMSUN~1\LAUNCH~1.EXE -onlytrayO4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXEO4 - HKLM\..\Run: [iMJPMIG8.1] "C:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\windows\ime\imkr6_1\IMEKRMIG.EXEO4 - HKLM\..\Run: [MSPY2002] C:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNCO4 - HKLM\..\Run: [PHIME2002ASync] C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNCO4 - HKLM\..\Run: [PHIME2002A] C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -kO4 - HKLM\..\Run: [ActiveSMART] C:\Program Files\ActiveSMART 2.62\\ActiveSMART.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exeO4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exeO4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Active SMART.lnk = C:\Program Files\ActiveSMART 2.62\ActiveSMART.exeO8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htmO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1216939126687O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cabO16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{6EB30040-6858-4D83-95A1-CC7E06B91599}: NameServer = 194.204.159.1 217.98.63.164O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dllO23 - Service: ActiveSMART Service - Ariolic Software, Ltd. (http://www.ariolic.com) - C:\Program Files\ActiveSMART 2.62\ASmartService.exeO23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exeO23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Google Update Service (gupdate1c927c64129b9d2) (gupdate1c927c64129b9d2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exeO23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\windows\system32\IoctlSvc.exeO23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exeO23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe--End of file - 11386 bytes
Mateusz J. komentarz 8 października 2008 komentarz 8 października 2008 O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file) Zaznacz wpis, kliknij Fix checked. Pokaż log z Combofix
james312 komentarz 8 października 2008 Autor komentarz 8 października 2008 ComboFix 08-10-08.01 - Admin 2008-10-11 21:06:23.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.476 [GMT 2:00]Uruchomiony z: C:\Documents and Settings\Admin\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania[b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/b].((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\Admin\Dane aplikacji\BITSC:\Documents and Settings\Admin\Dane aplikacji\BITS\BITS.iniC:\Documents and Settings\Admin\Dane aplikacji\BITS\DHTTable.datC:\Documents and Settings\Admin\Dane aplikacji\BITS\ProxyList.iniC:\Program Files\FlashGet NetworkC:\Program Files\FlashGet Network\FlashGet universal\dbtrans_verbose.logC:\Program Files\FlashGet Network\FlashGet universal\fgoption.iniC:\Program Files\FlashGet Network\FlashGet universal\P2PCfg.iniC:\Program Files\FlashGet Network\FlashGet universal\p2spmgr.iniC:\Program Files\FlashGet Network\FlashGet universal\p4spmgr.iniC:\Program Files\FlashGet Network\FlashGet universal\Profiles\config.datC:\Program Files\FlashGet Network\FlashGet universal\Profiles\tasks.datC:\Program Files\FlashGet Network\FlashGet universal\transaction.logC:\windows\hostsC:\windows\system32\BReWErS.dllC:\windows\system32\h@tkeysh@@k.dll.((((((((((((((((((((((((( Pliki utworzone od 2008-09-11 do 2008-10-11 ))))))))))))))))))))))))))))))).2008-10-11 20:35 . 2008-10-11 20:35 <DIR> d-------- C:\Program Files\Trend Micro2008-10-06 17:14 . 2008-10-06 17:20 <DIR> d-------- C:\Program Files\Google2008-10-04 18:43 . 2008-10-04 18:46 <DIR> d-------- C:\Program Files\Oil Tycoon 22008-10-02 16:24 . 2008-10-02 16:24 <DIR> d-------- C:\Program Files\Activision2008-09-20 23:26 . 2008-09-20 23:29 <DIR> d-------- C:\Program Files\Alarian2008-09-18 20:29 . 2008-09-18 20:30 <DIR> d-------- C:\Documents and Settings\Admin\Dane aplikacji\fretsonfire2008-09-18 15:02 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl2008-09-18 15:01 . 2008-09-18 15:01 <DIR> d-------- C:\Program Files\Common Files\Java2008-09-18 14:13 . 2008-09-18 15:08 <DIR> d-------- C:\Program Files\Frets on Fire2008-09-14 02:50 . 2008-09-25 16:55 <DIR> d-------- C:\Program Files\LucasArts.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-10-11 19:17 --------- d-----w C:\Program Files\AutoConnect2008-10-11 19:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab2008-10-11 19:16 --------- d--h--w C:\Documents and Settings\All Users\Dane aplikacji\ActiveSMART2008-10-11 19:15 532,512 --sha-w C:\windows\system32\drivers\fidbox2.dat2008-10-11 19:15 3,948 --sha-w C:\windows\system32\drivers\fidbox2.idx2008-10-11 19:15 2,007,072 --sha-w C:\windows\system32\drivers\fidbox.dat2008-10-11 19:15 17,808 --sha-w C:\windows\system32\drivers\fidbox.idx2008-10-11 18:50 183,120 ----a-w C:\windows\system32\PnkBstrB.exe2008-10-11 18:50 137,480 ----a-w C:\windows\system32\drivers\PnkBstrK.sys2008-10-07 15:39 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-10-06 08:00 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-10-02 15:00 66,872 ----a-w C:\windows\system32\PnkBstrA.exe2008-10-02 14:37 22,328 ----a-w C:\Documents and Settings\Admin\Dane aplikacji\PnkBstrK.sys2008-09-18 13:02 --------- d-----w C:\Program Files\Java2008-09-18 12:47 --------- d-----w C:\Program Files\SpeedFan2008-09-18 11:31 --------- d-----w C:\Program Files\Opera2008-09-10 14:27 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Nero2008-09-10 14:24 --------- d-----w C:\Program Files\Common Files\Nero2008-09-10 14:20 --------- d-----w C:\Program Files\Nero2008-09-10 14:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero2008-09-10 14:13 --------- d-----w C:\Program Files\Ahead2008-09-10 13:42 --------- d-----w C:\Program Files\Microsoft Works2008-09-10 13:41 --------- d-----w C:\Program Files\MSBuild2008-09-10 13:38 --------- d-----w C:\Program Files\Microsoft.NET2008-09-10 03:31 --------- d-----w C:\Program Files\MSXML 4.02008-09-06 21:42 --------- d-----w C:\Program Files\WinAmp2008-09-06 21:41 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Winamp2008-09-06 16:31 279,712 ----a-w C:\windows\system32\drivers\atksgt.sys2008-09-06 16:31 25,888 ----a-w C:\windows\system32\drivers\lirsgt.sys2008-09-06 12:23 --------- d-----w C:\Program Files\kRk Software2008-09-06 12:15 --------- d-----w C:\Program Files\ActiveSMART 2.622008-09-06 12:03 --------- d-----w C:\Program Files\QuickTime2008-09-06 12:02 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\DisplayTune2008-09-06 12:01 --------- d-----w C:\Program Files\Fma2008-09-05 14:12 5,607 ----a-w C:\windows\~GLH0001.TMP2008-09-05 14:12 27,136 ----a-w C:\windows\~GLH0000.TMP2008-09-05 14:12 139,264 ----a-w C:\windows\~GLC0000.TMP2008-08-27 20:46 --------- d-----w C:\Program Files\Creative2008-08-27 18:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems2008-08-27 18:54 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Ulead Systems2008-08-27 18:32 --------- d-----w C:\Program Files\Common Files\Ulead Systems2008-08-27 18:27 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\QuickTime2008-08-27 18:26 --------- d-----w C:\Program Files\Windows Media Components2008-08-27 18:25 --------- d-----w C:\Program Files\Ulead Systems2008-08-27 18:25 --------- d-----w C:\Program Files\Common Files\InstallShield2008-08-21 15:33 --------- d-----w C:\Program Files\Common Files\Download Manager2008-08-21 15:26 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Multimedia Player2008-08-20 19:31 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Samsung2008-08-20 19:23 --------- d-----w C:\Program Files\Ares2008-08-20 19:19 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\Datalayer2008-08-20 14:17 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\PC Suite2008-08-20 14:17 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\PC Suite2008-08-20 14:16 --------- d-----w C:\Program Files\Samsung2008-08-20 14:16 --------- d-----w C:\Program Files\Common Files\PCSuite2008-08-20 14:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations2008-08-20 08:24 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Test Drive Unlimited2008-08-17 15:02 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\FarmingSimulator20082008-08-13 21:49 --------- d-----w C:\Program Files\CCleaner2008-08-13 20:10 --------- d-----w C:\Documents and Settings\Admin\Dane aplikacji\uTorrent2008-08-11 16:26 --------- d-----w C:\Program Files\Metin2_PL2008-08-11 16:15 --------- d-----w C:\Program Files\Neostrada TP2008-08-04 15:01 73,216 ----a-w C:\windows\ST6UNST.EXE2008-08-04 14:27 43,520 ----a-w C:\windows\system32\CmdLineExt03.dll2008-08-04 14:10 21,840 ----a-w C:\windows\system32\SIntfNT.dll2008-08-04 14:10 17,212 ----a-w C:\windows\system32\SIntf32.dll2008-08-04 14:10 12,067 ----a-w C:\windows\system32\SIntf16.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\windows\system32\ctfmon.exe" [2004-08-04 15360]"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2006-12-03 310784]"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-21 188416]"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 24576]"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 20480]"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 53248]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 13529088]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 86016]"S60TrayApplication"="C:\PROGRA~1\Samsung\SAMSUN~1\LAUNCH~1.EXE" [2007-03-14 237568]"DataLayer"="C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE" [2007-02-22 851968]"IMJPMIG8.1"="C:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]"IMEKRMIG6.1"="C:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-17 44032]"MSPY2002"="C:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]"PHIME2002ASync"="C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]"PHIME2002A"="C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]"ActiveSMART"="C:\Program Files\ActiveSMART 2.62\\ActiveSMART.exe" [2008-07-25 278776]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]"nwiz"="nwiz.exe" [2008-05-16 C:\WINDOWS\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]"PcSync"="C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2006-06-27 1449984]C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\Active SMART.lnk - C:\Program Files\ActiveSMART 2.62\ActiveSMART.exe [2008-09-06 278776][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm"msacm.mpegacm"= mpegacm.acm"msacm.ulmp3acm"= ulmp3acm.acm"aux"= ctwdm32.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]--------- 2006-08-07 10:06 700416 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]--a------ 2002-04-17 10:42 69632 C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]--a------ 2006-03-14 10:49 192512 C:\Program Files\A4Tech\Mouse\Amoumain.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\Program Files\\Opera\\Opera.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"C:\\Program Files\\Metin2_PL\\metin2.bin"="C:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Polish\\setup.exe"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync ServiceR0 klbg;Kaspersky Lab Boot Guard Driver;C:\windows\system32\drivers\klbg.sys [2008-01-29 32784]R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]S2 ActiveSMART Service;ActiveSMART Service;C:\Program Files\ActiveSMART 2.62\ASmartService.exe [2008-07-25 520192]S2 gupdate1c927c64129b9d2;Google Update Service (gupdate1c927c64129b9d2);C:\Program Files\Google\Update\GoogleUpdate.exe [2008-10-06 133104]S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\windows\system32\DRIVERS\Amps2prt.sys [2006-01-11 13824]S3 K320bus;Sony Ericsson K320 driver (WDM);C:\windows\system32\DRIVERS\K320bus.sys [2006-08-18 61504]S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;C:\windows\system32\DRIVERS\K320mdfl.sys [2006-08-18 9328]S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;C:\windows\system32\DRIVERS\K320mdm.sys [2006-08-18 97056]S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);C:\windows\system32\DRIVERS\K320mgmt.sys [2006-08-18 88560]S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;C:\windows\system32\DRIVERS\K320obex.sys [2006-08-18 86368]S3 nmwcdsa;Samsung USB Phone Parent;C:\windows\system32\drivers\nmwcdsa.sys [2007-05-02 135680]S3 nmwcdsac;Samsung USB Generic;C:\windows\system32\drivers\nmwcdsac.sys [2007-05-02 8320]S3 nmwcdsacj;Samsung USB Port;C:\windows\system32\drivers\nmwcdsacj.sys [2007-05-02 12288]S3 nmwcdsacm;Samsung USB Modem;C:\windows\system32\drivers\nmwcdsacm.sys [2007-05-02 12288].Zawartość folderu 'Zaplanowane zadania'2008-10-11 C:\windows\Tasks\GoogleUpdateTaskMachine.job- C:\Program Files\Google\Update\GoogleUpdate.exe [2008-10-06 22:32].- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-zzzHPSETUP - E:\Setup.exeMSConfigStartUp-Metin2 - C:\Metin2.exeMSConfigStartUp-NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exeMSConfigStartUp-Odkurzacz-MCD - C:\Program Files\Odkurzacz\odk_mcd.exe.------- Skan uzupełniający -------.R0 -: HKCU-Main,Start Page = hxxp://www.google.pl/R0 -: HKCU-Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66024O8 -: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htmO8 -: E&ksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 -: { - C:\Program Files\Messenger\msmsgs.exeO9 -: {C:\Program Files\Messenger\msmsgs.exe - -O17 -: HKLM\CCS\Interface\{6EB30040-6858-4D83-95A1-CC7E06B91599}: NameServer = 194.204.159.1 217.98.63.164O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cabC:\WINDOWS\Downloaded Program Files\SysReqLab3.osdC:\WINDOWS\Downloaded Program Files\sysreqlab3.dll.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-10-11 21:17:31Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.------------------------ Pozostałe uruchomione procesy ------------------------.C:\WINDOWS\system32\CTSVCCDA.EXEC:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\IoctlSvc.exeC:\WINDOWS\system32\PnkBstrA.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\system32\wdfmgr.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\devldr32.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exeC:\PROGRA~1\MICROS~3\rapimgr.exeC:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeC:\WINDOWS\system32\imapi.exe.**************************************************************************.Czas ukończenia: 2008-10-11 21:23:31 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2008-10-11 19:23:17Przed: 18 162 319 360 bajtów wolnychPo: 18,842,349,568 bajtów wolnych256 --- E O F --- 2008-09-10 03:38:15 CF usunal juz bledy itp czy jeszcze recznie bd musial to robic ??
Mateusz J. komentarz 9 października 2008 komentarz 9 października 2008 C:\windows\~GLH0001.TMPC:\windows\~GLH0000.TMPC:\windows\~GLC0000.TMP Pliki usuń ręcznie z dysku Usuń folder c:\QooBox Po za tym logi są ok. Skoro komp zamula wykonaj optymalizację. Przede wszystkim wywal niepotrzebne programy z autostartu.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.