Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

Logi - Coś zwalnia komputer

Rozpoczęty przez timmy , 27 09 2008 11:44

Temat jest zamknięty

1 odpowiedź w tym temacie

#1 timmy

Zaawansowany użytkownik

624 postów

Napisano 27 09 2008 - 11:44

Witam. komputer mi cos ostatnio zwolnil oto logi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:04, on 2008-09-27
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\diagnostic.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DialNet\winpppoverethernet.exe
C:\PROGRA~1\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DialNet\WrOS.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\PROGRA~1\COMMON~1\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 - REG:win.ini: run= 
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Diagnostic] C:\WINDOWS\diagnostic.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [] "C:\PROGRA~1\DialNet\fplicensereg.exe zhimakaimen//WINPOET_QUITTING_EVENT"
O4 - HKLM\..\Run: [z-WrDialer] "C:\Program Files\DialNet\wrdialer.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.11\RivaTuner.exe" /S
O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url="http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1220633385828"]http://www.update.microsoft.com/windowsupd...b?1220633385828[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9B8CF49-A4F7-4143-84E0-D929AD38303B}: NameServer = 174.138.200.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA07BEF8-C170-47DD-AD76-6A1A8E409332}: NameServer = 217.30.129.149 217.30.137.200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE

--
End of file - 8281 bytes

ComboFix 08-09-26.01 - fritzz 2008-09-27 11:40:37.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.652 [GMT 2:00]
Uruchomiony z: E:\ComboFix.exe
 * Utworzono nowy punkt przywracania
 * Resident AV is active


[color="red"][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-08-27 do 2008-09-27  )))))))))))))))))))))))))))))))
.

2008-09-26 21:00 . 2008-09-26 21:14	<DIR>	d--------	C:\Program Files\SpeedFan
2008-09-26 21:00 . 2008-09-26 21:00	45	--a------	C:\WINDOWS\system32\initdebug.nfo
2008-09-26 19:56 . 2008-09-26 19:56	<DIR>	d--------	C:\Program Files\RivaTuner v2.11
2008-09-26 19:17 . 2008-09-26 19:17	<DIR>	d--------	C:\Program Files\Trend Micro
2008-09-26 11:06 . 2008-09-26 11:06	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\Nokia
2008-09-26 11:06 . 2008-09-26 11:06	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\Datalayer
2008-09-26 10:51 . 2008-09-26 11:06	<DIR>	d--------	C:\Documents and Settings\fritzz\Phone Browser
2008-09-26 10:44 . 2008-09-26 10:44	<DIR>	d--------	C:\WINDOWS\Downloaded Installations
2008-09-26 10:43 . 2008-09-26 10:43	<DIR>	d--------	C:\Program Files\DIFX
2008-09-26 10:42 . 2008-09-26 10:45	<DIR>	d--------	C:\Program Files\Nokia
2008-09-26 10:42 . 2008-09-26 10:42	<DIR>	d--------	C:\Program Files\Common Files\PCSuite
2008-09-26 10:42 . 2008-09-26 10:42	<DIR>	d--------	C:\Program Files\Common Files\Nokia
2008-09-26 10:42 . 2008-09-26 10:42	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\PC Suite
2008-09-26 10:42 . 2008-09-26 10:43	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2008-09-26 10:42 . 2008-09-26 10:42	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations
2008-09-26 10:42 . 2006-05-29 08:26	127,488	--a------	C:\WINDOWS\system32\drivers\nmwcd.sys
2008-09-26 10:42 . 2006-05-29 08:26	50,688	--a------	C:\WINDOWS\system32\nmwcdcls.dll
2008-09-26 10:42 . 2006-05-29 08:26	30,720	--a------	C:\WINDOWS\system32\nmwcdcocls.dll
2008-09-26 10:42 . 2006-05-29 08:26	13,312	--a------	C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-09-26 10:42 . 2006-05-29 08:26	13,312	--a------	C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-09-26 10:42 . 2006-05-29 08:26	8,704	--a------	C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-09-26 10:42 . 2006-05-29 08:26	4,608	--a------	C:\WINDOWS\system32\nmwcdlog.dll
2008-09-25 16:32 . 2006-02-04 03:50	5,174	--a------	C:\WINDOWS\system32\nppt9x.vxd
2008-09-25 16:32 . 2006-02-04 03:50	4,682	--a------	C:\WINDOWS\system32\npptNT2.sys
2008-09-23 20:11 . 2008-09-23 22:08	<DIR>	d--------	C:\Program Files\Teamspeak2_RC2
2008-09-23 20:11 . 2008-09-23 20:11	34,064	--a------	C:\WINDOWS\system32\lhacm.acm
2008-09-23 18:16 . 2008-09-26 09:13	8	--a------	C:\WINDOWS\system32\nvModes.dat
2008-09-22 09:45 . 2007-07-04 16:27	30,336	--a------	C:\WINDOWS\system32\drivers\fpd.sys
2008-09-22 09:44 . 2008-09-27 07:41	<DIR>	d--------	C:\Program Files\DialNet
2008-09-22 09:44 . 2008-09-22 09:44	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\InstallShield
2008-09-21 23:08 . 2008-09-21 23:08	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-09-19 17:56 . 2008-09-19 17:56	<DIR>	d--------	C:\WINDOWS\system32\Lang
2008-09-19 17:56 . 2008-09-19 17:56	940,794	--a------	C:\WINDOWS\system32\LoopyMusic.wav
2008-09-19 17:56 . 2008-09-19 17:56	146,650	--a------	C:\WINDOWS\system32\BuzzingBee.wav
2008-09-19 17:56 . 2008-09-25 21:05	60,416	--a------	C:\WINDOWS\ALCFDRTM.VER
2008-09-19 17:56 . 2008-09-19 17:56	60,416	--a------	C:\WINDOWS\ALCFDRTM.EXE
2008-09-19 13:23 . 2008-09-19 13:25	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\DMCache
2008-09-19 12:48 . 2008-09-19 12:48	<DIR>	d--------	C:\Program Files\Realtek AC97
2008-09-19 07:45 . 2002-07-12 15:33	1,581,056	--a------	C:\WINDOWS\mixer.exe
2008-09-19 07:45 . 2000-10-20 17:28	765,952	--a------	C:\WINDOWS\system\crlds3d.dll
2008-09-19 07:45 . 2001-11-23 11:08	712,704	--a------	C:\WINDOWS\system32\Audio3D.dll
2008-09-19 07:45 . 2001-11-23 11:08	712,704	--a------	C:\WINDOWS\system32\a3d.dll
2008-09-19 07:45 . 2002-07-16 09:58	379,726	--a------	C:\WINDOWS\system32\drivers\cmaudio.sys
2008-09-19 07:45 . 2002-07-11 10:24	139,264	--a------	C:\WINDOWS\cmuninst.exe
2008-09-19 07:45 . 2002-07-11 11:13	135,168	--a------	C:\WINDOWS\cmuninst.dat
2008-09-19 07:45 . 2002-03-29 13:52	32,768	--a------	C:\WINDOWS\system32\cmnprop.dll
2008-09-17 18:24 . 2008-09-17 18:24	665,088	--a------	C:\Documents and Settings\fritzz\Reloggeros.exe
2008-09-16 15:21 . 2008-09-16 15:21	<DIR>	d--------	C:\Program Files\Common Files\Adobe
2008-09-15 15:57 . 2008-09-15 15:57	<DIR>	d--------	C:\RmConverterOutput
2008-09-15 15:57 . 2008-09-15 15:57	<DIR>	d--------	C:\Program Files\Ultra RM Converter
2008-09-14 16:03 . 2008-09-14 16:03	<DIR>	d--------	C:\Program Files\Connectix
2008-09-14 10:43 . 2004-03-18 15:07	397,312	--a------	C:\WINDOWS\system32\RaConfig.exe
2008-09-14 10:43 . 2003-09-03 10:12	86,016	--a------	C:\WINDOWS\system32\install.dll
2008-09-14 10:43 . 2004-03-01 18:31	62,848	--a------	C:\WINDOWS\system32\drivers\RT2400.sys
2008-09-14 10:43 . 2003-05-21 10:17	45,056	--a------	C:\WINDOWS\system32\DEDriverDLL.dll
2008-09-14 10:43 . 2002-05-24 09:44	36,864	--a------	C:\WINDOWS\system32\WRLSetup.exe
2008-09-14 10:43 . 2003-06-24 11:22	32,768	--a------	C:\WINDOWS\system32\SmartInstallCfg2.dll
2008-09-14 10:43 . 2003-08-29 15:55	28,672	--a------	C:\WINDOWS\system32\CCS24.exe
2008-09-14 10:43 . 2003-02-21 13:23	10,227	--a------	C:\WINDOWS\system32\RaConfig.hlp
2008-09-13 23:52 . 2008-09-13 23:52	<DIR>	d--------	C:\Program Files\PC Washer
2008-09-13 21:42 . 2007-10-12 03:56	490,776	--a------	C:\WINDOWS\system32\drivers\LV561AV.SYS
2008-09-13 21:41 . 2008-09-13 21:41	<DIR>	d--------	C:\Program Files\Logitech
2008-09-13 21:41 . 2008-09-13 21:42	<DIR>	d--------	C:\Program Files\Common Files\LogiShrd
2008-09-13 21:41 . 2008-09-13 21:41	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Logitech
2008-09-13 21:41 . 2008-09-13 21:47	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Logishrd
2008-09-13 17:43 . 2008-09-27 08:00	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\skypePM
2008-09-13 17:43 . 2008-09-13 17:43	56	--ah-----	C:\WINDOWS\system32\ezsidmv.dat
2008-09-13 17:41 . 2008-09-27 11:38	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\Skype
2008-09-13 17:40 . 2008-09-13 17:40	<DIR>	d--------	C:\Program Files\Skype
2008-09-13 17:40 . 2008-09-13 17:40	<DIR>	d--------	C:\Program Files\Common Files\Skype
2008-09-13 17:40 . 2008-09-13 17:40	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-09-12 18:40 . 2008-09-12 18:40	<DIR>	d--------	C:\WINDOWS\Sun
2008-09-12 10:25 . 2008-04-14 00:15	26,368	--a--c---	C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-11 18:57 . 2008-06-10 02:32	73,728	--a------	C:\WINDOWS\system32\javacpl.cpl
2008-09-11 18:56 . 2008-09-11 18:57	<DIR>	d--------	C:\Program Files\Java
2008-09-11 18:54 . 2008-09-11 18:54	<DIR>	d--------	C:\Program Files\Common Files\Java
2008-09-09 19:08 . 2008-09-26 18:14	<DIR>	d--------	C:\Program Files\sXe Injected
2008-09-09 00:55 . 2008-09-25 08:26	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy
2008-09-09 00:55 . 2008-09-10 08:37	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-09-09 00:48 . 2008-09-09 00:50	<DIR>	d-a------	C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-09-07 13:37 . 2008-09-07 13:37	<DIR>	d--------	C:\Program Files\MSXML 4.0
2008-09-07 13:17 . 2000-07-31 09:48	306,688	--a------	C:\WINDOWS\IsUninst.exe
2008-09-07 13:17 . 2008-09-07 13:17	583	--a------	C:\WINDOWS\Q3TA.INI
2008-09-07 13:15 . 2008-09-07 13:15	<DIR>	d--------	C:\Program Files\DAEMON Tools Lite
2008-09-07 13:13 . 2008-09-07 13:13	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\DAEMON Tools
2008-09-07 13:04 . 2008-09-07 13:05	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\DAEMON Tools Pro
2008-09-07 12:58 . 2008-09-07 13:13	717,296	--a------	C:\WINDOWS\system32\drivers\sptd.sys
2008-09-07 12:58 . 2008-08-27 15:40	594,959	--a------	C:\WINDOWS\diagnostic.exe
2008-09-07 09:27 . 2008-09-26 09:35	69	--a------	C:\WINDOWS\NeroDigital.ini
2008-09-07 09:24 . 2008-09-07 09:24	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\Nero
2008-09-07 09:22 . 2008-09-07 09:22	<DIR>	d--------	C:\Program Files\Nero
2008-09-07 09:22 . 2008-09-07 09:23	<DIR>	d--------	C:\Program Files\Common Files\Nero
2008-09-07 09:22 . 2008-09-07 09:22	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-09-06 18:24 . 2000-04-03 22:05	118,784	--a------	C:\WINDOWS\system\msstdfmt.dll
2008-09-06 13:41 . 2008-09-19 14:16	<DIR>	d--------	C:\Program Files\HyCam2
2008-09-06 01:25 . 2008-09-06 01:25	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\Media Player Classic
2008-09-06 01:19 . 2008-09-06 01:19	<DIR>	d--------	C:\WINDOWS\system32\drivers\umdf
2008-09-06 01:18 . 2008-09-06 01:18	<DIR>	d--------	C:\Program Files\QuickTime Alternative
2008-09-06 01:18 . 2008-09-06 01:18	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-09-06 01:18 . 2008-05-27 10:50	90,112	--a------	C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 01:18 . 2008-05-27 10:50	57,344	--a------	C:\WINDOWS\system32\QuickTime.qts
2008-09-06 01:15 . 2008-09-06 01:15	<DIR>	d--------	C:\Program Files\<a href="http://www.download.net.pl/107/Real-Alternative/">Real Alternative</a>
2008-09-06 01:09 . 2008-09-06 01:09	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\KRyLack Password Recovery
2008-09-06 00:36 . 2008-09-06 00:36	<DIR>	d--------	C:\Program Files\Q3E Minimizer v1.51
2008-09-05 23:25 . 2008-09-26 23:22	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\mIRC
2008-09-05 19:53 . 2008-09-13 22:14	<DIR>	d--------	C:\Documents and Settings\fritzz\Dane aplikacji\teamspeak2
2008-09-05 19:19 . 2008-09-05 19:19	<DIR>	d--------	C:\WINDOWS\system32\XPSViewer
2008-09-05 19:19 . 2008-09-05 19:19	<DIR>	d--------	C:\Program Files\Reference Assemblies
2008-09-05 19:19 . 2008-09-05 19:19	<DIR>	d--------	C:\Program Files\MSBuild
2008-09-05 19:18 . 2006-06-29 13:07	14,048	---------	C:\WINDOWS\system32\spmsg2.dll
2008-09-05 19:01 . 2008-05-01 16:37	331,776	-----c---	C:\WINDOWS\system32\dllcache\msadce.dll
2008-09-05 19:00 . 2008-04-11 21:06	691,712	-----c---	C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-09-05 18:58 . 2008-06-14 19:36	273,024	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-05 18:58 . 2008-05-08 16:02	203,136	-----c---	C:\WINDOWS\system32\dllcache\rmcast.sys
2008-09-05 18:50 . 2008-07-18 22:10	45,768	--a------	C:\WINDOWS\system32\wups2.dll
2008-09-05 18:50 . 2008-07-18 22:10	38,088	--a------	C:\WINDOWS\system32\wucltui.dll.mui
2008-09-05 18:50 . 2008-07-18 22:09	29,896	--a------	C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-09-05 18:50 . 2008-07-18 22:09	29,896	--a------	C:\WINDOWS\system32\wuapi.dll.mui
2008-09-05 18:50 . 2008-07-18 22:09	21,704	--a------	C:\WINDOWS\system32\wuaueng.dll.mui
2008-09-05 18:49 . 2008-09-05 18:49	<DIR>	d--hs----	C:\Documents and Settings\fritzz\UserData
2008-09-05 16:41 . 2008-09-26 22:35	138,280	--a------	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-05 16:41 . 2008-09-26 22:34	111,928	--a------	C:\WINDOWS\system32\PnkBstrB.exe
2008-09-05 16:40 . 2008-09-05 16:40	<DIR>	d--------	C:\WINDOWS\system32\LogFiles
2008-09-05 16:40 . 2008-09-05 16:40	66,872	--a------	C:\WINDOWS\system32\PnkBstrA.exe
2008-09-05 16:27 . 2008-09-05 16:27	<DIR>	d--------	C:\WINDOWS\ServicePackFiles

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 14:08	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-09-07 11:17	25,992	----a-w	C:\WINDOWS\system32\pgdfgsvc.exe
2008-09-05 10:58	---------	d-----w	C:\Documents and Settings\fritzz\Dane aplikacji\Symantec
2008-09-05 10:50	---------	d-----w	C:\Documents and Settings\fritzz\Dane aplikacji\Gadu-Gadu
2008-09-05 10:17	---------	d-----w	C:\Program Files\ESET
2008-09-05 10:17	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-09-05 10:17	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-09-05 10:14	---------	d-----w	C:\Program Files\Symantec
2008-09-05 10:14	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-09-05 10:13	---------	d-----w	C:\Program Files\Norton Ghost
2008-09-05 10:09	---------	d-----w	C:\Program Files\Gadu-Gadu
2008-09-05 09:31	---------	d-----w	C:\Documents and Settings\fritzz\Dane aplikacji\ESET
2008-09-05 09:30	---------	d-----w	C:\Program Files\K-Lite Codec Pack
2008-09-05 09:28	---------	d-----w	C:\Program Files\NT Registry Optimizer
2008-09-05 09:27	---------	d-----w	C:\Program Files\NAPI-PROJEKT
2008-09-05 09:27	---------	d-----w	C:\Program Files\ALLPlayer
2008-09-05 09:26	---------	d-----w	C:\Program Files\MyPortal
2008-09-05 09:24	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-09-05 09:24	---------	d-----w	C:\Program Files\AMD
2008-09-05 09:18	---------	d-----w	C:\Program Files\microsoft frontpage
2008-09-05 09:16	---------	d-----w	C:\Program Files\Usługi online
2008-08-13 15:07	38,112	----a-w	C:\WINDOWS\system32\drivers\v2imount.sys
2008-08-13 14:55	215,144	----a-r	C:\WINDOWS\pw32a.dll
2008-08-13 14:55	215,144	----a-r	C:\WINDOWS\patchw32.dll
2008-08-07 15:31	138,080	----a-w	C:\WINDOWS\system32\drivers\symsnap.sys
2008-08-06 13:45	4,122,112	----a-r	C:\WINDOWS\system32\drivers\alcxwdm.sys
2008-07-25 08:34	81,920	----a-w	C:\WINDOWS\system32\dpl100.dll
2008-07-25 08:34	683,520	----a-w	C:\WINDOWS\system32\divx.dll
2008-07-23 16:50	3,596,288	----a-w	C:\WINDOWS\system32\qt-dx331.dll
2008-07-18 20:10	94,920	----a-w	C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10	53,448	----a-w	C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10	36,552	----a-w	C:\WINDOWS\system32\wups.dll
2008-07-18 20:09	563,912	----a-w	C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09	325,832	----a-w	C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09	205,000	----a-w	C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09	1,811,656	----a-w	C:\WINDOWS\system32\wuaueng.dll
2008-07-18 13:23	290,008	----a-w	C:\WINDOWS\system32\cfosspeed.dll
2008-07-07 20:29	253,952	----a-w	C:\WINDOWS\system32\es.dll
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedX"="C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 46718]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-04-26 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-04-26 13529088]
"Norton Ghost 14.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2008-08-13 2245984]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Diagnostic"="C:\WINDOWS\diagnostic.exe" [2008-08-27 594959]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"a-winpoet-service"="C:\Program Files\DialNet\winpppoverethernet.exe" [2007-07-06 405504]
"z-WrDialer"="C:\Program Files\DialNet\wrdialer.exe" [2007-07-11 561152]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-06-15 229376]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.11\RivaTuner.exe" [2008-09-16 2715648]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2008-04-26 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoAutoTrayNotify"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 1 (0x1)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 14:11 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 JAHCI;JAHCI;C:\WINDOWS\system32\DRIVERS\JAHCI.sys [2005-05-12 29696]
R0 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 51840]
R0 uliagpkx;ULi AGP Bus Filter Driver;C:\WINDOWS\system32\DRIVERS\agpkx.sys [2005-05-03 45056]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys [2007-07-04 52214]
R3 FPD;Fine Point Packet Service;C:\WINDOWS\system32\drivers\fpd.sys [2007-07-04 30336]
R3 SymSnapService;SymSnapService;C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2008-08-07 1558000]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 28672]
R3 WrKPoET2000;WrKPoET2000;C:\Program Files\DialNet\WrKPoET2000.sys [2007-07-04 52214]
R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys [2007-07-04 65604]
S3 RT2400;RT2400 Wireless Driver;C:\WINDOWS\system32\DRIVERS\RT2400.sys [2004-03-01 62848]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

*Newly Created Service* - NPKCRYPT
*Newly Created Service* - PROCEXP90
.
- - - - USUNIĘTO PUSTE WPISY - - - -

MSConfigStartUp-DriverUpdaterPro - C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe


.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\fritzz\Dane aplikacji\Mozilla\Firefox\Profiles\5bw4iuoc.default\
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2008-09-27 11:41:55
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-09-27 11:42:35
ComboFix-quarantined-files.txt  2008-09-27 09:42:29

Przed: 16˙372˙903˙936 bajt˘w wolnych
Po: 16,418,136,064 bajt˘w wolnych

270	--- E O F ---	2008-09-10 12:36:37

0

Do góry

#2 wncvirus

Leń !

851 postów

Napisano 29 09 2008 - 00:13

co do loga hjt.

Odpal hjt wybierz opcję do a system scan only.Zrobi Ci się loga i zaznacz kwadraty obok poniższego wpisu i daj fix

F3 - REG:win.ini: run=
O4 - HKLM\..\Run: [diagnostic] C:\Windows\system32\diagnostic.exe

i do tego usuń plik zaznaczony na czerwono np killboxem.

Co do loga combofix: nic ciekawergo nie widze.

0

Do góry

Wróć do Bezpieczeństwo (wirusy i trojany)

Użytkownicy przeglądający ten temat: 1

0 użytkowników, 1 gości, 0 anonimowych

Logi - Coś zwalnia komputer

#1 timmy

#2 wncvirus

Użytkownicy przeglądający ten temat: 1

Zaloguj się