Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

Logi - Komputer strasznie tnie

Rozpoczęty przez fritzz , 01 12 2008 20:09

Temat jest zamknięty

4 odpowiedzi w tym temacie

#1 fritzz

Początkujący

33 postów

Napisano 01 12 2008 - 20:09

witam. strasznie mi tnie neta,kompa mam eset smart security i malwarebytes anti malware

o to logi

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:31, on 2008-12-01
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\DialNet\winpppoverethernet.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
D:\Program Files\DNA\btdna.exe
D:\Documents and Settings\fritzz\Pulpit\etmin.exe
D:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\DialNet\WrOS.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
E:\Program Files\mIRC\mirc.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [a-winpoet-service] "D:\Program Files\DialNet\winpppoverethernet.exe"
O4 - HKLM\..\Run: [z-WrDialer] "D:\Program Files\DialNet\wrdialer.exe"
O4 - HKLM\..\Run: [ULiRaid5289] D:\Program Files\ULI5289\ULi5289.exe
O4 - HKLM\..\Run: [ULiRaid] D:\Program Files\ULiRaid\ULiRaid.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [SpeedX] D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "D:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{657D2BFF-0D95-45B2-B03C-7D70FDCE4372}: NameServer = 217.30.129.149 217.30.137.200
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - D:\Program Files\DialNet\WrOS.EXE

--
End of file - 4067 bytes

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpeedX" = "D:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" ["MyPortal.pl"]
"BitTorrent DNA" = ""D:\Program Files\DNA\btdna.exe"" ["BitTorrent, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IMJPMIG8.1" = ""D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"PHIME2002ASync" = "D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"egui" = ""D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice" ["ESET"]
"a-winpoet-service" = ""D:\Program Files\DialNet\winpppoverethernet.exe"" ["Fine Point Technologies, Inc."]
"z-WrDialer" = ""D:\Program Files\DialNet\wrdialer.exe"" ["Fine Point Technologies, Inc."]
"ULiRaid5289" = "D:\Program Files\ULI5289\ULi5289.exe" ["ALi Corporation"]
"ULiRaid" = "D:\Program Files\ULiRaid\ULiRaid.exe" ["ULi Electronics Inc."]
"RivaTunerStartupDaemon" = ""D:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S" [empty string]
"NvCplDaemon" = "RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
"NvMediaCenter" = "RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "D:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
-> {HKLM...CLSID} = "IE Microsoft AutoComplete"
\InProcServer32\(Default) = "D:\WINDOWS\system32\browseui.dll" [MS]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
-> {HKLM...CLSID} = "History Band"
\InProcServer32\(Default) = "D:\WINDOWS\system32\SHDOCVW.DLL" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension"
-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\ESET\ESET Smart Security\shellExt.dll" ["ESET"]
"{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2}" = "NeroCoverEd Live Icons"
-> {HKLM...CLSID} = "NeroCoverEdLiveIcons Class"
\InProcServer32\(Default) = "D:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
"{1CA6BBC9-E9FA-4021-822B-075DF1837B63}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll" ["Nero AG"]
"{846083A4-BFC6-4447-985C-6578B466A7D7}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll" ["Nero AG"]
"{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B}" = "NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll" ["Nero AG"]
"{4FBFFA8D-F390-471a-AE46-FEB93623AD63}" = "NeroDigitalInfoHandler"
-> {HKLM...CLSID} = "NeroDigitalInfoHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll" ["Nero AG"]
"{EDCC595A-F0EE-4d81-B554-D5D01C7AFB87}" = "NeroDigitalThumbnailHandler"
-> {HKLM...CLSID} = "NeroDigitalThumbnailHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll" ["Nero AG"]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
-> {HKLM...CLSID} = "DesktopContext Class"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
-> {HKLM...CLSID} = "NVIDIA CPL Extension"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
-> {HKLM...CLSID} = "nView Desktop Context Menu"
\InProcServer32\(Default) = "D:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"pgdfgsvc D 1" ["Sysinternals - www.sysinternals.com"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> dimsntfy\DLLName = "D:\WINDOWS\System32\dimsntfy.dll" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "D:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll" ["Nero AG"]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Cover Designer\(Default) = "{73FCA462-9BD5-4065-A73F-A8E5F6904EF7}"
-> {HKLM...CLSID} = "NeroCoverEdContextMenu Class"
\InProcServer32\(Default) = "D:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll" ["Nero AG"]
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\ESET\ESET Smart Security\shellExt.dll" ["ESET"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
-> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension"
\InProcServer32\(Default) = "D:\Program Files\ESET\ESET Smart Security\shellExt.dll" ["ESET"]
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "D:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" ["Alexander Roshal"]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "D:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoSMBalloonTip" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoSaveSettings" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Desktop|
Don't save settings at exit}

"NoRecentDocsHistory" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"CDRAutoRun" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoLowDiskSpaceChecks" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"MemCheckBoxInRunDlg" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoClose" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoAutoTrayNotify" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoResolveTrack" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoResolveSearch" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"LinkResolveIgnoreLinkInfo" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoStartBanner" = (REG_BINARY) hex:01 00 00 00
{Remove "Click here to begin" from Start button}

"NoWelcomeScreen" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoRecentDocsNetHood" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoDesktopCleanupWizard" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoSharedDocuments" = (REG_DWORD) dword:0x00000001
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Remove Shared Documents from My Computer}

"NoThemesTab" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoRemoteRecursiveEvents" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoStrCmpLogical" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"NoClose" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"NoDispAppearancePage" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoColorChoice" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoDispBackgroundPage" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Hide Desktop tab}

"NoDispCPL" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|Control Panel|Display|
Remove Display in Control Panel}

"NoDispSettingsPage" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoDispScrSavPage" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoVisualStyleChoice" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"NoSizeChoice" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

"NoUpdateCheck" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"SynchronousMachineGroupPolicy" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"SynchronousUserGroupPolicy" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "D:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "D:\Documents and Settings\fritzz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "D:\WINDOWS\System32\logon.scr" [MS]

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

MPCPlayCDAudioOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayCDAudio"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""D:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["Gabest"]

MPCPlayDVDMovieOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayDVDMovie"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""D:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["Gabest"]

MPCPlayMusicFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayMusicFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""D:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

MPCPlayVideoFilesOnArrival\
"Provider" = "Media Player Classic"
"InvokeProgID" = "MediaPlayerClassic.Autorun"
"InvokeVerb" = "PlayVideoFiles"
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""D:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["Gabest"]

MSPlayCDAudioOnArrival\
"Provider" = "ALLPlayer"
"InvokeProgID" = "AllPlayerFile"
"InvokeVerb" = "play"
HKCU\Software\Classes\AllPlayerFile\shell\play\command\(Default) = ""D:\Program Files\ALLPlayer\ALLPlayer.exe" "%1"" ["ALLPlayer"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "D:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Eset Service, ekrn, ""D:\Program Files\ESET\ESET Smart Security\ekrn.exe"" ["ESET"]
Nero BackItUp Scheduler 4.0, Nero BackItUp Scheduler 4.0, "D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe" ["Nero AG"]
NVIDIA Display Driver Service, NVSvc, "D:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
PnkBstrA, PnkBstrA, "D:\WINDOWS\system32\PnkBstrA.exe" [null data]
PnkBstrB, PnkBstrB, "D:\WINDOWS\system32\PnkBstrB.exe" [null data]
WinPPPoverEthernet, WinPPPoverEthernet, "D:\Program Files\DialNet\WrOS.EXE" ["Fine Point Technologies, Inc."]

---------- (launch time: 2008-12-01 19:04:28)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 29 seconds.
---------- (total run time: 68 seconds)

ComboFix 08-11-30.02 - fritzz 2008-12-01 19:07:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.705 [GMT 1:00]
Uruchomiony z: E:\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\system32\_000006_.tmp.dll
d:\windows\system32\install.exe

.
((((((((((((((((((((((((( Pliki utworzone od 2008-11-01 do 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-12-01 18:58 . 2008-12-01 18:58 <DIR> d-------- d:\program files\Trend Micro
2008-11-28 16:37 . 2008-11-28 16:38 <DIR> d-------- d:\windows\nview
2008-11-28 16:37 . 2006-10-22 12:22 208,896 --a------ d:\windows\system32\nvudisp.exe
2008-11-28 16:37 . 2008-12-01 17:31 88,566 --a------ d:\windows\system32\nvapps.xml
2008-11-28 16:37 . 2006-10-22 12:22 17,056 --a------ d:\windows\system32\nvdisp.nvu
2008-11-28 16:36 . 2006-10-22 15:06 208,896 --a------ d:\windows\system32\NVUNINST.EXE
2008-11-28 16:17 . 2008-11-28 16:17 <DIR> d-------- d:\program files\RivaTuner v2.09
2008-11-28 15:36 . 2008-11-30 20:21 <DIR> d-------- d:\documents and settings\fritzz\Dane aplikacji\Nero
2008-11-28 15:23 . 2008-11-28 15:23 4,767 --a------ d:\windows\Irremote.ini
2008-11-28 15:21 . 2008-11-28 15:21 <DIR> d-------- d:\program files\Windows Sidebar
2008-11-28 15:10 . 2008-11-28 15:22 <DIR> d-------- d:\program files\Nero
2008-11-28 15:10 . 2008-11-28 15:17 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\Nero
2008-11-28 15:09 . 2008-11-28 15:23 <DIR> d-------- d:\program files\Common Files\Nero
2008-11-28 14:46 . 2005-10-25 11:35 33,280 -ra------ d:\windows\system32\drivers\JAHCI.sys
2008-11-28 14:46 . 2005-05-12 21:19 7,680 -ra------ d:\windows\system32\drivers\JGOGO.sys
2008-11-28 14:36 . 2008-11-28 14:36 <DIR> d-------- d:\program files\ULi5289
2008-11-28 14:36 . 2005-09-07 17:40 84,471 --a------ d:\windows\system32\drivers\AliEhci.sys
2008-11-28 14:36 . 2001-11-13 21:24 35,587 --a------ d:\windows\system32\rmusb20.EXE
2008-11-28 14:36 . 2001-11-13 21:24 35,587 --a------ d:\windows\system32\rm5289.exe
2008-11-28 14:36 . 2005-09-07 17:41 32,118 --a------ d:\windows\system32\drivers\AliHub.sys
2008-11-28 14:36 . 2006-03-09 22:02 24,415 --a------ d:\windows\system32\unM5289.exe
2008-11-28 14:36 . 2006-03-01 11:46 23,498 --a------ d:\windows\system32\Unusb20.exe
2008-11-28 14:36 . 2000-01-07 15:20 12,288 --a------ d:\windows\system32\PCIVP.SYS
2008-11-28 14:36 . 2005-09-07 17:41 9,658 --a------ d:\windows\system32\drivers\AliGP.sys
2008-11-28 14:36 . 2005-09-07 17:43 5,304 --a------ d:\windows\system32\drivers\AliRtHub.sys
2008-11-28 14:18 . 2008-11-28 14:18 <DIR> d-------- d:\program files\PC Drivers HeadQuarters
2008-11-28 14:10 . 2008-11-28 14:10 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\PC Drivers Headquarters
2008-11-28 00:50 . 2008-11-28 00:50 <DIR> d-------- d:\program files\MSBuild
2008-11-28 00:49 . 2008-11-28 00:49 <DIR> d-------- d:\windows\system32\XPSViewer
2008-11-28 00:49 . 2008-11-28 00:49 <DIR> d-------- d:\program files\Reference Assemblies
2008-11-28 00:49 . 2006-06-29 13:07 14,048 --------- d:\windows\system32\spmsg2.dll
2008-11-27 19:54 . 2008-12-01 19:06 <DIR> d-------- d:\documents and settings\fritzz\Dane aplikacji\mIRC
2008-11-27 19:13 . 2008-11-27 19:13 <DIR> d-------- d:\documents and settings\All Users\Dane aplikacji\NVIDIA
2008-11-27 16:29 . 2008-11-27 16:31 <DIR> d-------- d:\program files\Unlocker
2008-11-27 16:29 . 2008-11-30 19:00 <DIR> d-------- d:\documents and settings\fritzz\Dane aplikacji\Desktopicon
2008-11-27 16:23 . 2008-12-01 18:08 201,440 --a------ d:\windows\system32\PnkBstrB.exe
2008-11-27 16:23 . 2008-12-01 18:09 138,512 --a------ d:\windows\system32\drivers\PnkBstrK.sys
2008-11-27 16:22 . 2008-11-27 16:22 <DIR> d-------- d:\windows\system32\LogFiles
2008-11-27 16:22 . 2008-11-27 19:16 66,872 --a------ d:\windows\system32\PnkBstrA.exe
2008-11-27 16:05 . 2008-11-27 16:05 <DIR> d-------- d:\windows\system32\Lang
2008-11-27 16:05 . 2008-11-27 16:05 <DIR> d-------- d:\documents and settings\fritzz\Dane aplikacji\Media Player Classic
2008-11-27 16:05 . 2008-11-27 16:05 940,794 --a------ d:\windows\system32\LoopyMusic.wav
2008-11-27 16:05 . 2008-11-27 16:05 146,650 --a------ d:\windows\system32\BuzzingBee.wav
2008-11-27 16:05 . 2008-12-01 18:07 60,416 --a------ d:\windows\ALCFDRTM.VER
2008-11-27 16:05 . 2008-11-27 16:05 60,416 --a------ d:\windows\ALCFDRTM.EXE

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 18:01 --------- d-----w d:\documents and settings\fritzz\Dane aplikacji\DNA
2008-12-01 16:32 --------- d-----w d:\program files\DialNet
2008-12-01 16:31 --------- d-----w d:\program files\DNA
2008-11-28 13:46 --------- d-----w d:\program files\ULiRaid
2008-11-28 13:36 --------- d--h--w d:\program files\InstallShield Installation Information
2008-11-27 14:55 --------- d-----w d:\program files\PC Washer
2008-11-27 14:54 --------- d-----w d:\documents and settings\fritzz\Dane aplikacji\BitTorrent
2008-11-27 14:53 --------- d-----w d:\program files\Malwarebytes' Anti-Malware
2008-11-27 14:48 --------- d-----w d:\program files\BitTorrent
2008-11-27 14:39 --------- d-----w d:\documents and settings\fritzz\Dane aplikacji\teamspeak2
2008-11-27 14:26 --------- d-----w d:\program files\DIFX
2008-11-27 14:25 --------- d-----w d:\program files\Common Files\InstallShield
2008-11-27 13:51 --------- d-----w d:\program files\NT Registry Optimizer
2008-11-27 13:50 --------- d-----w d:\program files\MyPortal
2008-11-27 13:44 --------- d-----w d:\documents and settings\fritzz\Dane aplikacji\InstallShield
2008-11-27 13:40 --------- d-----w d:\program files\Auslogics
2008-11-27 13:40 --------- d-----w d:\documents and settings\fritzz\Dane aplikacji\Malwarebytes
2008-11-27 13:40 --------- d-----w d:\documents and settings\fritzz\Dane aplikacji\ESET
2008-11-27 13:40 --------- d-----w d:\documents and settings\fritzz\Dane aplikacji\Auslogics
2008-11-27 13:39 717,296 ----a-w d:\windows\system32\drivers\sptd.sys
2008-11-27 13:39 --------- d-----w d:\program files\ESET
2008-11-27 13:39 --------- d-----w d:\documents and settings\fritzz\Dane aplikacji\DAEMON Tools
2008-11-27 13:39 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\Malwarebytes
2008-11-27 13:39 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\ESET
2008-11-27 13:38 25,992 ----a-w d:\windows\system32\pgdfgsvc.exe
2008-11-27 13:38 --------- d-----w d:\program files\Realtek AC97
2008-11-27 13:38 --------- d-----w d:\documents and settings\fritzz\Dane aplikacji\Gadu-Gadu
2008-11-27 13:37 --------- d-----w d:\program files\K-Lite Codec Pack
2008-11-27 13:37 --------- d-----w d:\program files\Gadu-Gadu
2008-11-27 13:35 --------- d-----w d:\program files\NAPI-PROJEKT
2008-11-27 13:35 --------- d-----w d:\program files\ALLPlayer
2008-11-27 13:22 --------- d-----w d:\program files\microsoft frontpage
2008-11-27 13:20 --------- d-----w d:\program files\Usługi online
2008-11-10 21:17 2,296,339 ----a-w d:\windows\system32\x264vfw.dll
2008-11-02 14:02 7,680 ----a-w d:\windows\system32\ff_vfw.dll
2008-10-28 22:35 684,032 ----a-w d:\windows\system32\divx.dll
2008-10-27 09:04 70,992 ----a-w d:\windows\system32\XAPOFX1_2.dll
2008-10-27 09:04 514,384 ----a-w d:\windows\system32\XAudio2_3.dll
2008-10-27 09:04 235,856 ----a-w d:\windows\system32\xactengine3_3.dll
2008-10-27 09:04 23,376 ----a-w d:\windows\system32\X3DAudio1_5.dll
2008-10-22 15:10 38,496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w d:\windows\system32\drivers\mbam.sys
2008-10-16 13:13 202,776 ----a-w d:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w d:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w d:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w d:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w d:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w d:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w d:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w d:\windows\system32\wups.dll
2008-10-10 03:52 452,440 ----a-w d:\windows\system32\d3dx10_40.dll
2008-10-10 03:52 4,379,984 ----a-w d:\windows\system32\D3DX9_40.dll
2008-10-10 03:52 2,036,576 ----a-w d:\windows\system32\D3DCompiler_40.dll
2008-09-25 08:03 81,920 ----a-w d:\windows\system32\dpl100.dll
2008-09-19 21:57 3,596,288 ----a-w d:\windows\system32\qt-dx331.dll
2008-09-15 15:27 1,846,656 ----a-w d:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedX"="d:\progra~1\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 46718]
"BitTorrent DNA"="d:\program files\DNA\btdna.exe" [2008-11-27 342336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="d:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"PHIME2002ASync"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"egui"="d:\program files\ESET\ESET Smart Security\egui.exe" [2008-06-10 1447168]
"a-winpoet-service"="d:\program files\DialNet\winpppoverethernet.exe" [2007-07-06 405504]
"z-WrDialer"="d:\program files\DialNet\wrdialer.exe" [2007-07-11 561152]
"ULiRaid5289"="d:\program files\ULI5289\ULi5289.exe" [2005-06-07 409600]
"ULiRaid"="d:\program files\ULiRaid\ULiRaid.exe" [2006-05-12 630784]
"RivaTunerStartupDaemon"="d:\program files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 2707456]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 d:\windows\soundman.exe]
"nwiz"="nwiz.exe" [2006-10-22 d:\windows\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\The All-Seeing Eye\\eye.exe"=

R0 JAHCI;JAHCI;d:\windows\system32\DRIVERS\JAHCI.sys [2008-11-28 33280]
R0 m5289;m5289;d:\windows\system32\DRIVERS\m5289.sys [2008-11-27 52480]
R0 uliagpkx;ULi AGP Bus Filter Driver;d:\windows\system32\DRIVERS\agpkx.sys [2008-11-27 45056]
R2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;d:\windows\system32\Drivers\ALIEHCI.sys [2008-11-28 84471]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;d:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;d:\windows\system32\DRIVERS\WrKPoET2000.sys [2008-11-27 52214]
R3 aliroothub;USB 2.0 Root Hub;d:\windows\system32\DRIVERS\AliRtHub.sys [2008-11-28 5304]
R3 FPD;Fine Point Packet Service;\??\d:\windows\system32\drivers\fpd.sys [2008-11-27 30336]
R3 ULI5261XP;ULi M526X Ethernet NT Driver;d:\windows\system32\DRIVERS\ULILAN51.SYS [2008-11-27 28672]
R3 WrKPoET2000;WrKPoET2000;\??\d:\program files\DialNet\WrKPoET2000.sys [2008-11-27 52214]
R3 WRSWanDD;WinPoET PPPoE Adapter;d:\windows\system32\DRIVERS\WrKPoETNic2000.sys [2008-11-27 65604]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\bot\NtProcDrv.sys [2008-11-27 3584]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4d12f2c-9630-11dd-a9d5-00138f68a4f5}]
\Shell\AutoRun\command - G:\autoplay.exe

*Newly Created Service* - PNKBSTRB
*Newly Created Service* - PROCEXP90
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - d:\documents and settings\fritzz\Dane aplikacji\Mozilla\Firefox\Profiles\lpqbsnnu.default\
FF -: plugin - d:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - d:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 19:08:12
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-12-01 19:08:45
ComboFix-quarantined-files.txt 2008-12-01 18:08:33

Przed: 93 042 950 144 bajtów wolnych
Po: 93,058,801,664 bajtów wolnych

211 --- E O F --- 2008-11-28 15:20:33

0

Do góry

#2 ordynat

Zaawansowany użytkownik

804 postów

Napisano 01 12 2008 - 20:23

W tych wszystkich logach nie widać żadnej infekcji.

ordynat

0

Do góry

#3 Lich-koś

Who doesn't like chocolate rain?

126 postów

Napisano 02 12 2008 - 16:23

Może czas na formata albo defragmentację?

0

Do góry

#4 fritzz

Początkujący

33 postów

Napisano 02 12 2008 - 17:24

formata robilem 4 dni temu defregramentacje wczoraj

0

Do góry

#5 Trivelt

Unix fan

406 postów

Napisano 08 12 2008 - 17:08

Skoro net wolno chodzi to może jest to raczej wina Twojego providera, Zreszta jak przy tym np. korzystasz z torrentów to nie ma czym się dziwić. Co do komputera (a raczej systemu operacyjnego) który się tnie, to podaj jego parametry, słaby komp przepełniony zbędnymi aplikacjami słabo sobie radzi,

Może czas na formata albo defragmentację?

Może skończmy z poradami typu "sformatuj sobie dysk". Jeśli nie umiesz rozwiązać problemu lepiej nie pisz nic. Dobrze zarządzany system nie wymaga regularnego formatowania dysku przykładowo co pół roku, tylko w wyjątkowych krytycznych sytuacjach. ; ]