Log z combofixa, komputer cały czas pracuje, spowolnił

**Posty:** 3 · przez **WielkiSiurak** 24 Sty 2009, 11:27

Kod: Zaznacz wszystko: ComboFix 09-01-21.04 - Adrian 2009-01-24 10:14:05.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1023.702 [GMT 1:00] Uruchomiony z: d:\downloads\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090123-0] *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ISODRIVE -------\Service_ISODrive ((((((((((((((((((((((((( Pliki utworzone od 2008-12-24 do 2009-01-24 ))))))))))))))))))))))))))))))) . 2009-01-24 09:08 . 2009-01-24 09:08 <DIR> d-------- c:\program files\Deep Silver 2009-01-24 08:37 . 2009-01-24 08:37 <DIR> d-------- c:\program files\THQ 2009-01-23 20:24 . 2009-01-23 20:24 <DIR> d-------- c:\program files\GameSpy 2009-01-23 20:23 . 2009-01-23 20:23 <DIR> d-------- c:\windows\system32\URTTEMP 2009-01-23 20:04 . 2009-01-23 20:04 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2009-01-23 20:04 . 2009-01-23 20:04 22,328 --a------ c:\documents and settings\Adrian\Dane aplikacji\PnkBstrK.sys 2009-01-23 20:03 . 2009-01-23 20:03 <DIR> d-------- c:\windows\system32\LogFiles 2009-01-23 20:03 . 2009-01-23 20:03 669,184 --a------ c:\windows\system32\pbsvc.exe 2009-01-23 20:03 . 2009-01-23 20:03 103,736 --a------ c:\windows\system32\PnkBstrB.exe 2009-01-23 20:03 . 2009-01-23 20:03 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2009-01-23 19:51 . 2009-01-23 19:51 <DIR> d-------- c:\program files\Electronic Arts 2009-01-23 18:51 . 2009-01-23 18:51 <DIR> d-------- c:\program files\Dzielenie i laczenie plikow 2009-01-23 15:57 . 2009-01-23 15:57 <DIR> d-------- c:\program files\Elektrogames 2009-01-20 14:43 . 2009-01-20 14:43 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\Disney Interactive Studios 2009-01-20 14:38 . 2009-01-20 14:38 278,984 --a------ c:\windows\system32\drivers\atksgt.sys 2009-01-20 14:38 . 2009-01-20 14:38 25,416 --a------ c:\windows\system32\drivers\lirsgt.sys 2009-01-20 14:31 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys 2009-01-20 14:31 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys 2009-01-20 14:23 . 2009-01-20 16:54 <DIR> d-------- c:\program files\Wied«min 2009-01-20 14:03 . 2009-01-20 14:03 <DIR> d-------- c:\program files\Disney Interactive Studios 2009-01-20 14:02 . 2009-01-20 14:02 <DIR> d-------- c:\windows\Logs 2009-01-20 14:01 . 2009-01-20 14:18 994 --a------ c:\windows\disney.ini 2009-01-18 19:38 . 2009-01-18 19:39 <DIR> d-------- c:\windows\system32\XPSViewer 2009-01-18 19:38 . 2009-01-18 19:38 <DIR> d-------- c:\program files\Reference Assemblies 2009-01-18 19:37 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2009-01-18 19:24 . 2009-01-18 19:24 <DIR> d-------- c:\program files\FotkaPRO 2009-01-18 18:43 . 2009-01-18 18:43 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\HP 2009-01-18 18:43 . 2009-01-18 18:43 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\HP 2009-01-18 18:41 . 2009-01-18 18:42 <DIR> d-------- c:\program files\Common Files\HP 2009-01-18 18:40 . 2009-01-18 18:40 <DIR> d-------- c:\program files\Hewlett-Packard 2009-01-18 18:39 . 2009-01-18 18:39 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard 2009-01-18 18:39 . 2006-04-13 01:04 49,664 -ra------ c:\windows\system32\drivers\HPZid412.sys 2009-01-18 18:39 . 2006-04-13 01:04 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys 2009-01-18 18:38 . 2006-01-04 10:12 77,824 -ra------ c:\windows\system32\HPZIDS01.dll 2009-01-18 18:38 . 2006-04-10 14:03 38,400 --a------ c:\windows\system32\hpz3l054.dll 2009-01-18 18:38 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-01-18 18:38 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2009-01-18 18:37 . 2009-01-18 18:42 <DIR> d-------- c:\program files\HP 2009-01-18 18:37 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2009-01-18 18:37 . 2006-03-03 21:03 282,680 --a------ c:\windows\system32\HPZidr12.dll 2009-01-18 18:37 . 2006-03-03 21:02 204,800 --a------ c:\windows\system32\HPZipr12.dll 2009-01-18 18:37 . 2006-03-03 21:02 94,208 --a------ c:\windows\system32\HPZipt12.dll 2009-01-18 18:37 . 2006-03-03 21:03 69,632 --a------ c:\windows\system32\HPZipm12.exe 2009-01-18 18:37 . 2006-03-03 21:03 65,536 --a------ c:\windows\system32\HPZinw12.exe 2009-01-18 18:37 . 2006-03-03 21:02 57,344 --a------ c:\windows\system32\HPZisn12.dll 2009-01-18 18:33 . 2009-01-18 18:52 119,767 --a------ c:\windows\hpoins11.dat 2009-01-17 15:55 . 2009-01-17 15:55 <DIR> d-------- c:\program files\Alcohol Soft 2009-01-17 13:43 . 2009-01-17 13:43 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\Sports Interactive 2009-01-17 13:12 . 2009-01-17 13:12 <DIR> dr-h----- c:\documents and settings\Adrian\Dane aplikacji\SecuROM 2009-01-17 13:12 . 2009-01-17 13:12 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2009-01-17 13:09 . 2009-01-17 13:11 <DIR> d--h----- c:\program files\Zero G Registry 2009-01-17 13:09 . 2009-01-17 13:09 <DIR> d-------- c:\program files\Sports Interactive 2009-01-17 13:09 . 2009-01-17 13:09 <DIR> d--h----- c:\documents and settings\Adrian\InstallAnywhere 2009-01-17 13:07 . 2009-01-17 20:44 <DIR> d-------- c:\program files\ChomikBox 2009-01-14 21:00 . 2009-01-14 21:00 <DIR> d-------- c:\program files\SEGA 2009-01-14 18:22 . 2009-01-14 18:22 <DIR> d-------- c:\program files\Maxis 2009-01-14 18:22 . 2009-01-14 18:22 535 --a------ c:\windows\eReg.dat 2009-01-14 17:21 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-01-14 17:20 . 2009-01-18 19:38 <DIR> d-------- c:\program files\MSBuild 2009-01-14 17:20 . 2009-01-14 17:20 <DIR> d-------- c:\program files\Microsoft Works 2009-01-14 17:16 . 2009-01-14 17:20 <DIR> d-------- c:\windows\SHELLNEW 2009-01-14 17:16 . 2009-01-14 17:16 <DIR> dr-h----- C:\MSOCache 2009-01-14 17:16 . 2009-01-14 17:22 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-01-10 09:36 . 2009-01-10 09:36 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Age of Empires 3 2009-01-10 09:02 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll 2009-01-10 08:57 . 2009-01-10 08:57 <DIR> d-------- c:\program files\Microsoft Games 2009-01-07 15:42 . 2009-01-07 15:42 <DIR> d-------- c:\program files\Jufsoft 2009-01-06 20:26 . 2009-01-06 20:26 <DIR> d-------- c:\program files\Common Files\Adobe 2009-01-04 13:03 . 2009-01-04 13:03 241 --a------ c:\windows\RomeTW.ini 2009-01-04 12:42 . 2009-01-04 12:42 <DIR> d-------- c:\program files\Activision 2009-01-04 09:58 . 2009-01-04 09:59 <DIR> d-------- c:\program files\UltraISO 2009-01-04 09:58 . 2009-01-04 09:58 <DIR> d-------- c:\program files\Common Files\EZB Systems 2009-01-03 21:51 . 2009-01-03 21:51 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\NVIDIA 2009-01-03 21:47 . 2009-01-22 21:31 116 --a------ c:\windows\NeroDigital.ini 2009-01-03 21:46 . 2009-01-03 21:46 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\Media Player Classic 2009-01-03 20:55 . 2009-01-03 21:02 <DIR> d-------- c:\program files\Common Files\LightScribe 2009-01-03 20:55 . 2005-04-20 12:32 2,916,352 --------- c:\windows\UNNMP.exe 2009-01-03 20:55 . 2006-05-23 17:30 47,894 --------- c:\windows\UNNMP.cfg 2009-01-03 20:54 . 2006-01-12 16:40 155,648 --a------ c:\windows\system32\NeroCheck.exe 2009-01-03 20:53 . 2009-01-03 20:53 <DIR> d-------- c:\program files\Common Files\Nero 2009-01-03 20:51 . 2009-01-03 20:51 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Ahead 2009-01-03 20:51 . 2005-07-29 16:12 2,977,792 --------- c:\windows\UNNeroVision.exe 2009-01-03 20:51 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll 2009-01-03 20:51 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll 2009-01-03 20:51 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll 2009-01-03 20:51 . 2004-07-09 09:43 364,544 --------- c:\windows\system32\TwnLib4.dll 2009-01-03 20:51 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll 2009-01-03 20:51 . 2006-05-23 17:30 179,288 --------- c:\windows\UNNeroVision.cfg 2009-01-03 20:51 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll 2009-01-03 20:51 . 2001-06-26 08:15 38,912 --------- c:\windows\system32\picn20.dll 2009-01-03 20:51 . 2001-03-08 19:30 24,064 --------- c:\windows\system32\msxml3a.dll 2009-01-03 20:50 . 2009-01-03 20:50 <DIR> d-------- c:\program files\Common Files\Ahead 2009-01-03 20:50 . 2009-01-03 20:55 <DIR> d-------- c:\program files\Ahead 2009-01-03 20:35 . 2009-01-23 14:28 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\DAEMON Tools Pro 2009-01-03 20:35 . 2009-01-03 20:35 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\DAEMON Tools 2009-01-03 20:34 . 2009-01-03 20:34 <DIR> d-------- c:\program files\DAEMON Tools Toolbar 2009-01-03 20:34 . 2009-01-03 20:34 <DIR> d-------- c:\program files\DAEMON Tools Lite 2009-01-03 20:34 . 2009-01-03 20:34 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2009-01-03 20:31 . 2009-01-03 20:36 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\DAEMON Tools Lite 2009-01-03 20:31 . 2009-01-03 20:31 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2009-01-03 20:30 . 2009-01-04 19:52 <DIR> d-------- c:\program files\Screamer Radio 2009-01-03 19:25 . 2009-01-17 20:42 <DIR> d-------- C:\Downloads 2009-01-03 19:21 . 2009-01-03 19:21 <DIR> d-------- c:\program files\Software Informer 2009-01-03 19:21 . 2009-01-03 19:21 <DIR> d-------- c:\program files\Free Download Manager 2009-01-03 19:21 . 2009-01-03 19:21 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\FreeDownloadManager.ORG 2009-01-03 19:21 . 2009-01-03 19:24 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\Software Informer 2009-01-03 19:21 . 2009-01-24 10:11 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\Free Download Manager 2009-01-03 17:42 . 2009-01-03 17:46 <DIR> d-------- c:\program files\Km TPR 2009-01-03 16:56 . 2009-01-03 16:56 <DIR> d-------- c:\documents and settings\LocalService\Menu Start 2009-01-03 16:56 . 2009-01-04 13:04 316,640 --a------ c:\windows\WMSysPr9.prx 2009-01-03 16:47 . 2008-04-14 21:45 2,977,792 -----c--- c:\windows\system32\dllcache\wmploc.dll 2009-01-03 16:45 . 2007-08-10 20:53 26,488 --a------ c:\windows\system32\spupdsvc.exe 2009-01-03 16:45 . 2006-12-29 00:31 19,569 --a------ c:\windows\[u]0[/u]02630_.tmp 2009-01-03 16:34 . 2009-01-03 16:34 <DIR> d-------- C:\WUTemp 2009-01-03 16:32 . 2009-01-03 16:32 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-01-03 16:30 . 2009-01-03 16:30 <DIR> d-------- c:\program files\Java 2009-01-03 16:30 . 2009-01-03 16:30 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-03 16:30 . 2009-01-03 16:30 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-03 13:29 . 2009-01-03 13:29 <DIR> d-------- c:\program files\Alwil Software 2009-01-03 13:13 . 2009-01-03 13:37 <DIR> d-------- c:\documents and settings\Adrian\Gadu-Gadu 2009-01-03 13:13 . 2009-01-03 13:13 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\Gadu-Gadu 2009-01-03 13:13 . 2008-04-14 22:50 191,488 --a------ c:\windows\system32\iuengine.dll 2009-01-03 13:13 . 2009-01-24 10:17 81,191 --a------ c:\windows\system32\nvapps.xml 2009-01-03 13:12 . 2009-01-03 13:36 <DIR> d-------- c:\windows\nview 2009-01-03 13:12 . 2009-01-03 13:12 <DIR> d-------- c:\program files\Gadu-Gadu . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-20 15:54 --------- d-----w c:\program files\Wiedźmin 2009-01-20 15:51 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-03 12:05 --------- d-----w c:\program files\Realtek 2009-01-03 10:30 155,995 ----a-w c:\windows\java\Packages\60VTVPF1.ZIP 2009-01-03 10:30 --------- d-----w c:\program files\Intel 2009-01-03 10:27 --------- d-----w c:\documents and settings\Adrian\Dane aplikacji\InstallShield 2009-01-03 10:03 --------- d-----w c:\program files\microsoft frontpage 2009-01-03 10:01 --------- d-----w c:\program files\Usługi online . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544] "Comrade.exe"="c:\program files\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-08-11 7630848] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-08-11 86016] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-03 136600] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"= "c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-03 111184] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-03 20560] R4 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2001-10-26 14336] . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-fsm - (no file) . ------- Skan uzupełniający ------- . IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Pobierz plik wideo we Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Pobierz w Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: Pobierz wszystkie pliki w Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Pobierz zaznaczone w Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-24 10:17:12 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe . ************************************************************************** . Czas ukończenia: 2009-01-24 10:20:17 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-01-24 09:20:14 Przed: 933˙023˙744 bajt˘w wolnych Po: 1,001,848,832 bajt˘w wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 267

**Posty:** 8001 · przez **Okocza** 24 Sty 2009, 13:46

WielkiSiurak, opisz swój problem w temacie.

**Posty:** 3 · przez **WielkiSiurak** 24 Sty 2009, 15:00

Log z combofixa, komputer cały czas pracuje, spowolnił

To chyba wystarczy no nie. Komputer jest już jakiś czas (ok. miesiąc) po sformatowaniu. Jak narazie to instalowałem na nim tylko gry, żadnych wiekszych programów. Wcześniej komputer chodził cicho teraz cały czas pracuje i burczy. Widać wyraźne spowolnienie jego pracy. ;/

**Posty:** 8001 · przez **Okocza** 24 Sty 2009, 15:15

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 3 · przez **WielkiSiurak** 24 Sty 2009, 16:47

Zrobiłem tak jak móiwłeś. Logi podaję w tej samej kolejności.

Log z SDFix

Kod: Zaznacz wszystko: [b]SDFix: Version 1.240 [/b] Run by Administrator on 2009-01-24 at 14:39 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: No Trojan Files Found Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-24 15:04:25 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" "h0"=dword:00000001 "ujdew"=hex:16,f8,91,cf,1a,13,78,99,21,af,02,b7,05,62,99,95,76,0e,c7,c2,f1,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:f6,fc,85,0d,2e,7d,22,08,13,cf,52,22,2a,ce,db,32,b4,b9,9d,c5,b2,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,05,0a,49,89,52,b5,5e,98,45,a0,b0,49,03,85,3c,d0,fb,.. "khjeh"=hex:9f,73,40,fd,30,58,67,48,82,a3,b6,4c,1f,3a,f0,09,51,ad,14,03,12,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:7d,2d,47,0b,0b,eb,ab,67,9d,0f,02,7b,53,2a,f4,90,f6,7e,11,a7,4e,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" "h0"=dword:00000001 "ujdew"=hex:16,f8,91,cf,1a,13,78,99,21,af,02,b7,05,62,99,95,76,0e,c7,c2,f1,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:f6,fc,85,0d,2e,7d,22,08,13,cf,52,22,2a,ce,db,32,b4,b9,9d,c5,b2,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,05,0a,49,89,52,b5,5e,98,45,a0,b0,49,03,85,3c,d0,fb,.. "khjeh"=hex:9f,73,40,fd,30,58,67,48,82,a3,b6,4c,1f,3a,f0,09,51,ad,14,03,12,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:7d,2d,47,0b,0b,eb,ab,67,9d,0f,02,7b,53,2a,f4,90,f6,7e,11,a7,4e,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:0000014a scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs" "C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32" "C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32" "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)" "C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"="C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)" "C:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"="C:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)" "C:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"="C:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: [b]Files with Hidden Attributes [/b]: [b]Finished![/b]

Log z ComboFix

Kod: Zaznacz wszystko: ComboFix 09-01-21.04 - Adrian 2009-01-24 15:40:07.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1023.622 [GMT 1:00] Uruchomiony z: c:\documents and settings\Adrian\Pulpit\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090123-0] *On-access scanning disabled* (Updated) . /wow section - STAGE 21 Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. ((((((((((((((((((((((((( Pliki utworzone od 2008-12-24 do 2009-01-24 ))))))))))))))))))))))))))))))) . 2009-01-24 14:38 . 2009-01-24 14:38 580,096 --a--c--- c:\windows\system32\dllcache\user32.dll 2009-01-24 14:36 . 2009-01-24 14:36 <DIR> d-------- c:\windows\ERUNT 2009-01-24 14:35 . 2009-01-24 14:35 <DIR> d-------- c:\documents and settings\Administrator 2009-01-24 14:31 . 2009-01-24 15:05 <DIR> d-------- C:\SDFix 2009-01-24 09:08 . 2009-01-24 09:08 <DIR> d-------- c:\program files\Deep Silver 2009-01-24 08:37 . 2009-01-24 08:37 <DIR> d-------- c:\program files\THQ 2009-01-23 20:24 . 2009-01-23 20:24 <DIR> d-------- c:\program files\GameSpy 2009-01-23 20:23 . 2009-01-23 20:23 <DIR> d-------- c:\windows\system32\URTTEMP 2009-01-23 20:04 . 2009-01-23 20:04 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys 2009-01-23 20:04 . 2009-01-23 20:04 22,328 --a------ c:\documents and settings\Adrian\Dane aplikacji\PnkBstrK.sys 2009-01-23 20:03 . 2009-01-23 20:03 <DIR> d-------- c:\windows\system32\LogFiles 2009-01-23 20:03 . 2009-01-23 20:03 669,184 --a------ c:\windows\system32\pbsvc.exe 2009-01-23 20:03 . 2009-01-23 20:03 103,736 --a------ c:\windows\system32\PnkBstrB.exe 2009-01-23 20:03 . 2009-01-23 20:03 66,872 --a------ c:\windows\system32\PnkBstrA.exe 2009-01-23 19:51 . 2009-01-23 19:51 <DIR> d-------- c:\program files\Electronic Arts 2009-01-23 18:51 . 2009-01-23 18:51 <DIR> d-------- c:\program files\Dzielenie i laczenie plikow 2009-01-23 15:57 . 2009-01-23 15:57 <DIR> d-------- c:\program files\Elektrogames 2009-01-20 14:43 . 2009-01-20 14:43 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\Disney Interactive Studios 2009-01-20 14:38 . 2009-01-20 14:38 278,984 --a------ c:\windows\system32\drivers\atksgt.sys 2009-01-20 14:38 . 2009-01-20 14:38 25,416 --a------ c:\windows\system32\drivers\lirsgt.sys 2009-01-20 14:31 . 2008-04-14 00:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys 2009-01-20 14:31 . 2008-04-14 00:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys 2009-01-20 14:23 . 2009-01-20 16:54 <DIR> d-------- c:\program files\Wiedźmin 2009-01-20 14:03 . 2009-01-20 14:03 <DIR> d-------- c:\program files\Disney Interactive Studios 2009-01-20 14:02 . 2009-01-20 14:02 <DIR> d-------- c:\windows\Logs 2009-01-20 14:01 . 2009-01-20 14:18 994 --a------ c:\windows\disney.ini 2009-01-18 19:38 . 2009-01-18 19:39 <DIR> d-------- c:\windows\system32\XPSViewer 2009-01-18 19:38 . 2009-01-18 19:38 <DIR> d-------- c:\program files\Reference Assemblies 2009-01-18 19:37 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll 2009-01-18 19:24 . 2009-01-18 19:24 <DIR> d-------- c:\program files\FotkaPRO 2009-01-18 18:43 . 2009-01-18 18:43 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\HP 2009-01-18 18:43 . 2009-01-24 12:21 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\HP 2009-01-18 18:41 . 2009-01-18 18:42 <DIR> d-------- c:\program files\Common Files\HP 2009-01-18 18:40 . 2009-01-18 18:40 <DIR> d-------- c:\program files\Hewlett-Packard 2009-01-18 18:39 . 2009-01-18 18:39 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard 2009-01-18 18:39 . 2006-04-13 01:04 49,664 -ra------ c:\windows\system32\drivers\HPZid412.sys 2009-01-18 18:39 . 2006-04-13 01:04 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys 2009-01-18 18:38 . 2006-01-04 10:12 77,824 -ra------ c:\windows\system32\HPZIDS01.dll 2009-01-18 18:38 . 2006-04-10 14:03 38,400 --a------ c:\windows\system32\hpz3l054.dll 2009-01-18 18:38 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-01-18 18:38 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2009-01-18 18:37 . 2009-01-18 18:42 <DIR> d-------- c:\program files\HP 2009-01-18 18:37 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2009-01-18 18:37 . 2006-03-03 21:03 282,680 --a------ c:\windows\system32\HPZidr12.dll 2009-01-18 18:37 . 2006-03-03 21:02 204,800 --a------ c:\windows\system32\HPZipr12.dll 2009-01-18 18:37 . 2006-03-03 21:02 94,208 --a------ c:\windows\system32\HPZipt12.dll 2009-01-18 18:37 . 2006-03-03 21:03 69,632 --a------ c:\windows\system32\HPZipm12.exe 2009-01-18 18:37 . 2006-03-03 21:03 65,536 --a------ c:\windows\system32\HPZinw12.exe 2009-01-18 18:37 . 2006-03-03 21:02 57,344 --a------ c:\windows\system32\HPZisn12.dll 2009-01-18 18:33 . 2009-01-18 18:52 119,767 --a------ c:\windows\hpoins11.dat 2009-01-17 15:55 . 2009-01-17 15:55 <DIR> d-------- c:\program files\Alcohol Soft 2009-01-17 13:43 . 2009-01-17 13:43 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\Sports Interactive 2009-01-17 13:12 . 2009-01-17 13:12 <DIR> dr-h----- c:\documents and settings\Adrian\Dane aplikacji\SecuROM 2009-01-17 13:12 . 2009-01-17 13:12 107,888 --a------ c:\windows\system32\CmdLineExt.dll 2009-01-17 13:09 . 2009-01-17 13:11 <DIR> d--h----- c:\program files\Zero G Registry 2009-01-17 13:09 . 2009-01-17 13:09 <DIR> d-------- c:\program files\Sports Interactive 2009-01-17 13:09 . 2009-01-17 13:09 <DIR> d--h----- c:\documents and settings\Adrian\InstallAnywhere 2009-01-17 13:07 . 2009-01-17 20:44 <DIR> d-------- c:\program files\ChomikBox 2009-01-14 21:00 . 2009-01-14 21:00 <DIR> d-------- c:\program files\SEGA 2009-01-14 18:22 . 2009-01-14 18:22 <DIR> d-------- c:\program files\Maxis 2009-01-14 18:22 . 2009-01-14 18:22 535 --a------ c:\windows\eReg.dat 2009-01-14 17:21 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-01-14 17:20 . 2009-01-18 19:38 <DIR> d-------- c:\program files\MSBuild 2009-01-14 17:20 . 2009-01-14 17:20 <DIR> d-------- c:\program files\Microsoft Works 2009-01-14 17:16 . 2009-01-14 17:20 <DIR> d-------- c:\windows\SHELLNEW 2009-01-14 17:16 . 2009-01-14 17:16 <DIR> dr-h----- C:\MSOCache 2009-01-14 17:16 . 2009-01-14 17:22 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Microsoft Help 2009-01-10 09:36 . 2009-01-10 09:36 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Age of Empires 3 2009-01-10 09:02 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll 2009-01-10 08:57 . 2009-01-10 08:57 <DIR> d-------- c:\program files\Microsoft Games 2009-01-07 15:42 . 2009-01-07 15:42 <DIR> d-------- c:\program files\Jufsoft 2009-01-06 20:26 . 2009-01-06 20:26 <DIR> d-------- c:\program files\Common Files\Adobe 2009-01-04 13:03 . 2009-01-04 13:03 241 --a------ c:\windows\RomeTW.ini 2009-01-04 12:42 . 2009-01-04 12:42 <DIR> d-------- c:\program files\Activision 2009-01-04 09:58 . 2009-01-04 09:59 <DIR> d-------- c:\program files\UltraISO 2009-01-04 09:58 . 2009-01-04 09:58 <DIR> d-------- c:\program files\Common Files\EZB Systems 2009-01-03 21:51 . 2009-01-03 21:51 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\NVIDIA 2009-01-03 21:47 . 2009-01-22 21:31 116 --a------ c:\windows\NeroDigital.ini 2009-01-03 21:46 . 2009-01-03 21:46 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\Media Player Classic 2009-01-03 20:55 . 2009-01-03 21:02 <DIR> d-------- c:\program files\Common Files\LightScribe 2009-01-03 20:55 . 2005-04-20 12:32 2,916,352 --------- c:\windows\UNNMP.exe 2009-01-03 20:55 . 2006-05-23 17:30 47,894 --------- c:\windows\UNNMP.cfg 2009-01-03 20:54 . 2006-01-12 16:40 155,648 --a------ c:\windows\system32\NeroCheck.exe 2009-01-03 20:53 . 2009-01-03 20:53 <DIR> d-------- c:\program files\Common Files\Nero 2009-01-03 20:51 . 2009-01-03 20:51 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Ahead 2009-01-03 20:51 . 2005-07-29 16:12 2,977,792 --------- c:\windows\UNNeroVision.exe 2009-01-03 20:51 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll 2009-01-03 20:51 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll 2009-01-03 20:51 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll 2009-01-03 20:51 . 2004-07-09 09:43 364,544 --------- c:\windows\system32\TwnLib4.dll 2009-01-03 20:51 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll 2009-01-03 20:51 . 2006-05-23 17:30 179,288 --------- c:\windows\UNNeroVision.cfg 2009-01-03 20:51 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll 2009-01-03 20:51 . 2001-06-26 08:15 38,912 --------- c:\windows\system32\picn20.dll 2009-01-03 20:51 . 2001-03-08 19:30 24,064 --------- c:\windows\system32\msxml3a.dll 2009-01-03 20:50 . 2009-01-03 20:50 <DIR> d-------- c:\program files\Common Files\Ahead 2009-01-03 20:50 . 2009-01-03 20:55 <DIR> d-------- c:\program files\Ahead 2009-01-03 20:35 . 2009-01-23 14:28 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\DAEMON Tools Pro 2009-01-03 20:35 . 2009-01-03 20:35 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\DAEMON Tools 2009-01-03 20:34 . 2009-01-03 20:34 <DIR> d-------- c:\program files\DAEMON Tools Toolbar 2009-01-03 20:34 . 2009-01-03 20:34 <DIR> d-------- c:\program files\DAEMON Tools Lite 2009-01-03 20:34 . 2009-01-03 20:34 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2009-01-03 20:31 . 2009-01-03 20:36 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\DAEMON Tools Lite 2009-01-03 20:31 . 2009-01-03 20:31 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2009-01-03 20:30 . 2009-01-04 19:52 <DIR> d-------- c:\program files\Screamer Radio 2009-01-03 19:25 . 2009-01-17 20:42 <DIR> d-------- C:\Downloads 2009-01-03 19:21 . 2009-01-03 19:21 <DIR> d-------- c:\program files\Software Informer 2009-01-03 19:21 . 2009-01-03 19:21 <DIR> d-------- c:\program files\Free Download Manager 2009-01-03 19:21 . 2009-01-03 19:21 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\FreeDownloadManager.ORG 2009-01-03 19:21 . 2009-01-03 19:24 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\Software Informer 2009-01-03 19:21 . 2009-01-24 15:36 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\Free Download Manager 2009-01-03 17:42 . 2009-01-03 17:46 <DIR> d-------- c:\program files\Km TPR 2009-01-03 16:56 . 2009-01-03 16:56 <DIR> d-------- c:\documents and settings\LocalService\Menu Start 2009-01-03 16:56 . 2009-01-04 13:04 316,640 --a------ c:\windows\WMSysPr9.prx 2009-01-03 16:47 . 2008-04-14 21:45 2,977,792 -----c--- c:\windows\system32\dllcache\wmploc.dll 2009-01-03 16:45 . 2007-08-10 20:53 26,488 --a------ c:\windows\system32\spupdsvc.exe 2009-01-03 16:45 . 2006-12-29 00:31 19,569 --a------ c:\windows\[u]0[/u]02630_.tmp 2009-01-03 16:34 . 2009-01-03 16:34 <DIR> d-------- C:\WUTemp 2009-01-03 16:32 . 2009-01-03 16:32 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-01-03 16:30 . 2009-01-03 16:30 <DIR> d-------- c:\program files\Java 2009-01-03 16:30 . 2009-01-03 16:30 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-03 16:30 . 2009-01-03 16:30 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-03 13:29 . 2009-01-03 13:29 <DIR> d-------- c:\program files\Alwil Software 2009-01-03 13:13 . 2009-01-03 13:37 <DIR> d-------- c:\documents and settings\Adrian\Gadu-Gadu 2009-01-03 13:13 . 2009-01-03 13:13 <DIR> d-------- c:\documents and settings\Adrian\Dane aplikacji\Gadu-Gadu . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-20 15:51 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-03 12:05 --------- d-----w c:\program files\Realtek 2009-01-03 10:30 155,995 ----a-w c:\windows\java\Packages\60VTVPF1.ZIP 2009-01-03 10:30 --------- d-----w c:\program files\Intel 2009-01-03 10:27 --------- d-----w c:\documents and settings\Adrian\Dane aplikacji\InstallShield 2009-01-03 10:03 --------- d-----w c:\program files\microsoft frontpage 2009-01-03 10:01 --------- d-----w c:\program files\Usługi online 2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll 2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll 2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll 2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll . ((((((((((((((((((((((((((((( snapshot@2009-01-24_10.19.39.75 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE + 2009-01-24 13:36:29 385,024 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2009-01-24 13:36:29 8,192 ----a-w c:\windows\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2009-01-24 13:36:19 385,024 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT + 2009-01-24 13:36:19 8,192 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat + 2009-01-24 13:51:53 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_180.dat + 2009-01-24 13:51:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_580.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544] "Comrade.exe"="c:\program files\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-08-11 7630848] "NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-08-11 86016] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-03 136600] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"= "c:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"= "c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"= "c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-03 111184] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-03 20560] R4 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2001-10-26 14336] . . ------- Skan uzupełniający ------- . IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Pobierz plik wideo we Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Pobierz w Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: Pobierz wszystkie pliki w Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Pobierz zaznaczone w Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-24 15:41:12 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-01-24 15:42:16 ComboFix-quarantined-files.txt 2009-01-24 14:42:14 ComboFix2.txt 2009-01-24 09:20:18 Przed: 814 219 264 bajtów wolnych Po: 805,130,240 bajtów wolnych 251

Log z HiJackThis

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:38:05, on 2009-01-24 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Opera\opera.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\explorer.exe D:\Downloads\hijack\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Pobierz plik wideo we Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Pobierz w Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Pobierz wszystkie pliki w Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Pobierz zaznaczone w Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 7490 bytes

**Posty:** 18165 · przez **wojtas** 24 Sty 2009, 18:41

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.