mulenie systemu

**Posty:** 4 · przez **Dale** 14 Cze 2007, 23:31

Nowy temat tak jak wojtas19162 poradził.

Niby system działa normalnie, ale explorer żre więcej niż zawsze pamięci, odpalenie już 2 programów ostro zamula kompa. A w Nero, DVD nagrywa się 40minut na 8x. Wcześniej tak nie było.
A to logi:

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 21:11:05, on 2007-06-14 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\PnkBstrA.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\macias\Pulpit\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\System32\PnkBstrB.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe

Kod: Zaznacz wszystko: GMER 1.0.12.12244 - http://www.gmer.net Rootkit scan 2007-06-14 23:08:11 Windows 5.1.2600 Dodatek Service Pack. 1 ---- System - GMER 1.0.12 ---- SSDT \??\C:\WINDOWS\System32\vsdatant.sys ZwConnectPort SSDT \??\C:\WINDOWS\System32\vsdatant.sys ZwOpenProcess ---- Kernel code sections - GMER 1.0.12 ---- .text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [ 06 ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 188 80502604 4 Bytes [ 1D, D6, F3, BA ] .text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 2F4 80502770 4 Bytes [ F0, E6, F4, BA ] ---- Devices - GMER 1.0.12 ---- Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [BAF56E90] vsdatant.sys Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [BAF56E90] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [BAF56E90] vsdatant.sys Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [BAF56E90] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [BAF56E90] vsdatant.sys Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [BAF56E90] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [BAF56E90] vsdatant.sys Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [BAF56E90] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [BAF56E90] vsdatant.sys Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [BAF56E90] vsdatant.sys Device \Driver\AFD \Device\Afd IRP_MJ_CREATE [BAF50B50] vsdatant.sys Device \Driver\AFD \Device\Afd IRP_MJ_CLOSE [BAF50B50] vsdatant.sys Device \Driver\AFD \Device\Afd IRP_MJ_DEVICE_CONTROL [BAF50B50] vsdatant.sys Device \Driver\AFD \Device\Afd FastIoDeviceControl [BAF50510] vsdatant.sys ---- EOF - GMER 1.0.12 ----

Kod: Zaznacz wszystko: GMER 1.0.12.12244 - http://www.gmer.net Rootkit scan 2007-06-14 23:09:18 Windows 5.1.2600 Dodatek Service Pack. 1 ---- Services - GMER 1.0.12 ---- Service .NET CLR Data Service .NET CLR Networking Service .NETFramework Service [DISABLED] Abiosdsk Service [DISABLED] abp480n5 Service C:\WINDOWS\System32\DRIVERS\ACPI.sys [BOOT] ACPI Service [DISABLED] ACPIEC Service [DISABLED] adpu160m Service C:\WINDOWS\system32\drivers\aeaudio.sys [MANUAL] aeaudio Service C:\WINDOWS\system32\drivers\aec.sys [MANUAL] aec Service C:\WINDOWS\System32\drivers\afd.sys [AUTO] AFD Service [DISABLED] Aha154x Service [DISABLED] aic78u2 Service [DISABLED] aic78xx Service C:\WINDOWS\System32\svchost.exe [MANUAL] Alerter Service C:\WINDOWS\System32\alg.exe [MANUAL] ALG Service [DISABLED] AliIde Service [DISABLED] amsint Service C:\WINDOWS\system32\svchost.exe [MANUAL] AppMgmt Service [DISABLED] asc Service [DISABLED] asc3350p Service [DISABLED] asc3550 Service ASP.NET Service ASP.NET_1.1.4322 Service C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [MANUAL] aspnet_state Service C:\WINDOWS\System32\DRIVERS\asyncmac.sys [MANUAL] AsyncMac Service C:\WINDOWS\System32\DRIVERS\atapi.sys [BOOT] atapi Service [DISABLED] Atdisk Service C:\WINDOWS\System32\Ati2evxx.exe [AUTO] Ati HotKey Poller Service C:\WINDOWS\system32\ati2sgag.exe [AUTO] ATI Smart Service C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [MANUAL] ati2mtag Service Atierecord Service C:\WINDOWS\System32\DRIVERS\atmarpc.sys [MANUAL] Atmarpc Service C:\WINDOWS\System32\svchost.exe [AUTO] AudioSrv Service C:\WINDOWS\System32\DRIVERS\audstub.sys [MANUAL] audstub Service BattC Service [SYSTEM] Beep Service C:\WINDOWS\System32\svchost.exe [MANUAL] BITS Service C:\WINDOWS\System32\svchost.exe [AUTO] Browser Service [DISABLED] cbidf2k Service [DISABLED] cd20xrnt Service [SYSTEM] Cdaudio Service [DISABLED] Cdfs Service C:\WINDOWS\System32\DRIVERS\cdrom.sys [SYSTEM] Cdrom Service [SYSTEM] Changer Service C:\WINDOWS\system32\cisvc.exe [MANUAL] CiSvc Service C:\WINDOWS\system32\clipsrv.exe [MANUAL] ClipSrv Service [DISABLED] CmdIde Service C:\WINDOWS\System32\dllhost.exe [MANUAL] COMSysApp Service ContentFilter Service ContentIndex Service [DISABLED] Cpqarray Service C:\WINDOWS\system32\svchost.exe [AUTO] CryptSvc Service [DISABLED] dac2w2k Service [DISABLED] dac960nt Service C:\WINDOWS\System32\svchost.exe [AUTO] Dhcp Service C:\WINDOWS\System32\DRIVERS\disk.sys [BOOT] Disk Service C:\WINDOWS\System32\dmadmin.exe [MANUAL] dmadmin Service C:\WINDOWS\System32\drivers\dmboot.sys [DISABLED] dmboot Service C:\WINDOWS\System32\drivers\dmio.sys [BOOT] dmio Service C:\WINDOWS\System32\drivers\dmload.sys [BOOT] dmload Service C:\WINDOWS\System32\svchost.exe [AUTO] dmserver Service C:\WINDOWS\system32\drivers\DMusic.sys [MANUAL] DMusic Service C:\WINDOWS\System32\svchost.exe [AUTO] Dnscache Service [DISABLED] dpti2o Service C:\WINDOWS\system32\drivers\drmkaud.sys [MANUAL] drmkaud Service C:\WINDOWS\System32\svchost.exe [AUTO] ERSvc Service C:\WINDOWS\system32\services.exe [AUTO] Eventlog Service C:\WINDOWS\System32\svchost.exe [MANUAL] EventSystem Service [DISABLED] Fastfat Service C:\WINDOWS\System32\svchost.exe [MANUAL] FastUserSwitchingCompatibility Service C:\WINDOWS\System32\DRIVERS\fdc.sys [MANUAL] Fdc Service [SYSTEM] Fips Service C:\WINDOWS\System32\DRIVERS\flpydisk.sys [MANUAL] Flpydisk Service [SYSTEM] Fs_Rec Service C:\WINDOWS\System32\DRIVERS\ftdisk.sys [BOOT] Ftdisk Service C:\WINDOWS\System32\DRIVERS\gmer.sys [MANUAL] gmer Service C:\WINDOWS\System32\DRIVERS\msgpc.sys [MANUAL] Gpc Service C:\WINDOWS\System32\DRIVERS\hamachi.sys [MANUAL] hamachi Service C:\WINDOWS\System32\svchost.exe [AUTO] helpsvc Service C:\WINDOWS\System32\svchost.exe [DISABLED] HidServ Service C:\WINDOWS\System32\DRIVERS\hidusb.sys [MANUAL] hidusb Service [DISABLED] hpn Service [SYSTEM] i2omgmt Service [DISABLED] i2omp Service C:\WINDOWS\System32\DRIVERS\i8042prt.sys [SYSTEM] i8042prt Service C:\WINDOWS\System32\DRIVERS\imapi.sys [SYSTEM] Imapi Service C:\WINDOWS\System32\imapi.exe [MANUAL] ImapiService Service inetaccs Service [DISABLED] ini910u Service Inport Service [DISABLED] IntelIde Service C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [MANUAL] IpFilterDriver Service C:\WINDOWS\System32\DRIVERS\ipinip.sys [MANUAL] IpInIp Service C:\WINDOWS\System32\DRIVERS\ipnat.sys [MANUAL] IpNat Service C:\WINDOWS\System32\DRIVERS\ipsec.sys [SYSTEM] IPSec Service C:\WINDOWS\System32\DRIVERS\irenum.sys [MANUAL] IRENUM Service ISAPISearch Service C:\WINDOWS\System32\DRIVERS\isapnp.sys [BOOT] isapnp Service C:\WINDOWS\System32\DRIVERS\kbdclass.sys [SYSTEM] Kbdclass Service C:\WINDOWS\system32\drivers\kmixer.sys [MANUAL] kmixer Service [BOOT] KSecDD Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanserver Service C:\WINDOWS\System32\svchost.exe [AUTO] lanmanworkstation Service [SYSTEM] lbrtfdc Service ldap Service LicenseService Service C:\WINDOWS\System32\svchost.exe [AUTO] LmHosts Service C:\WINDOWS\System32\svchost.exe [AUTO] Messenger Service [SYSTEM] mnmdd Service C:\WINDOWS\System32\mnmsrvc.exe [MANUAL] mnmsrvc Service [MANUAL] Modem Service C:\WINDOWS\System32\DRIVERS\mouclass.sys [SYSTEM] Mouclass Service C:\WINDOWS\System32\DRIVERS\mouhid.sys [MANUAL] mouhid Service [BOOT] MountMgr Service [DISABLED] mraid35x Service C:\WINDOWS\System32\DRIVERS\mrxdav.sys [MANUAL] MRxDAV Service C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [SYSTEM] MRxSmb Service C:\WINDOWS\System32\msdtc.exe [MANUAL] MSDTC Service [SYSTEM] Msfs Service C:\WINDOWS\System32\msiexec.exe [MANUAL] MSIServer Service C:\WINDOWS\system32\drivers\MSKSSRV.sys [MANUAL] MSKSSRV Service C:\WINDOWS\system32\drivers\MSPCLOCK.sys [MANUAL] MSPCLOCK Service C:\WINDOWS\system32\drivers\MSPQM.sys [MANUAL] MSPQM Service [BOOT] Mup Service [BOOT] NDIS Service C:\WINDOWS\System32\DRIVERS\ndistapi.sys [MANUAL] NdisTapi Service C:\WINDOWS\System32\DRIVERS\ndisuio.sys [MANUAL] Ndisuio Service C:\WINDOWS\System32\DRIVERS\ndiswan.sys [MANUAL] NdisWan Service [MANUAL] NDProxy Service C:\WINDOWS\System32\DRIVERS\netbios.sys [SYSTEM] NetBIOS Service C:\WINDOWS\System32\DRIVERS\netbt.sys [SYSTEM] NetBT Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDE Service C:\WINDOWS\system32\netdde.exe [MANUAL] NetDDEdsdm Service C:\WINDOWS\System32\lsass.exe [MANUAL] Netlogon Service C:\WINDOWS\System32\svchost.exe [MANUAL] Netman Service C:\WINDOWS\System32\svchost.exe [MANUAL] Nla Service [SYSTEM] Npfs Service [DISABLED] Ntfs Service C:\WINDOWS\System32\lsass.exe [MANUAL] NtLmSsp Service C:\WINDOWS\system32\svchost.exe [MANUAL] NtmsSvc Service [SYSTEM] Null Service C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt Service C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd Service C:\WINDOWS\System32\DRIVERS\parport.sys [MANUAL] Parport Service [BOOT] PartMgr Service [AUTO] ParVdm Service C:\WINDOWS\System32\DRIVERS\pci.sys [BOOT] PCI Service [SYSTEM] PCIDump Service C:\WINDOWS\System32\DRIVERS\pciide.sys [BOOT] PCIIde Service [DISABLED] Pcmcia Service [MANUAL] PDCOMP Service [MANUAL] PDFRAME Service [MANUAL] PDRELI Service [MANUAL] PDRFRAME Service [DISABLED] perc2 Service [DISABLED] perc2hib Service PerfDisk Service PerfNet Service PerfOS Service PerfProc Service C:\WINDOWS\system32\services.exe [AUTO] PlugPlay Service C:\WINDOWS\System32\HPZipm12.exe [AUTO] Pml Driver HPZ12 Service C:\WINDOWS\System32\PnkBstrA.exe [AUTO] PnkBstrA Service C:\WINDOWS\System32\PnkBstrB.exe [MANUAL] PnkBstrB Service C:\WINDOWS\System32\lsass.exe [AUTO] PolicyAgent Service C:\WINDOWS\System32\DRIVERS\raspptp.sys [MANUAL] PptpMiniport Service C:\WINDOWS\System32\DRIVERS\processr.sys [SYSTEM] Processor Service C:\WINDOWS\system32\lsass.exe [AUTO] ProtectedStorage Service C:\WINDOWS\System32\DRIVERS\psched.sys [MANUAL] PSched Service C:\WINDOWS\System32\DRIVERS\ptilink.sys [MANUAL] Ptilink Service C:\WINDOWS\System32\Drivers\PxHelp20.sys [BOOT] PxHelp20 Service [DISABLED] ql1080 Service [DISABLED] Ql10wnt Service [DISABLED] ql12160 Service [DISABLED] ql1240 Service [DISABLED] ql1280 Service C:\WINDOWS\System32\DRIVERS\rasacd.sys [SYSTEM] RasAcd Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasAuto Service C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [MANUAL] Rasl2tp Service C:\WINDOWS\System32\svchost.exe [MANUAL] RasMan Service C:\WINDOWS\System32\DRIVERS\raspppoe.sys [MANUAL] RasPppoe Service C:\WINDOWS\System32\DRIVERS\raspti.sys [MANUAL] Raspti Service C:\WINDOWS\System32\DRIVERS\rdbss.sys [SYSTEM] Rdbss Service C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [SYSTEM] RDPCDD Service RDPDD Service C:\WINDOWS\System32\DRIVERS\rdpdr.sys [MANUAL] rdpdr Service RDPNP Service [MANUAL] RDPWD Service C:\WINDOWS\system32\sessmgr.exe [MANUAL] RDSessMgr Service C:\WINDOWS\System32\DRIVERS\redbook.sys [SYSTEM] redbook Service C:\WINDOWS\System32\svchost.exe [DISABLED] RemoteAccess Service C:\WINDOWS\system32\svchost.exe [AUTO] RemoteRegistry Service C:\WINDOWS\System32\locator.exe [MANUAL] RpcLocator Service C:\WINDOWS\system32\svchost.exe [AUTO] RpcSs Service C:\WINDOWS\System32\rsvp.exe [MANUAL] RSVP Service C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [MANUAL] rtl8139 Service C:\WINDOWS\system32\lsass.exe [AUTO] SamSs Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardDrv Service C:\WINDOWS\System32\SCardSvr.exe [MANUAL] SCardSvr Service C:\WINDOWS\System32\svchost.exe [AUTO] Schedule Service C:\WINDOWS\System32\DRIVERS\secdrv.sys [MANUAL] Secdrv Service C:\WINDOWS\System32\svchost.exe [AUTO] seclogon Service C:\WINDOWS\system32\svchost.exe [AUTO] SENS Service C:\WINDOWS\System32\DRIVERS\serenum.sys [MANUAL] serenum Service C:\WINDOWS\System32\DRIVERS\serial.sys [SYSTEM] Serial Service [SYSTEM] Sfloppy Service C:\WINDOWS\System32\svchost.exe [MANUAL] SharedAccess Service C:\WINDOWS\System32\svchost.exe [AUTO] ShellHWDetection Service [DISABLED] Simbad Service C:\WINDOWS\system32\drivers\smwdm.sys [MANUAL] smwdm Service C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [AUTO] SoundMAX Agent Service (default) Service [DISABLED] Sparrow Service C:\WINDOWS\system32\drivers\splitter.sys [MANUAL] splitter Service C:\WINDOWS\system32\spoolsv.exe [AUTO] Spooler Service C:\WINDOWS\System32\DRIVERS\sr.sys [DISABLED] sr Service C:\WINDOWS\System32\svchost.exe [AUTO] srservice Service C:\WINDOWS\System32\DRIVERS\srv.sys [MANUAL] Srv Service C:\WINDOWS\System32\svchost.exe [MANUAL] SSDPSRV Service C:\WINDOWS\System32\svchost.exe [AUTO] stisvc Service C:\WINDOWS\System32\DRIVERS\swenum.sys [MANUAL] swenum Service C:\WINDOWS\system32\drivers\swmidi.sys [MANUAL] swmidi Service C:\WINDOWS\System32\dllhost.exe [MANUAL] SwPrv Service [DISABLED] symc810 Service [DISABLED] symc8xx Service [DISABLED] sym_hi Service [DISABLED] sym_u3 Service C:\WINDOWS\system32\drivers\sysaudio.sys [MANUAL] sysaudio Service C:\WINDOWS\system32\smlogsvc.exe [MANUAL] SysmonLog Service C:\WINDOWS\System32\svchost.exe [MANUAL] TapiSrv Service C:\WINDOWS\System32\DRIVERS\tcpip.sys [SYSTEM] Tcpip Service [MANUAL] TDPIPE Service [MANUAL] TDTCP Service C:\WINDOWS\System32\DRIVERS\termdd.sys [SYSTEM] TermDD Service C:\WINDOWS\System32\svchost.exe [MANUAL] TermService Service C:\WINDOWS\System32\svchost.exe [AUTO] Themes Service C:\WINDOWS\System32\tlntsvr.exe [DISABLED] TlntSvr Service [DISABLED] TosIde Service C:\WINDOWS\system32\svchost.exe [AUTO] TrkWks Service TSDDD Service [DISABLED] Udfs Service [DISABLED] ultra Service C:\WINDOWS\System32\DRIVERS\update.sys [MANUAL] Update Service C:\WINDOWS\System32\svchost.exe [AUTO] uploadmgr Service C:\WINDOWS\System32\svchost.exe [MANUAL] upnphost Service C:\WINDOWS\System32\ups.exe [MANUAL] UPS Service C:\WINDOWS\System32\DRIVERS\usbccgp.sys [MANUAL] usbccgp Service C:\WINDOWS\System32\DRIVERS\usbehci.sys [MANUAL] usbehci Service C:\WINDOWS\System32\DRIVERS\usbhub.sys [MANUAL] usbhub Service C:\WINDOWS\System32\DRIVERS\usbprint.sys [MANUAL] usbprint Service C:\WINDOWS\System32\DRIVERS\usbscan.sys [MANUAL] usbscan Service C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [MANUAL] USBSTOR Service C:\WINDOWS\System32\DRIVERS\usbuhci.sys [MANUAL] usbuhci Service C:\WINDOWS\System32\drivers\vga.sys [SYSTEM] VgaSave Service [DISABLED] ViaIde Service [BOOT] VolSnap Service C:\WINDOWS\System32\vsdatant.sys [AUTO] vsdatant Service C:\WINDOWS\system32\ZONELABS\vsmon.exe [AUTO] vsmon Service C:\WINDOWS\System32\vssvc.exe [MANUAL] VSS Service C:\WINDOWS\System32\svchost.exe [AUTO] W32Time Service W3SVC Service C:\WINDOWS\System32\DRIVERS\wanarp.sys [MANUAL] Wanarp Service [MANUAL] WDICA Service C:\WINDOWS\system32\drivers\wdmaud.sys [MANUAL] wdmaud Service C:\WINDOWS\System32\svchost.exe [AUTO] WebClient Service C:\WINDOWS\system32\svchost.exe [AUTO] winmgmt Service [MANUAL] Winsock Service WinSock2 Service WinTrust Service C:\WINDOWS\System32\svchost.exe [AUTO] WmdmPmSp Service C:\WINDOWS\System32\svchost.exe [MANUAL] Wmi Service WmiApRpl Service C:\WINDOWS\System32\wbem\wmiapsrv.exe [MANUAL] WmiApSrv Service C:\WINDOWS\system32\svchost.exe [AUTO] wuauserv Service C:\WINDOWS\System32\svchost.exe [AUTO] WZCSVC Service {32583968-F951-49DC-BAE8-16272E81152B} Service {40919877-8011-4166-BE6F-4AC0602756F4} ---- EOF - GMER 1.0.12 ----

**Posty:** 18165 · przez **wojtas** 14 Cze 2007, 23:32

daj loga z:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

**Posty:** 4 · przez **Dale** 15 Cze 2007, 10:49

Kod: Zaznacz wszystko: ((((((((((((((((((((((((( Files Created from 2007-05-15 to 2007-06-15 ))))))))))))))))))))))))))))))) 2007-06-15 10:14 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-14 21:07 <DIR> d-------- C:\Program Files\SkanerOnline 2007-06-14 17:29 <DIR> d-------- C:\DOCUME~1\Jola\DANEAP~1\Skype 2007-06-14 17:27 <DIR> d-------- C:\DOCUME~1\Jola\DANEAP~1\ATI 2007-06-14 16:18 <DIR> d-------- C:\DOCUME~1\macias\DANEAP~1\Skype 2007-06-14 16:16 <DIR> d-------- C:\Program Files\Skype 2007-06-14 16:16 <DIR> d-------- C:\Program Files\Common Files\Skype 2007-06-14 16:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Skype 2007-06-13 22:15 <DIR> d-------- C:\Program Files\Lame 2007-06-13 22:12 <DIR> d-------- C:\Program Files\GoldWave 2007-06-13 20:58 <DIR> d-------- C:\Program Files\Ad-Aware 2007-06-13 20:58 <DIR> d-------- C:\DOCUME~1\macias\DANEAP~1\Lavasoft 2007-06-12 16:01 4 --a------ C:\WINDOWS\system32\proc-220146841.bin 2007-06-12 16:01 <DIR> d-------- C:\DOCUME~1\macias\DANEAP~1\GanymedeNet 2007-06-10 16:04 <DIR> d-------- C:\DOCUME~1\wojtas\DANEAP~1\AdobeUM 2007-06-10 01:13 <DIR> d-------- C:\DOCUME~1\wojtas\DANEAP~1\ATI 2007-06-09 23:26 <DIR> d-------- C:\DOCUME~1\macias\DANEAP~1\ATI 2007-06-09 22:55 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-06-09 22:55 <DIR> d-------- C:\WINDOWS\LastGood 2007-06-09 12:01 <DIR> d-------- C:\Program Files\DivX 2007-06-08 23:59 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups 2007-06-08 23:59 <DIR> d-------- C:\WINDOWS\LastGood.Tmp 2007-06-08 23:58 <DIR> d-------- C:\Program Files\DNA-drivers 2007-06-07 00:59 <DIR> d-------- C:\DOCUME~1\wojtas\DANEAP~1\DivX 2007-06-06 00:21 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-06-06 00:21 150,528 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-06-06 00:21 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-06-04 21:20 99,904 --a------ C:\WINDOWS\system32\PnkBstrB.exe 2007-06-04 21:20 63,040 --a------ C:\WINDOWS\system32\PnkBstrA.exe 2007-06-04 21:20 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2007-06-04 20:10 <DIR> d-------- C:\Program Files\IncrediMail 2007-06-02 21:10 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys 2007-06-02 21:10 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll 2007-06-02 21:10 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll 2007-06-02 21:10 38,912 --------- C:\WINDOWS\system32\picn20.dll 2007-06-02 21:10 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll 2007-06-02 21:10 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll 2007-06-02 21:10 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-06-02 21:10 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys 2007-06-02 21:10 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2007-06-02 21:10 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll 2007-06-02 21:10 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-06-02 21:10 <DIR> d-------- C:\Program Files\Ahead 2007-06-02 20:01 <DIR> d-------- C:\DOCUME~1\macias\DANEAP~1\AdobeUM 2007-06-02 17:16 <DIR> d-------- C:\DOCUME~1\macias\DANEAP~1\Hamachi 2007-06-02 17:15 25,544 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2007-06-02 17:15 <DIR> d-------- C:\Program Files\Hamachi 2007-06-02 15:39 <DIR> d-------- C:\DOCUME~1\wojtas\DANEAP~1\Winamp 2007-06-01 17:26 <DIR> d-------- C:\DOCUME~1\Jola\DANEAP~1\DivX 2007-06-01 16:50 1,048,576 --ah----- C:\DOCUME~1\Jola\NTUSER.DAT 2007-06-01 16:50 <DIR> dr-h----- C:\DOCUME~1\Jola\Dane aplikacji 2007-06-01 16:50 <DIR> dr------- C:\DOCUME~1\Jola\Ulubione 2007-06-01 16:50 <DIR> dr------- C:\DOCUME~1\Jola\Moje dokumenty 2007-06-01 16:50 <DIR> dr------- C:\DOCUME~1\Jola\Menu Start 2007-06-01 16:50 <DIR> d--h----- C:\DOCUME~1\Jola\Ustawienia lokalne 2007-06-01 16:50 <DIR> d--h----- C:\DOCUME~1\Jola\Szablony 2007-06-01 16:50 <DIR> d-------- C:\DOCUME~1\Jola\Pulpit 2007-06-01 16:50 <DIR> d-------- C:\DOCUME~1\Jola\DANEAP~1\HP 2007-05-31 21:00 16,368 --a------ C:\DOCUME~1\macias\DANEAP~1\GDIPFONTCACHEV1.DAT 2007-05-30 14:00 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-05-30 14:00 639,066 --a------ C:\WINDOWS\system32\divx.dll 2007-05-30 14:00 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll 2007-05-30 14:00 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-05-30 14:00 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-05-30 14:00 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll 2007-05-30 14:00 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2007-05-30 13:51 <DIR> d-------- C:\Program Files\ALLPlayer 2007-05-29 23:53 <DIR> d-------- C:\Program Files\HTML ON 2007-05-29 22:56 545 --a------ C:\WINDOWS\UC.PIF 2007-05-29 22:56 545 --a------ C:\WINDOWS\RAR.PIF 2007-05-29 22:56 545 --a------ C:\WINDOWS\PKZIP.PIF 2007-05-29 22:56 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2007-05-29 22:56 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2007-05-29 22:56 545 --a------ C:\WINDOWS\LHA.PIF 2007-05-29 22:56 545 --a------ C:\WINDOWS\ARJ.PIF 2007-05-29 22:56 <DIR> d-------- C:\Program Files\Total Commander 6.56 2007-05-29 22:56 <DIR> d-------- C:\DOCUME~1\wojtas\Gadu-Gadu 2007-05-29 22:50 <DIR> d-------- C:\Program Files\eMule 2007-05-29 22:39 <DIR> d-------- C:\DOCUME~1\wojtas\DANEAP~1\HP 2007-05-29 22:38 1,835,008 --ah----- C:\DOCUME~1\wojtas\NTUSER.DAT 2007-05-29 22:38 <DIR> dr-h----- C:\DOCUME~1\wojtas\Dane aplikacji 2007-05-29 22:38 <DIR> dr------- C:\DOCUME~1\wojtas\Ulubione 2007-05-29 22:38 <DIR> dr------- C:\DOCUME~1\wojtas\Menu Start 2007-05-29 22:38 <DIR> d--h----- C:\DOCUME~1\wojtas\Ustawienia lokalne 2007-05-29 22:38 <DIR> d--h----- C:\DOCUME~1\wojtas\Szablony 2007-05-29 22:38 <DIR> d-------- C:\DOCUME~1\wojtas\Pulpit 2007-05-29 22:24 <DIR> d-------- C:\DOCUME~1\macias\DANEAP~1\HP 2007-05-29 22:23 <DIR> d-------- C:\Program Files\Common Files\HP 2007-05-29 22:12 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll 2007-05-29 22:12 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe 2007-05-29 22:12 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe 2007-05-29 22:12 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll 2007-05-29 22:12 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-05-29 22:12 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll 2007-05-29 22:12 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll 2007-05-29 22:03 14,916 --------- C:\WINDOWS\hphmdl12.dat 2007-05-29 22:03 126,822 --a------ C:\WINDOWS\HPHins12.dat 2007-05-29 22:01 48,640 --a------ C:\WINDOWS\system32\hpzll4pi.dll 2007-05-29 22:01 182,880 --a------ C:\WINDOWS\system32\iuengine.dll 2007-05-29 20:29 <DIR> d-------- C:\Program Files\Google (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-29 13:22:38 73,532 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-05-29 13:22:38 495,436 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-05-29 13:03:26 -------- d-----w C:\Program Files\Usługi online 2007-03-15 10:00:36 466,432 ----a-w C:\WINDOWS\system32\SkanerOnline.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 11:56] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Zone Labs Client"="C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe" [2003-11-15 17:20] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-15 21:10] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 20:29] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 17:05] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-11-14 11:12] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-05-20 14:50]

**Posty:** 18165 · przez **wojtas** 15 Cze 2007, 16:13

log jest uciety wrzuc na jakis serwer

**Posty:** 4 · przez **Dale** 15 Cze 2007, 18:10

To brakujące 2 linijki raportu

Kod: Zaznacz wszystko: *Newly Created Service* - ALG *Newly Created Service* - IPNAT

**Posty:** 18165 · przez **wojtas** 15 Cze 2007, 20:13

jest ok system masz czysty

mulenie systemu

Mulenie systemu

Kto jest na forum