Wszytko zaczeło się od tego, że nie mogłem wydrukować pliku, żadna z drukarek nie odpowiadała, a mam 4 - 2 rzeczywiste i 2 wirtulane. No to restart i system nie wstał:
"Brak plku hal.dll"
Naprawione wg porad znalezionych na google, czyli poleceniem bootcfg /rebuild z konsoli naprawy.
Ale poźniej zaczęła świrować nagrywark DVD, najpierw nie chciał w żaden sposób oddawć płyt jedyne wyjście to wyjęcie siłowe za pomocą drucika.
Następnie przy nagrywaniu które trawało oklo 1h (czyli bardzo długo zważywszy żę płyta nagywan prędkości 6x) stwierdziłem 100% wykorzystanie procerowa z czego 50-60% to przerwania ISR, a najwiecej z nich przez NDIS.SYS USBPORTS.SYS (sprawone programem RATTv3).
No to kolejny restart i znowu ten sam problem z hal.dll.
Nie wiem czy to wina sprzętu, czy systemu i tego co może na nim siedzieć.
Na wszelki wypadek zamieszczam logi z ComboFixa, SDFixa i HiJackThis.
Logi ComboFixa:
- Kod: Zaznacz wszystko
ComboFix 08-07-15.4 - TiMeRo 2008-07-17 15:18:16.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1439 [GMT 2:00]
Running from: F:\»INSTALKI«\»SYSTEM«\»Diagnostyka«\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-06-17 to 2008-07-17 )))))))))))))))))))))))))))))))
.
2008-07-15 11:55 . 2008-07-15 13:11 284 -rahs---- C:\Kopia boot.ini
2008-07-15 11:36 . 2001-10-30 14:00 53,060 --------- C:\WINDOWS\system32\hal_0.dll
2008-07-10 13:53 . 2008-07-10 13:53 1,160 --a------ C:\WINDOWS\mozver.dat
2008-07-08 23:03 . 2008-07-08 23:03 <DIR> d-------- C:\Program Files\AC3Filter
2008-07-08 23:03 . 2008-06-30 16:47 421,888 --a------ C:\WINDOWS\system32\ac3filter.acm
2008-07-04 01:33 . 2008-07-04 01:33 <DIR> d-------- C:\Program Files\CyberLink
2008-07-01 20:50 . 2008-07-01 20:50 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-06-29 21:26 . 2008-06-29 21:26 <DIR> d-------- C:\Program Files\IPLA
2008-06-29 16:24 . 2008-06-29 16:24 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-06-28 23:31 . 2008-06-28 23:31 <DIR> d-------- C:\Program Files\S-Spline 2
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-17 13:24 124,097,824 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-17 13:24 --------- d-----w C:\Documents and Settings\TiMeRo\Dane aplikacji\uTorrent
2008-07-17 13:23 1,789,472 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-17 13:23 --------- d-----w C:\Program Files\eMule
2008-07-17 13:23 --------- d-----w C:\Documents and Settings\TiMeRo\Dane aplikacji\VMware
2008-07-17 13:22 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\VMware
2008-07-17 13:21 181,292 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-17 13:21 1,684,928 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-17 13:03 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-07-17 13:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-07-16 14:59 --------- d-----w C:\Program Files\VoipDiscount
2008-07-15 09:58 --------- d-----w C:\Documents and Settings\TiMeRo\Dane aplikacji\WordToPDF
2008-07-13 19:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ipla
2008-07-11 12:45 --------- d-----w C:\Program Files\Opera
2008-07-10 22:36 --------- d-----w C:\Program Files\OPR
2008-07-03 23:33 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-03 23:13 --------- d-----w C:\Documents and Settings\TiMeRo\Dane aplikacji\Vso
2008-07-01 09:36 --------- d-----w C:\Program Files\MIDI Maestro MM4
2008-06-30 14:06 --------- d-----w C:\Program Files\FlashGet
2008-06-29 12:27 --------- d-----w C:\Program Files\PartyGaming
2008-06-28 12:48 --------- d-----w C:\Program Files\SmartDraw 2007
2008-06-25 08:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-21 13:04 --------- d-----w C:\Documents and Settings\TiMeRo\Dane aplikacji\Skype
2008-06-17 12:39 --------- d-----w C:\Program Files\DC++ v0.674
2008-06-15 01:33 --------- d-----w C:\Program Files\Titan Poker
2008-06-14 19:17 --------- d-----w C:\Program Files\Foxit Software
2008-06-12 17:41 --------- d-----w C:\Documents and Settings\TiMeRo\Dane aplikacji\ipla
2008-06-11 18:54 --------- d-----w C:\Documents and Settings\TiMeRo\Dane aplikacji\Wireshark
2008-06-11 17:18 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-07 01:38 --------- d-----w C:\Program Files\VeryPDF PDF2Word v3.0
2008-06-06 15:31 --------- d-----w C:\Program Files\BPFTP Server
2008-06-03 22:42 --------- d-----w C:\Program Files\GNS3
2008-06-03 19:50 --------- d-----w C:\Program Files\WinPcap
2008-05-29 18:00 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-05-28 23:46 --------- d-----w C:\Program Files\Syslogd
2008-05-28 23:39 --------- d-----w C:\Program Files\Kaspersky Lab
2008-05-28 14:36 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-05-28 14:36 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-05-22 22:56 --------- d-----w C:\Program Files\Actual Window Minimizer
2008-05-22 22:19 --------- d-----w C:\Program Files\avijoin
2008-02-11 21:37 47,360 ----a-w C:\Documents and Settings\TiMeRo\Dane aplikacji\pcouffin.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" [2008-02-12 21:18 459264]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\StrongGG.exe" [2007-08-18 22:29 21504]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:29 220544]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2008-02-02 22:48 219952]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 18:12 131072]
"WheelMouse"="C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2004-08-25 18:31 147456]
"FSWebServer"="C:\Program Files\Easy File Sharing Web Server\fsws.exe" [2007-11-11 15:01 1323008]
"FinePrint Dyspozytor v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2006-08-24 15:55 499712]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38 241664]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 16:46 172032]
"vmware-tray"="C:\Program Files\VMware\VMware Workstation\vmware-tray.exe" [2007-10-08 10:27 72240]
"VMware hqtray"="C:\Program Files\VMware\VMware Workstation\hqtray.exe" [2007-10-08 10:26 55856]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51 218376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 22:51 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"msacm.ac3filter"= ac3filter.acm
[HKLM\~\startupfolder\C:^Documents and Settings^TiMeRo^Menu Start^Programy^Autostart^HDDlife.lnk]
backup=C:\WINDOWS\pss\HDDlife.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RSX++]
F:\»PROGRAMY«\rsxpp_1.00_beta3 [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-09-20 16:35 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-18 19:55 49152 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]
-ra------ 2005-12-21 11:00 98304 C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NetCom"=2 (0x2)
"UPS"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\FreeCall\\FreeCall.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\VoipDiscount\\VoipDiscount.exe"=
"C:\\Program Files\\BPFTP Server\\bpftpserver.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\drivers\si3112r.sys [2003-05-09 11:55]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2003-02-12 08:37]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 22:03]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2003-07-29 11:00]
R2 Kiwi Syslog Daemon;Kiwi Syslog Daemon;C:\Program Files\Syslogd\Syslogd_Service.exe [2008-03-02 23:37]
R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;C:\WINDOWS\system32\DRIVERS\thdudf.sys [2006-11-11 02:25]
R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2004-08-25 18:09]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 22:22]
R3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 00:15]
S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys [2005-07-14 12:39]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 00:15]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 15:23:21
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1005MC.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-07-17 15:34:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-17 13:33:39
Pre-Run: 2,468,376,576 bajtów wolnych
Post-Run: 2,427,555,840 bajt˘w wolnych
176
Logi SDFixa:
- Kod: Zaznacz wszystko
[b]SDFix: Version 1.173 [/b]
Run by Administrator on 2008-07-17 at 15:49
Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-17 15:54:41
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:a0,88,82,38,9b,36,a3,50,0c,e0,a2,d8,74,80,a2,80,4c,a6,a9,27,3e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:94,c7,68,9b,fe,c3,fc,5c,5a,08,93,74,f7,b3,d6,f4,04,a3,24,ec,b4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,2c,a9,1b,c8,e7,ca,38,94,0c,fc,41,39,f0,83,a8,27,62,..
"hdf12"=hex:57,a9,90,d8,03,d5,ae,a9,71,7b,0d,2b,6b,20,18,f9,b8,5d,ca,be,6c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:e8,ac,ec,6a,b8,9d,75,2c,fb,31,b4,ca,6d,40,16,da,f8,83,16,81,ee,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:a0,88,82,38,9b,36,a3,50,0c,e0,a2,d8,74,80,a2,80,4c,a6,a9,27,3e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:94,c7,68,9b,fe,c3,fc,5c,5a,08,93,74,f7,b3,d6,f4,04,a3,24,ec,b4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,2c,a9,1b,c8,e7,ca,38,94,0c,fc,41,39,f0,83,a8,27,62,..
"hdf12"=hex:57,a9,90,d8,03,d5,ae,a9,71,7b,0d,2b,6b,20,18,f9,b8,5d,ca,be,6c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:e8,ac,ec,6a,b8,9d,75,2c,fb,31,b4,ca,6d,40,16,da,f8,83,16,81,ee,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:39,4e,84,2f,02,01,04,04,b0,f2,87,a0,ec,99,1b,50,f3,dc,4a,cd,ab,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"p0"="C:\Program Files\DAEMON Tools Pro\"
"h0"=dword:00000001
"hdf12"=hex:94,c7,68,9b,fe,c3,fc,5c,5a,08,93,74,f7,b3,d6,f4,04,a3,24,ec,b4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,2c,a9,1b,c8,e7,ca,38,94,0c,fc,41,39,f0,83,a8,27,62,..
"hdf12"=hex:57,a9,90,d8,03,d5,ae,a9,71,7b,0d,2b,6b,20,18,f9,b8,5d,ca,be,6c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:e8,ac,ec,6a,b8,9d,75,2c,fb,31,b4,ca,6d,40,16,da,f8,83,16,81,ee,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\FreeCall\\FreeCall.exe"="C:\\Program Files\\FreeCall\\FreeCall.exe:*:Enabled:FreeCall"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\VoipDiscount\\VoipDiscount.exe"="C:\\Program Files\\VoipDiscount\\VoipDiscount.exe:*:Enabled:VoipDiscount"
"C:\\Program Files\\BPFTP Server\\bpftpserver.exe"="C:\\Program Files\\BPFTP Server\\bpftpserver.exe:*:Enabled:BulletProof FTP Server (http://www.bpftpserver.com)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Fri 25 Apr 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 12 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 21 Jun 2008 814,080 ...H. --- "C:\Documents and Settings\TiMeRo\Dane aplikacji\Microsoft\Word\~WRL4064.tmp"
[b]Finished![/b]
Logi HiJackThis:
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:13, on 2008-07-17
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Syslogd\Syslogd_Service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Easy File Sharing Web Server\fsws.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\opera.exe
F:\»INSTALKI«\»SYSTEM«\»Diagnostyka«\HiJackThis 2.0.2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.klamm.de/partner/velerion.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} - C:\WINDOWS\system32\cgmopenbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [FSWebServer] C:\Program Files\Easy File Sharing Web Server\fsws.exe
O4 - HKLM\..\Run: [FinePrint Dyspozytor v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\StrongGG.exe" /tray
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://89.171.198.58:8001/VatDec.cab
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://89.171.104.66:8001/RtspVaPgDec.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197851292031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202334457421
O16 - DPF: {70EDCF63-CA7E-4812-8528-DA1EA2FD53B6} (VitaminCtrl Class) - http://www.magiccam.pl/ip/VitaminCtrl.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5147CB32-4F98-4064-A3C9-8F238B6C5DDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{6038C2C4-55C8-4F76-A25E-EB33F0FB50FC}: NameServer = 212.182.63.66,212.182.63.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{93B8EF5D-2DAB-4E38-A994-533E5C68167E}: NameServer = 212.182.63.66,212.182.63.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{5147CB32-4F98-4064-A3C9-8F238B6C5DDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{5147CB32-4F98-4064-A3C9-8F238B6C5DDD}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{5147CB32-4F98-4064-A3C9-8F238B6C5DDD}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: ABBYY FineReader 9.0 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kiwi Syslog Daemon - Kiwi Enterprises - C:\Program Files\Syslogd\Syslogd_Service.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
--
End of file - 11384 bytes
Z góry dzieki za pomoc i pozdrawiam.
