Prosze o sprawdzenei logów - explorer.exe

[Daimon]

Nie wiem czemu ale ostatnio w Windows Vista wyłącza misie sam Explorer. System ma dopiero jakoś niecałe 2 tygodnie więc dlatego jest to dla mnie takie dziwne.

Tutaj są logi Combofix

Kod: Zaznacz wszystko

ComboFix 08-12-17.01 - Jarek 2008-12-18 22:01:54.1 - NTFSx86
Microsoft® Windows Vista™ Business   6.0.6000.0.1250.1.1045.18.1788.1092 [GMT 1:00]
Uruchomiony z: d:\programy\Logi\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mpg4c32.dll

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-11-18 do 2008-12-18  )))))))))))))))))))))))))))))))
.

2008-12-18 21:46 . 2008-12-18 21:46   <DIR>   d--------   c:\program files\Trend Micro
2008-12-15 19:46 . 2008-12-15 19:46   <DIR>   d--------   c:\users\Jarek\AppData\Roaming\Media Player Classic
2008-12-15 19:46 . 2008-12-15 19:46   <DIR>   d--------   c:\users\All Users\Real
2008-12-15 19:46 . 2008-12-15 19:46   <DIR>   d--------   c:\program files\Real Alternative
2008-12-14 23:29 . 2008-12-14 23:29   56   --ah-----   c:\windows\System32\ezsidmv.dat
2008-12-14 23:27 . 2008-12-15 18:31   <DIR>   d--------   c:\users\Jarek\AppData\Roaming\Nero
2008-12-14 23:27 . 2008-12-14 23:27   <DIR>   d--------   c:\users\All Users\LightScribe
2008-12-14 23:27 . 2008-12-14 23:27   <DIR>   d--------   c:\programdata\LightScribe
2008-12-14 22:49 . 2008-12-14 22:49   4,767   --a------   c:\windows\Irremote.ini
2008-12-14 22:34 . 2008-12-14 22:42   <DIR>   d--------   c:\users\All Users\Nero
2008-12-14 22:34 . 2008-12-14 22:42   <DIR>   d--------   c:\programdata\Nero
2008-12-14 22:34 . 2008-12-14 22:48   <DIR>   d--------   c:\program files\Nero
2008-12-14 22:34 . 2008-12-14 23:02   <DIR>   d--------   c:\program files\Common Files\Nero
2008-12-14 22:34 . 2008-12-14 22:34   <DIR>   d--------   c:\program files\Common Files\LightScribe
2008-12-14 01:43 . 2006-09-16 23:21   2,332,368   --a------   c:\windows\system\d3dx9_29.dll
2008-12-14 01:30 . 2008-12-14 01:31   18,048   --a------   c:\windows\System32\drivers\lirsgt.sys
2008-12-14 01:10 . 2008-12-14 01:10   <DIR>   d--------   c:\program files\MoorHunt
2008-12-14 01:02 . 2008-12-14 01:02   <DIR>   d--------   c:\users\Jarek\AppData\Roaming\Teleca
2008-12-14 01:01 . 2007-04-23 15:54   108,680   --a------   c:\windows\System32\drivers\s115mdm.sys
2008-12-14 01:01 . 2007-04-23 15:54   100,488   --a------   c:\windows\System32\drivers\s115mgmt.sys
2008-12-14 01:01 . 2007-04-23 15:54   98,568   --a------   c:\windows\System32\drivers\s115obex.sys
2008-12-14 01:01 . 2007-04-23 15:54   15,112   --a------   c:\windows\System32\drivers\s115mdfl.sys
2008-12-14 01:01 . 2007-04-23 15:54   12,424   --a------   c:\windows\System32\drivers\s115cmnt.sys
2008-12-14 01:01 . 2007-04-23 15:54   12,424   --a------   c:\windows\System32\drivers\s115cm.sys
2008-12-14 01:00 . 2007-04-23 15:54   83,208   --a------   c:\windows\System32\drivers\s115bus.sys
2008-12-14 01:00 . 2007-04-23 15:54   12,424   --a------   c:\windows\System32\drivers\s115whnt.sys
2008-12-14 01:00 . 2007-04-23 15:54   12,424   --a------   c:\windows\System32\drivers\s115wh.sys
2008-12-14 00:59 . 2008-12-14 00:59   <DIR>   d--------   c:\users\Jarek\AppData\Roaming\Sony Ericsson
2008-12-14 00:59 . 2008-12-14 00:59   <DIR>   d--------   c:\program files\Sony Ericsson
2008-12-14 00:59 . 2008-12-14 00:59   <DIR>   d--------   c:\program files\Common Files\Teleca Shared
2008-12-14 00:59 . 2008-12-14 00:59   <DIR>   d--------   c:\program files\Common Files\Sony Ericsson Shared
2008-12-14 00:53 . 2008-12-14 00:59   <DIR>   d--------   c:\users\All Users\Teleca
2008-12-14 00:53 . 2008-12-14 00:59   <DIR>   d--------   c:\users\All Users\Sony Ericsson
2008-12-14 00:53 . 2008-12-14 00:59   <DIR>   d--------   c:\programdata\Teleca
2008-12-14 00:53 . 2008-12-14 00:59   <DIR>   d--------   c:\programdata\Sony Ericsson
2008-12-14 00:43 . 2008-12-14 00:43   <DIR>   d--------   c:\program files\MSECache
2008-12-14 00:34 . 2008-12-14 00:34   <DIR>   d--------   c:\users\All Users\Office Genuine Advantage
2008-12-14 00:34 . 2008-12-14 00:34   <DIR>   d--------   c:\programdata\Office Genuine Advantage
2008-12-14 00:04 . 2008-12-14 00:04   50   --a------   c:\windows\pdf2rtf.INI
2008-12-14 00:03 . 2008-12-14 00:03   1,024   --a------   c:\windows\System32\pdf2word.DAT
2008-12-13 23:58 . 2008-12-13 23:59   <DIR>   d--------   c:\program files\gs
2008-12-13 23:48 . 2008-12-13 23:49   <DIR>   d--------   c:\users\Jarek\AppData\Roaming\WordToPDF
2008-12-13 23:19 . 2008-12-14 01:19   <DIR>   d--------   c:\program files\Common Files\InstallShield
2008-12-13 16:21 . 2008-12-13 16:21   <DIR>   d--------   c:\users\Jarek\.netbeans-derby
2008-12-13 16:20 . 2008-12-13 16:20   <DIR>   d--------   c:\users\Jarek\.netbeans
2008-12-13 15:03 . 2008-12-13 15:03   <DIR>   d--------   c:\users\Jarek\AppData\Roaming\DAEMON Tools Pro
2008-12-13 15:01 . 2008-12-13 15:11   <DIR>   d--------   c:\program files\DAEMON Tools Pro
2008-12-13 14:53 . 2008-12-13 14:53   <DIR>   d--------   c:\program files\Alcohol Soft
2008-12-13 14:22 . 2008-12-13 14:22   685,816   --a------   c:\windows\System32\drivers\sptd.sys
2008-12-13 14:05 . 2007-03-08 00:51   129,784   ---------   c:\windows\System32\pxafs.dll
2008-12-13 14:03 . 2008-12-13 14:12   <DIR>   d--------   c:\users\Jarek\AppData\Roaming\Winamp
2008-12-13 14:03 . 2008-12-13 14:06   <DIR>   d--------   c:\program files\Winamp
2008-12-13 13:52 . 2008-12-13 13:52   <DIR>   d--------   c:\users\Jarek\AppData\Roaming\GHISLER
2008-12-13 13:52 . 2008-12-13 13:53   <DIR>   d--------   C:\totalcmd
2008-12-13 13:52 . 2008-07-29 07:04   545   --a------   c:\windows\UC.PIF
2008-12-13 13:52 . 2008-07-29 07:04   545   --a------   c:\windows\RAR.PIF
2008-12-13 13:52 . 2008-07-29 07:04   545   --a------   c:\windows\PKZIP.PIF
2008-12-13 13:52 . 2008-07-29 07:04   545   --a------   c:\windows\PKUNZIP.PIF
2008-12-13 13:52 . 2008-07-29 07:04   545   --a------   c:\windows\NOCLOSE.PIF
2008-12-13 13:52 . 2008-07-29 07:04   545   --a------   c:\windows\LHA.PIF
2008-12-13 13:52 . 2008-07-29 07:04   545   --a------   c:\windows\ARJ.PIF
2008-12-13 13:46 . 2006-10-26 19:56   32,592   --a------   c:\windows\System32\msonpmon.dll
2008-12-13 13:43 . 2008-12-13 13:43   <DIR>   d--------   c:\program files\Microsoft Works
2008-12-13 13:41 . 2008-12-13 13:41   <DIR>   d--------   c:\windows\PCHEALTH
2008-12-13 13:41 . 2008-12-13 13:41   <DIR>   d--------   c:\program files\Microsoft.NET
2008-12-13 13:37 . 2008-12-13 13:37   <DIR>   d--------   c:\program files\Microsoft Visual Studio 8
2008-12-13 13:36 . 2008-12-13 23:31   <DIR>   d--------   c:\users\All Users\Microsoft Help
2008-12-13 13:36 . 2008-12-13 23:31   <DIR>   d--------   c:\programdata\Microsoft Help
2008-12-13 13:36 . 2008-12-13 13:36   <DIR>   dr-h-----   C:\MSOCache
2008-12-13 12:13 . 2008-12-13 12:16   <DIR>   d--------   c:\users\Jarek\AppData\Roaming\Dev-Cpp
2008-12-13 12:12 . 2008-12-13 12:13   <DIR>   d--------   C:\Dev-Cpp
2008-12-13 11:54 . 2008-12-13 11:54   <DIR>   d--------   c:\users\Jarek\.netbeans-registration
2008-12-13 11:54 . 2008-12-13 11:54   <DIR>   d--------   c:\program files\Apache Software Foundation
2008-12-13 11:52 . 2008-12-13 16:21   <DIR>   d--------   c:\program files\glassfish-v2ur2
2008-12-13 11:47 . 2008-12-13 11:54   <DIR>   d--------   c:\program files\NetBeans 6.1
2008-12-13 11:46 . 2008-12-13 11:55   <DIR>   d--------   c:\users\Jarek\.nbi
2008-12-13 11:17 . 2008-12-13 11:17   <DIR>   d--------   c:\program files\Sun
2008-12-13 11:17 . 2008-12-13 11:17   410,976   --a------   c:\windows\System32\deploytk.dll
2008-12-13 11:16 . 2008-12-13 11:17   <DIR>   d--------   c:\program files\Java
2008-12-13 10:53 . 2008-12-13 15:08   <DIR>   d--------   c:\program files\English Translator 3
2008-12-13 10:49 . 2008-12-13 10:50   <DIR>   d--------   c:\program files\Deutsch Translator 2
2008-12-13 10:01 . 2008-12-18 21:00   <DIR>   d--------   c:\users\Jarek\AppData\Roaming\skypePM
2008-12-13 00:21 . 2008-12-13 00:21   1,809,944   --a------   c:\windows\System32\wuaueng.dll
2008-12-13 00:21 . 2008-12-13 00:21   1,524,736   --a------   c:\windows\System32\wucltux.dll
2008-12-13 00:21 . 2008-12-13 00:21   51,224   --a------   c:\windows\System32\wuauclt.exe
2008-12-13 00:21 . 2008-12-13 00:21   43,544   --a------   c:\windows\System32\wups2.dll
2008-12-13 00:20 . 2008-12-13 00:20   561,688   --a------   c:\windows\System32\wuapi.dll
2008-12-13 00:20 . 2008-12-13 00:20   162,064   --a------   c:\windows\System32\wuwebv.dll
2008-12-13 00:20 . 2008-12-13 00:20   83,456   --a------   c:\windows\System32\wudriver.dll
2008-12-13 00:20 . 2008-12-13 00:20   34,328   --a------   c:\windows\System32\wups.dll
2008-12-13 00:20 . 2008-12-13 00:20   31,232   --a------   c:\windows\System32\wuapp.exe
2008-12-12 23:04 . 2008-12-12 23:04   <DIR>   d--------   c:\program files\Marvell
2008-12-12 09:16 . 2008-12-12 09:16   <DIR>   d--------   c:\program files\SCM Microsystems
2008-12-12 09:16 . 2008-12-12 09:16   880   --a------   c:\windows\HBCIKRNL.INI
2008-12-12 09:12 . 2008-12-12 09:12   <DIR>   d--------   c:\windows\Options
2008-12-12 09:12 . 2008-12-14 00:58   <DIR>   d--------   c:\windows\Downloaded Installations
2008-12-12 09:12 . 2008-12-12 09:12   <DIR>   d--------   c:\users\Jarek\AppData\Roaming\Hewlett Packard Company
2008-12-12 09:12 . 2008-02-29 16:07   54,824   ---------   c:\windows\System32\agrsmdel.exe
2008-12-11 22:38 . 2008-12-18 21:26   <DIR>   d--------   c:\users\Jarek\AppData\Roaming\Skype
2008-12-11 22:24 . 2008-12-16 20:19   <DIR>   d--------   c:\users\Jarek\AppData\Roaming\FMA
2008-12-11 22:24 . 2008-12-16 20:37   <DIR>   d--------   c:\program files\FMA 2
2008-12-11 22:20 . 2008-12-15 19:53   <DIR>   d--------   c:\program files\NAPI-PROJEKT
2008-12-11 22:19 . 2008-12-11 22:20   <DIR>   d--------   c:\program files\ConTEXT
2008-12-11 22:16 . 2008-12-11 22:16   <DIR>   d--------   c:\program files\K-Lite Codec Pack
2008-12-11 22:13 . 2008-12-13 15:35   <DIR>   d--------   c:\program files\SubEdit-Player
2008-12-11 22:11 . 2008-12-11 22:11   <DIR>   d--------   c:\users\All Users\Adobe
2008-12-11 22:11 . 2008-12-11 22:11   <DIR>   d--------   c:\program files\Common Files\Adobe
2008-12-11 22:10 . 2008-12-13 12:18   <DIR>   d--------   c:\users\Jarek\Gadu-Gadu
2008-12-11 22:10 . 2008-12-11 22:10   <DIR>   d--------   c:\users\Jarek\AppData\Roaming\Gadu-Gadu
2008-12-11 22:10 . 2008-12-11 22:10   <DIR>   d--------   c:\program files\Skype
2008-12-11 22:10 . 2008-12-11 22:10   <DIR>   d--------   c:\program files\Gadu-Gadu
2008-12-11 22:10 . 2008-12-11 22:10   <DIR>   d--------   c:\program files\Common Files\Skype
2008-12-11 22:09 . 2008-12-11 22:10   <DIR>   d--------   c:\users\All Users\Skype
2008-12-11 22:09 . 2008-12-11 22:10   <DIR>   d--------   c:\programdata\Skype
2008-12-11 18:45 . 2008-12-11 18:45   <DIR>   d--------   c:\users\All Users\ATI
2008-12-11 18:45 . 2008-12-11 18:45   <DIR>   d--------   c:\programdata\ATI
2008-12-11 16:59 . 2008-04-14 14:39   9,344   --a------   c:\windows\System32\drivers\CPQBttn.sys
2008-12-11 16:58 . 2008-12-11 16:58   <DIR>   d--------   c:\program files\Hewlett-Packard
2008-12-11 16:58 . 2007-06-08 14:46   1,560,576   --a------   c:\windows\System32\BttnCmns_64.dll
2008-12-11 16:58 . 2006-06-30 06:46   1,560,576   --a------   c:\windows\System32\BttnCmns.dll
2008-12-11 16:58 . 2006-11-02 07:09   1,419,232   --a------   c:\windows\System32\drivers\wdfcoinstaller01005.dll
2008-12-11 16:58 . 2005-10-31 15:30   987,136   --a------   c:\windows\System32\BttnCmn.dll
2008-12-11 16:58 . 2007-06-18 17:12   16,768   --a------   c:\windows\System32\drivers\HpqKbFiltr.sys
2008-12-11 16:51 . 2008-12-14 01:22   <DIR>   d--h-----   c:\program files\InstallShield Installation Information
2008-12-11 16:51 . 2008-12-11 16:51   <DIR>   d--------   c:\program files\Common Files\SNP2UVC

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 12:43   ---------   d-----w   c:\program files\MSBuild
2008-12-11 13:09   ---------   d-sh--w   c:\programdata\Ulubione
2008-12-11 13:09   ---------   d-sh--w   c:\programdata\Szablony
2008-12-11 13:09   ---------   d-sh--w   c:\programdata\Pulpit
2008-12-11 13:09   ---------   d-sh--w   c:\programdata\Menu Start
2008-12-11 13:09   ---------   d-sh--w   c:\programdata\Dokumenty
2008-12-11 13:09   ---------   d-sh--w   c:\programdata\Dane aplikacji
2006-11-02 12:50   174   --sha-w   c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 c:\windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-03 177456]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-13 136600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll,c:\progra~1\KASPER~1\KASPER~1\adialhk.dll,c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2008-06-09 10:16 2363392 c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2006-11-02 13:35 1196032 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-18 16:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2007-06-13 08:16 528384 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-02 13:34 1004136 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-74557678-1073297986-1799678633-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-03-26 20496]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R3 Com4QLBEx;Com4QLBEx;"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [2008-12-11 193840]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2008-12-14 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2008-12-14 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2008-12-14 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2008-12-14 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2008-12-14 98568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
bthsvcs   REG_MULTI_SZ      BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{204f0b5f-c795-11dd-b4b1-002186c26fed}]
\shell\AutoRun\command - setupSNK.exe

*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Skan uzupełniający -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = w3cache.wspa.edu.pl:3128
IE: Dodaj do listy blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
FF - ProfilePath - c:\users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\ut70rqd0.default\
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
.
.
------- Skojarzenia plików -------
.
regedit=regedit.exe "%1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 22:04:36
Windows 6.0.6000  NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(824)
c:\progra~1\KASPER~1\KASPER~1\adialhk.dll
c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

- - - - - - - > 'lsass.exe'(712)
c:\progra~1\KASPER~1\KASPER~1\adialhk.dll
c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
Czas ukończenia: 2008-12-18 22:06:05
ComboFix-quarantined-files.txt  2008-12-18 21:06:02

Przed: 30 673 178 624 bajtów wolnych
Po: 32,851,714,048 bajtów wolnych

244


Logi Hijackthis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:20, on 2008-12-18
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.wspa.edu.pl:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 6395 bytes


[Neo]

Log HiJackThis jest Czysty.


Pozdro

Autor postu otrzymał pochwałę

[Daimon]

dziękuję. Ale czemu Explorer często mi sie sam wyłącza/podwiesza/i zmienia pozycje(wszystko przesuwa sie w lewo). Może to być wina starych sterowników do karty graficznej? (chociaż pobierałem z głównej strony nowe od razu po zainstalowaniu Windowsa)

[Okocza]

wklej w notatnik:

Kod: Zaznacz wszystko

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{204f0b5f-c795-11dd-b4b1-002186c26fed}]

zapisz jako fix.reg i odpal

Autor postu otrzymał pochwałę

[Daimon]

Dziekuje za pomoc
w razie czego będe jeszcze pisał w tym temacie

[Okocza]

Wykonaj to co jest podane w tym temacie

1. tym programem przejdź komputer
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd.