zużycie procesora

[Bartass22]

mam problem z dużym zużyciem procesora przez program svchost.exe bardzo mi przez to zamula po wyłaczeniu tego procesu chodzi dobrze komp, ale po ponownym uruchomieniu kompa jest to samo jak to usunąć lub zrobic z tym jakiś poządek ?

[Magik]

wklej logi z HijackThis i combofix'a

http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html
http://forum.programosy.pl/jak-generujemy-logi-z-combofixa-oraz-dssa-vt95026.html

[Bartass22]

Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = ""C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"" ["Nero AG"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"osCheck" = ""C:\Program Files\Norton AntiVirus\osCheck.exe"" ["Symantec Corporation"]
"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"GrooveMonitor" = ""C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"" [MS]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"NeroFilterCheck" = "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" ["Nero AG"]
"Lexmark 1200 Series" = ""C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"" ["Lexmark International, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" = "Groove GFS Browser Helper"
-> {HKLM...CLSID} = "Groove GFS Browser Helper"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [MS]
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}" = "Groove GFS Explorer Bar"
-> {HKLM...CLSID} = "Groove Folder Synchronization"

[ Dodano: Dzisiaj o 23:37 ]
i co teraz ?

[Magik]

i co teraz ?

ostatni raz Ci mowie

Kod: Zaznacz wszystko

wklej logi z HijackThis i combofix'a

http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html
http://forum.programosy.pl/jak-generujemy-logi-z-combofixa-oraz-dssa-vt95026.html

i albo bedziesz postepowal z instrukcjami albo bedziesz wklejal co tam chcesz///wybor jest Twoj

HiJackThis i combofix albo nic

[Bartass22]

ComboFix 08-06-16.5 - Bartass 2008-06-17 23:45:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.173 [GMT 2:00]
Running from: C:\Documents and Settings\Bartass\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Bartass\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows Media\10.0\WMSDKNSD.XML

.
((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-17 21:24 . 2008-06-17 21:25 <DIR> d-------- C:\Program Files\CCleaner
2008-06-15 13:55 . 2008-06-15 13:55 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-15 12:15 . 2008-06-15 12:15 <DIR> d-------- C:\Program Files\ABBYY FineReader 6.0
2008-06-15 12:15 . 2008-06-15 12:16 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-06-15 12:14 . 2008-06-15 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
2008-06-15 12:13 . 2008-06-15 12:32 170 --a------ C:\WINDOWS\lexstat.ini
2008-06-15 12:13 . 2008-06-15 12:13 76 --a------ C:\WINDOWS\dellstat.ini
2008-06-15 12:12 . 2006-04-17 19:41 174,592 --a------ C:\WINDOWS\system32\LEXPPS.EXE
2008-06-15 12:12 . 2006-04-17 19:45 155,648 --a------ C:\WINDOWS\system32\LEXPING.EXE
2008-06-15 12:12 . 2006-07-13 07:15 73,728 --a------ C:\WINDOWS\system32\lxczpwr.dll
2008-06-15 12:12 . 2006-07-13 07:28 69,632 --a------ C:\WINDOWS\system32\LXCZCU.DLL
2008-06-15 12:12 . 2002-11-13 09:40 40,960 --a------ C:\WINDOWS\system32\lxczvs.dll
2008-06-15 12:12 . 2002-08-05 07:15 448 --a------ C:\WINDOWS\system32\LXCZ.LOC
2008-06-15 12:11 . 2008-06-15 12:11 <DIR> d-------- C:\Program Files\Lexmark 1200 Series
2008-06-15 12:10 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-15 12:10 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-15 11:54 . 2008-06-15 11:54 <DIR> d-------- C:\Documents and Settings\Bartass\WINDOWS
2008-06-14 23:29 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-14 23:15 . 2008-06-14 23:15 <DIR> d---s---- C:\Documents and Settings\Bartass\UserData
2008-06-14 22:54 . 2008-06-14 22:54 <DIR> d-------- C:\Documents and Settings\Bartass\Dane aplikacji\BESTplayer
2008-06-14 21:41 . 2008-06-14 21:41 <DIR> d-------- C:\Program Files\Sun
2008-06-14 21:40 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-14 21:21 . 2008-06-14 21:21 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-06-14 21:19 . 2008-06-14 21:19 <DIR> d-------- C:\Documents and Settings\Bartass\Dane aplikacji\Ahead
2008-06-14 21:13 . 2008-06-14 21:13 <DIR> d-------- C:\Program Files\Nero
2008-06-14 21:13 . 2008-06-14 21:20 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-14 21:13 . 2008-06-14 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-06-14 21:02 . 2008-06-14 21:02 <DIR> d-------- C:\Program Files\Real Alternative
2008-06-14 21:02 . 2008-06-14 21:02 <DIR> d-------- C:\Program Files\Media Player Classic
2008-06-14 21:01 . 2008-06-14 21:01 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-14 20:58 . 2008-06-14 21:40 <DIR> d-------- C:\Program Files\Java
2008-06-14 20:58 . 2008-06-14 20:58 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-14 16:59 . 2008-06-14 17:09 <DIR> d-------- C:\Program Files\BitComet
2008-06-14 15:32 . 2008-06-14 23:45 186 --a------ C:\MicroSoft.vbs
2008-06-14 15:32 . 2008-06-14 23:45 30 --a------ C:\MicroSoft.bat
2008-06-14 15:25 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 15:25 . 2008-04-14 17:53 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 15:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-14 15:19 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-14 15:19 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-14 15:16 . 2008-06-15 14:03 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-14 15:16 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-14 15:07 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-06-14 15:05 . 2008-06-14 15:05 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-14 15:04 . 2008-06-14 15:04 <DIR> d-------- C:\Program Files\MSBuild
2008-06-14 15:03 . 2008-06-14 15:03 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-14 12:59 . 2008-06-14 12:59 21,856 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-14 12:59 . 2008-06-14 12:59 37 --a------ C:\WINDOWS\vbaddin.ini
2008-06-14 12:59 . 2008-06-14 12:59 36 --a------ C:\WINDOWS\vb.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 18:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 12:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-06-15 10:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-14 12:49 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-06-14 12:49 --------- d-----w C:\Program Files\AvRack
2008-06-14 12:48 --------- d-----w C:\Documents and Settings\Bartass\Dane aplikacji\Winamp
2008-06-14 12:45 --------- d-----w C:\Program Files\Winamp
2008-06-14 12:42 --------- d-----w C:\Documents and Settings\Bartass\Dane aplikacji\Gadu-Gadu
2008-06-14 12:41 --------- d-----w C:\Program Files\Gadu-Gadu
2008-06-14 12:40 --------- d-----w C:\Program Files\XP Codec Pack
2008-06-14 12:20 --------- d-----w C:\Program Files\Norton AntiVirus
2008-06-14 12:16 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-14 12:16 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-14 12:16 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-14 12:16 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-14 12:16 --------- d-----w C:\Program Files\Symantec
2008-06-14 12:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-06-14 11:57 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2008-06-14 11:56 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3869.sys
2008-06-14 11:56 664,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-14 11:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-06-14 11:33 --------- d-----w C:\Program Files\ATI Technologies
2008-06-14 11:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-14 11:03 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-14 11:01 --------- d-----w C:\Program Files\Usługi online
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 21:05 344064]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 01:04 84640]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 19:22 26248]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 09:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 07:33 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-13 14:54]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 12:12:46 C:\WINDOWS\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - Bartass.job"
- C:\PROGRA~1\NORTON~1\Navw32.exef/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 23:47:40
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-17 23:49:02
ComboFix-quarantined-files.txt 2008-06-17 21:48:57

Pre-Run: 1,323,569,152 bajtów wolnych
Post-Run: 1,456,381,952 bajtów wolnych

156 --- E O F --- 2008-06-17 18:23:35
[code][/code]

[ Dodano: Dzisiaj o 23:57 ]
i co teraz bo za bardzo się nie orientuje

[Magik]

i co teraz bo za bardzo się nie orientuje

nie rozumiem Cie.........prosba jest jasna o log z HijackThis i combofix..........teraz dajesz tylko z combofix...........

w logu z combofix'a nic nie widac

Kod: Zaznacz wszystko

Napewno niejednej osobie zdażyło się że svchost.exe po starcie systemu i jak już trochę komp podziałał zjadał nam 100 % użycia procesora i to muliło nam kompa. Sam tak często miałem.
Przyczyną jest usługa AKTUALIZACJE AUTOMATYCZNE
Ten przypadek jest opsiany nawet na stronach Microsoftu
Gdy włączamy Pc system widnows xp szuka jakiś niezainstalowanych aktualizacji Tylko jakich??? :) I to tam właśnie zżera całą moc obliczeniową komputera

ROZWIĄZANIE:
Wystarczy wyłączyć aktualizacje automatycze( PPM na mój komputer>>> właściwości>>>zakładka aktualizacje automatyczne>>> WYŁĄCZYĆ CAŁKIEM
A potem wejść w usługi systemowe i wyłączyć usługę AKTUALIZACJE AUTOMATYCZNE(wybrać: tryb uruchomienia: WYŁĄCZONE)
Potem już tylko restart pc i wszystko gra
Dodam że sposób działa w 80 % przypadków z użyciem 100% CPU przy starcie systemu




postepuj wg tej instrukcji a na koniec wrzuc log z HJT

[Bartass22]

ComboFix 08-06-16.5 - Bartass 2008-06-18 15:45:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.190 [GMT 2:00]
Running from: C:\Documents and Settings\Bartass\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.

2008-06-18 15:41 . 2008-06-18 15:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-17 21:24 . 2008-06-17 21:25 <DIR> d-------- C:\Program Files\CCleaner
2008-06-15 13:55 . 2008-06-15 13:55 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-15 12:15 . 2008-06-15 12:15 <DIR> d-------- C:\Program Files\ABBYY FineReader 6.0
2008-06-15 12:15 . 2008-06-15 12:16 <DIR> d-------- C:\Program Files\ABBYY FineReader 5.0 Sprint
2008-06-15 12:14 . 2008-06-15 12:14 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\BVRP Software
2008-06-15 12:13 . 2008-06-15 12:32 170 --a------ C:\WINDOWS\lexstat.ini
2008-06-15 12:13 . 2008-06-15 12:13 76 --a------ C:\WINDOWS\dellstat.ini
2008-06-15 12:12 . 2006-04-17 19:41 174,592 --a------ C:\WINDOWS\system32\LEXPPS.EXE
2008-06-15 12:12 . 2006-04-17 19:45 155,648 --a------ C:\WINDOWS\system32\LEXPING.EXE
2008-06-15 12:12 . 2006-07-13 07:15 73,728 --a------ C:\WINDOWS\system32\lxczpwr.dll
2008-06-15 12:12 . 2006-07-13 07:28 69,632 --a------ C:\WINDOWS\system32\LXCZCU.DLL
2008-06-15 12:12 . 2002-11-13 09:40 40,960 --a------ C:\WINDOWS\system32\lxczvs.dll
2008-06-15 12:12 . 2002-08-05 07:15 448 --a------ C:\WINDOWS\system32\LXCZ.LOC
2008-06-15 12:11 . 2008-06-15 12:11 <DIR> d-------- C:\Program Files\Lexmark 1200 Series
2008-06-15 12:10 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-06-15 12:10 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-06-15 11:54 . 2008-06-15 11:54 <DIR> d-------- C:\Documents and Settings\Bartass\WINDOWS
2008-06-14 23:29 . 2004-08-04 00:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-14 23:15 . 2008-06-14 23:15 <DIR> d---s---- C:\Documents and Settings\Bartass\UserData
2008-06-14 22:54 . 2008-06-14 22:54 <DIR> d-------- C:\Documents and Settings\Bartass\Dane aplikacji\BESTplayer
2008-06-14 21:41 . 2008-06-14 21:41 <DIR> d-------- C:\Program Files\Sun
2008-06-14 21:40 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-14 21:21 . 2008-06-14 21:21 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-06-14 21:19 . 2008-06-14 21:19 <DIR> d-------- C:\Documents and Settings\Bartass\Dane aplikacji\Ahead
2008-06-14 21:13 . 2008-06-14 21:13 <DIR> d-------- C:\Program Files\Nero
2008-06-14 21:13 . 2008-06-14 21:20 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-14 21:13 . 2008-06-14 21:13 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-06-14 21:02 . 2008-06-14 21:02 <DIR> d-------- C:\Program Files\Real Alternative
2008-06-14 21:02 . 2008-06-14 21:02 <DIR> d-------- C:\Program Files\Media Player Classic
2008-06-14 21:01 . 2008-06-14 21:01 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-14 20:58 . 2008-06-14 21:40 <DIR> d-------- C:\Program Files\Java
2008-06-14 20:58 . 2008-06-14 20:58 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-14 16:59 . 2008-06-14 17:09 <DIR> d-------- C:\Program Files\BitComet
2008-06-14 15:32 . 2008-06-14 23:45 186 --a------ C:\MicroSoft.vbs
2008-06-14 15:32 . 2008-06-14 23:45 30 --a------ C:\MicroSoft.bat
2008-06-14 15:25 . 2008-04-14 17:53 273,024 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 15:25 . 2008-04-14 17:53 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 15:19 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-06-14 15:19 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-06-14 15:19 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-06-14 15:16 . 2008-06-15 14:03 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-14 15:16 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-14 15:07 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-06-14 15:05 . 2008-06-14 15:05 <DIR> d-------- C:\Program Files\Microsoft Works
2008-06-14 15:04 . 2008-06-14 15:04 <DIR> d-------- C:\Program Files\MSBuild
2008-06-14 15:03 . 2008-06-14 15:03 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-06-14 12:59 . 2008-06-14 12:59 21,856 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-06-14 12:59 . 2008-06-14 12:59 37 --a------ C:\WINDOWS\vbaddin.ini
2008-06-14 12:59 . 2008-06-14 12:59 36 --a------ C:\WINDOWS\vb.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 12:28 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-17 18:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 12:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-06-14 12:49 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-06-14 12:49 --------- d-----w C:\Program Files\AvRack
2008-06-14 12:48 --------- d-----w C:\Documents and Settings\Bartass\Dane aplikacji\Winamp
2008-06-14 12:45 --------- d-----w C:\Program Files\Winamp
2008-06-14 12:42 --------- d-----w C:\Documents and Settings\Bartass\Dane aplikacji\Gadu-Gadu
2008-06-14 12:41 --------- d-----w C:\Program Files\Gadu-Gadu
2008-06-14 12:40 --------- d-----w C:\Program Files\XP Codec Pack
2008-06-14 12:20 --------- d-----w C:\Program Files\Norton AntiVirus
2008-06-14 12:16 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-06-14 12:16 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-06-14 12:16 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-06-14 12:16 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-06-14 12:16 --------- d-----w C:\Program Files\Symantec
2008-06-14 12:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec
2008-06-14 11:57 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2008-06-14 11:56 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd3869.sys
2008-06-14 11:56 664,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-14 11:41 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-06-14 11:33 --------- d-----w C:\Program Files\ATI Technologies
2008-06-14 11:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-14 11:03 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-14 11:01 --------- d-----w C:\Program Files\Usługi online
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:16 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:03 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 21:05 344064]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 01:04 84640]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 19:22 26248]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 09:34 57344 C:\WINDOWS\SOUNDMAN.EXE]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Lexmark 1200 Series"="C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 07:33 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-09-13 14:54]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-14 12:12:46 C:\WINDOWS\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - Bartass.job"
- C:\PROGRA~1\NORTON~1\Navw32.exef/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 15:47:28
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-18 15:48:41
ComboFix-quarantined-files.txt 2008-06-18 13:48:36

Pre-Run: 1,049,710,592 bajtów wolnych
Post-Run: 1,057,697,792 bajtów wolnych

152 --- E O F --- 2008-06-17 18:23:35

[ Dodano: Dzisiaj o 16:01 ]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:45, on 2008-06-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 6970 bytes

[ Dodano: Dzisiaj o 16:02 ]
czekam na pomoc

[Magik]

Ten log jest czysty

Tak btw, jestes dobry.........3x mowa jest o logu z HJT a Ty wklejasz teraz znowu z combofix'a eheheheheh

Nic nie wskazuje na wirusa, choc naprawde blagam o ten log z HijackThis
Zrobiles to co napislem wyzej?? wylaczyles automatyczne aktualizacje??

+ to:
Przeczytaj to

[Bartass22]

to co ja wkleiłem z tego HijackThis ?

[Magik]

to co ja wkleiłem z tego HijackThis ?

nie, za kazdym razem wrzucasz log z combofix'a

http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

wklej ten log i zrob to co jest napsiane w linku, ktory Ci podalem wyzej........Jak zrobisz te operacje dopeiro napisz post, wklej log i napisz czy cos dalo po zastosowaniu sie do informacji na tametj stronie

Pozdrawiam

[Bartass22]

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:45, on 2008-06-18
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 6970 bytes


[ Dodano: Dzisiaj o 16:23 ]
to co to jest według ciebie ?

[Magik]

to co to jest według ciebie ?

Twoj poprzedni post przeczytalem zanim zrobiles edit LuuUzik

Dzieki

Na podstawie logo z combo i Hijacka' mozna smailo wykluczyc wirusa///kompek masz czysty

czyli postepuj wg instrukcji

Svhost

i bedzie Gut

Pozdrawiam

[Bartass22]

no i jest narazie dobrze dzięki za pomoc