akeen
-
Postów
1 -
Dołączył
-
Ostatnia wizyta
Osiągnięcia akeen
Newbie (1/14)
0
Reputacja
-
Prosze O Sprawdzenie Loga (dodany Log Z Combofix)
akeen opublikował(a) temat w Centrum Bezpieczeństwa
Witam, czasami komputer bardzo zwalnia nie wiem czemu proszę o sprawdzenie loga. Z góry dzięki 8O logi: HiJackThis: » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "HJT" Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:20:39, on 2009-01-18 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\taskmgr.exe E:\Mozilla Firefox\firefox.exe C:\Program Files\Tlen.pl\tlen.exe C:\Documents and Settings\SysOp\Pulpit\HiJackThis.exe C:\WINDOWS\AhnRpta.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe O4 - HKCU\..\Run: [cbvcs] C:\WINDOWS\system32\urretnd.exe O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{063101A1-562D-4EE8-8008-FB65F1F1AD82}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip\..\{063101A1-562D-4EE8-8008-FB65F1F1AD82}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip\..\{063101A1-562D-4EE8-8008-FB65F1F1AD82}: NameServer = 194.204.159.1 217.98.63.164 O23 - Service: Usługa bramy warstwy aplikacji (ALG) - THOMSON - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5466 bytes SR: » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "SR" "Silent Runners.vbs", revision 59, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "amva" = "C:\WINDOWS\system32\amvo.exe" [null data] "cdoosoft" = "C:\WINDOWS\system32\olhrwef.exe" [null data] "cbvcs" = "C:\WINDOWS\system32\urretnd.exe" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"] "WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{BB4C402F-882A-4526-8C08-51278EA437C1}" = "hook dll rising" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\afmain0.dll" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshserviceobj.dll" [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoSMHelp" = (REG_DWORD) dword:0x00000001 {User Configuration|Administrative Templates|Start Menu and Taskbar| Remove Help menu from Start Menu} "NoSMConfigurePrograms" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "NoRecentDocsMenu" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "NoRecentDocsHistory" = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "NoInternetOpenWith" = (REG_DWORD) dword:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Autostart via AUTORUN.INF on local fixed drives: ------------------------------------------------ C:\ <<!>> C:\AUTORUN.INF -> "open=2.exe" [null data] D:\ <<!>> D:\AUTORUN.INF -> "open=2.exe" [null data] E:\ <<!>> E:\AUTORUN.INF -> "open=2.exe" [null data] F:\ <<!>> F:\AUTORUN.INF -> "open=2.exe" [null data] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] NeroAutoPlay8AudioToNeroDigital\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"] NeroAutoPlay8CDAudio\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "CDAudio_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:AudioCD" ["Nero AG"] NeroAutoPlay8CopyCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:DiscCopy %L" ["Nero AG"] NeroAutoPlay8DataDisc_CD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "DataDisc_CD_HandleCDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_CD_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /New:ISODisc /Media:CD %L" ["Nero AG"] NeroAutoPlay8DataDisc_DVD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "DataDisc_DVD_HandleDVDBurningOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_DVD_HandleDVDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /New:ISODisc /Media:DVD %L" ["Nero AG"] NeroAutoPlay8RipCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay8" "InvokeVerb" = "RipCD_PlayCDAudioOnArrival" HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"] WinampMTPHandler\ "Provider" = "Winamp" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Program Files\Winamp\winamp.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] WinampPlayMediaOnArrival\ "Provider" = "Winamp" "InvokeProgID" = "Winamp.File" "InvokeVerb" = "Play" HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}" -> {HKLM...CLSID} = (no title provided) \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SYSTEMROOT%\system32\nvLsp.dll ["NVIDIA"], 01 - 03, 10 %SystemRoot%\system32\mswsock.dll [MS], 04 - 07, 11 - 22 %SystemRoot%\system32\rsvpsp.dll [MS], 08 - 09 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Badanie" {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] ForceWare Intelligent Application Manager (IAM), ForceWare Intelligent Application Manager (IAM), "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe" [empty string] ForceWare IP service, nSvcIp, "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe" [null data] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS] ---------- (launch time: 2009-01-18 16:25:41) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 86 seconds. ---------- (total run time: 139 seconds) Drugi problem to często gdy włączam komputer wyskakuje mi blue screen z błędem DRIVER_IRQL_NOT_LESS_OR_EQUAL Nie jestem wielkim mózgiem w dziedzinie komputerów także każda pomoc jest mile widziana:) ComboFix: » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "CF" ComboFix 09-01-17.04 - SysOp 2009-01-18 16:37:30.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1603 [GMT 1:00] Uruchomiony z: c:\documents and settings\SysOp\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\2.exe C:\Autorun.inf C:\j60osk9.cmd c:\windows\system32\amvo.exe D:\Autorun.inf D:\j60osk9.cmd D:\qquq.bat E:\Autorun.inf E:\j60osk9.cmd E:\qquq.bat F:\Autorun.inf F:\j60osk9.cmd F:\qquq.bat . ((((((((((((((((((((((((( Pliki utworzone od 2008-12-18 do 2009-01-18 ))))))))))))))))))))))))))))))) . 2009-01-18 05:20 . 2009-01-18 05:20 107,289 -r-hs---- C:\v63enh.exe 2009-01-17 07:40 . 2009-01-18 05:20 107,289 -r-hs---- c:\windows\system32\urretnd.exe 2009-01-17 07:40 . 2009-01-17 07:40 106,047 -r-hs---- C:\982um3s9.exe 2009-01-17 07:40 . 2009-01-18 05:20 89,600 -r-hs---- c:\windows\system32\optyhww0.dll 2009-01-16 20:33 . 2009-01-17 14:29 110,003 -r-hs---- C:\x2csvg.exe 2009-01-16 14:29 . 2009-01-16 14:30 45,094 --a------ C:\romini.dmp 2009-01-15 21:40 . 2009-01-15 21:40 <DIR> d-------- c:\program files\Winamp 2009-01-15 21:40 . 2009-01-15 22:40 <DIR> d-------- c:\documents and settings\SysOp\Dane aplikacji\Winamp 2009-01-15 21:22 . 2009-01-15 21:22 89,600 -r-hs---- c:\windows\system32\cvnmhg1.dll 2009-01-15 21:16 . 2009-01-15 21:16 <DIR> d-------- c:\program files\Common Files\INCA Shared 2009-01-15 21:16 . 2003-07-19 16:17 5,174 --a------ c:\windows\system32\nppt9x.vxd 2009-01-15 21:16 . 2005-01-03 07:43 4,682 --a------ c:\windows\system32\npptNT2.sys 2009-01-14 22:19 . 2009-01-18 15:06 110,834 -r-hs---- c:\windows\system32\olhrwef.exe 2009-01-14 22:19 . 2009-01-15 21:42 108,940 -r-hs---- C:\ve.exe 2009-01-14 22:19 . 2009-01-18 14:58 95,744 -r-hs---- c:\windows\system32\nmdfgds1.dll 2009-01-14 22:19 . 2009-01-18 16:11 95,744 -r-hs---- c:\windows\system32\nmdfgds0.dll 2009-01-14 22:18 . 2008-12-31 18:03 70,144 --a------ c:\windows\AhnRpta.exe 2009-01-14 22:14 . 2009-01-14 22:14 <DIR> d-------- c:\documents and settings\SysOp\Dane aplikacji\Tlen.pl 2009-01-14 22:14 . 2009-01-14 22:14 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Tlen.pl 2009-01-14 22:13 . 2009-01-14 22:13 <DIR> d-------- c:\program files\Tlen.pl 2009-01-14 22:10 . 2009-01-18 16:11 89,600 -r-hs---- c:\windows\system32\cvnmhg0.dll 2009-01-14 22:10 . 2009-01-14 22:10 0 --a------ c:\windows\nsreg.dat 2009-01-14 22:06 . 2009-01-14 22:06 <DIR> d-------- c:\documents and settings\SysOp\Gadu-Gadu 2009-01-14 22:02 . 2009-01-14 22:02 <DIR> d-------- c:\windows\SHELLNEW 2009-01-14 22:02 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll 2009-01-14 22:02 . 2009-01-14 22:02 421 --a------ c:\windows\ODBC.INI 2009-01-14 22:00 . 2009-01-14 22:00 <DIR> dr-h----- C:\MSOCache 2009-01-14 21:27 . 2009-01-14 21:27 8,192 --a------ c:\windows\REGLOCS.OLD 2009-01-14 21:22 . 2009-01-14 21:22 <DIR> d-------- c:\program files\Thomson 2009-01-14 21:22 . 2009-01-14 21:22 <DIR> d-------- c:\program files\Neostrada TP 2009-01-14 21:22 . 2003-12-08 11:53 70,688 --a------ c:\windows\system32\drivers\alcaudsl.sys 2009-01-14 21:22 . 2003-12-08 11:53 53,600 --a------ c:\windows\system32\drivers\alcan5wn.sys 2009-01-14 21:22 . 2003-12-08 11:53 5,606 --a------ c:\windows\system32\stci.dll 2009-01-14 21:22 . 2003-12-08 11:53 5,280 --a------ c:\windows\system32\drivers\alcawh.sys 2009-01-14 21:22 . 2003-12-08 11:53 3,968 --a------ c:\windows\system32\drivers\alcacr.sys 2009-01-14 21:21 . 2009-01-14 21:21 <DIR> d--hs---- c:\windows\ftpcache 2009-01-14 21:10 . 2009-01-14 21:10 <DIR> d-------- c:\program files\Nero 2009-01-14 21:10 . 2009-01-14 21:10 <DIR> d-------- c:\program files\Common Files\Nero 2009-01-14 21:10 . 2009-01-14 21:10 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Nero 2009-01-14 21:06 . 2007-09-24 23:31 69,632 --a------ c:\windows\system32\javacpl.cpl 2009-01-14 21:05 . 2009-01-14 21:06 <DIR> d-------- c:\program files\Java 2009-01-14 21:05 . 2009-01-14 21:05 <DIR> d-------- c:\program files\Common Files\Java 2009-01-14 21:04 . 2009-01-14 21:04 <DIR> d-------- c:\program files\Windows Doctor 2009-01-14 21:04 . 2009-01-14 21:04 <DIR> d-------- c:\program files\Real Alternative 2009-01-14 21:03 . 2009-01-14 21:03 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-01-14 21:02 . 2009-01-14 21:03 <DIR> d-------- c:\documents and settings\SysOp\Dane aplikacji\BESTplayer 2009-01-14 21:01 . 2009-01-14 21:01 <DIR> d-------- c:\program files\Common Files\Adobe . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-14 20:22 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-14 20:22 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-14 19:22 --------- d-----w c:\program files\Alwil Software 2009-01-14 19:11 --------- d-----w c:\program files\EXPERTool 2009-01-14 19:07 315,392 ----a-w c:\windows\HideWin.exe 2009-01-14 19:07 --------- d-----w c:\program files\Realtek 2009-01-14 19:05 --------- d-----w c:\program files\AMD 2009-01-14 19:05 --------- d-----w c:\documents and settings\SysOp\Dane aplikacji\InstallShield 2009-01-14 19:03 --------- d-----w c:\program files\NVIDIA Corporation 2009-01-14 18:45 --------- d-----w c:\program files\Windows Media Connect 2 2008-12-31 17:07 58,880 ----a-w c:\windows\system32\sol.exe 2008-12-31 17:07 57,344 ----a-w c:\windows\system32\freecell.exe 2008-12-31 17:07 130,048 ----a-w c:\windows\system32\mshearts.exe 2008-12-31 17:07 121,856 ----a-w c:\windows\system32\winmine.exe 2008-12-31 17:07 1,564,672 ----a-w c:\windows\system32\spider.exe 2008-12-31 17:07 1,384,960 ----a-w c:\windows\system32\cards.dll 2008-12-31 17:06 13,070,848 ----a-w c:\windows\system32\wmploc.dll 2008-12-31 17:05 94,720 ----a-w c:\windows\system32\mshta.exe 2008-12-31 17:05 920,064 ----a-w c:\windows\system32\wininet.dll 2008-12-31 17:05 70,144 ----a-w c:\windows\system32\iesetup.dll 2008-12-31 17:05 105,984 ----a-w c:\windows\system32\admparse.dll 2008-12-31 17:03 99,840 ----a-w c:\windows\system32\msiexec.exe 2008-12-31 17:02 949,760 ----a-w c:\windows\system32\wsecedit.dll 2008-12-31 17:01 740,864 ----a-w c:\windows\system32\regwizc.dll 2008-12-31 17:01 641,024 ----a-w c:\windows\system32\shdoclc.dll 2008-12-31 17:01 6,874,624 ----a-w c:\windows\system32\shimgvw.dll 2008-12-31 17:01 58,368 ----a-w c:\windows\system32\sendmail.dll 2008-12-31 17:01 36,864 ----a-w c:\windows\system32\shscrap.dll 2008-12-31 17:01 188,416 ----a-w c:\windows\system32\scrobj.dll 2008-12-31 17:01 152,064 ----a-w c:\windows\system32\remotepg.dll 2008-12-31 17:01 135,168 ----a-w c:\windows\system32\servdeps.dll 2008-12-31 17:01 1,392,640 ----a-w c:\windows\system32\setupapi.dll 2008-12-31 16:59 98,816 ----a-w c:\windows\system32\inetres.dll 2008-12-31 16:58 93,184 ----a-w c:\windows\system32\digest.dll 2008-12-31 16:57 89,600 ----a-w c:\windows\system32\cabview.dll 2008-12-31 16:57 724,992 ----a-w c:\windows\system32\comctl32.dll 2008-12-31 16:57 520,192 ----a-w c:\windows\system32\cmdial32.dll 2008-12-31 16:57 38,400 ----a-w c:\windows\system32\batmeter.dll 2008-12-31 16:57 372,224 ----a-w c:\windows\system32\appmgr.dll 2008-12-31 16:57 33,280 ----a-w c:\windows\system32\batt.dll 2008-12-31 16:57 306,176 ----a-w c:\windows\system32\cmprops.dll 2008-12-31 16:57 294,400 ----a-w c:\windows\system32\audiodev.dll 2008-12-31 16:57 222,208 ----a-w c:\windows\system32\capesnpn.dll 2008-12-31 16:57 140,800 ----a-w c:\windows\system32\acctres.dll 2008-12-31 16:57 1,218,048 ----a-w c:\windows\system32\certmgr.dll 2008-12-31 16:40 62,208 ----a-w c:\windows\system32\drivers\si3112.sys 2008-12-31 16:39 361,344 ----a-w c:\windows\system32\drivers\tcpip.sys 2008-12-31 16:39 219,648 ----a-w c:\windows\system32\uxtheme.dll 2008-12-31 16:39 143,872 ----a-w c:\windows\system32\drivers\usbport.sys 2008-12-31 16:39 140,800 ----a-w c:\windows\system32\sfc_os.dll 2008-12-31 16:38 999,936 ----a-w c:\windows\system32\syssetup.dll 2008-12-31 16:38 97,792 ----a-w c:\windows\system32\psbase.dll 2008-12-31 16:38 74,240 ----a-w c:\windows\system32\mscms.dll 2008-12-31 16:38 712,704 ----a-w c:\windows\system32\windowscodecs.dll 2008-12-31 16:38 347,648 ----a-w c:\windows\system32\windowscodecsext.dll 2008-12-31 16:38 330,752 ----a-w c:\windows\system32\ipnathlp.dll 2008-12-31 16:38 273,024 ----a-w c:\windows\system32\drivers\bthport.sys 2008-12-31 16:37 937,984 ----a-w c:\windows\system32\wmnetmgr.dll 2008-12-31 16:37 691,712 ----a-w c:\windows\system32\inetcomm.dll 2008-12-31 16:37 63,488 ----a-w c:\windows\system32\wpdmtpus.dll 2008-12-31 16:37 253,952 ----a-w c:\windows\system32\es.dll 2008-12-31 16:37 229,376 ----a-w c:\windows\system32\cewmdm.dll 2008-12-31 16:37 211,456 ----a-w c:\windows\system32\qasf.dll 2008-12-31 16:37 203,136 ----a-w c:\windows\system32\drivers\RMCast.sys 2008-12-31 16:37 199,168 ----a-w c:\windows\system32\portabledevicewmdrm.dll 2008-12-31 16:37 175,616 ----a-w c:\windows\system32\mspmsp.dll 2008-12-31 16:37 1,117,696 ----a-w c:\windows\system32\wmadmoe.dll 2008-12-31 16:36 61,952 ----a-w c:\windows\system32\hdaudpropshortcut.exe 2008-12-31 16:36 5,120 ----a-w c:\windows\system32\hdaudpropres.dll 2008-12-31 16:36 48,128 ----a-w c:\windows\system32\mshtmler.dll 2008-12-31 16:36 414,720 ----a-w c:\windows\system32\msscp.dll 2008-12-31 16:36 40,960 ----a-w c:\windows\system32\licmgr10.dll 2008-12-31 16:36 36,352 ----a-w c:\windows\system32\imgutil.dll 2008-12-31 16:36 26,112 ----a-w c:\windows\system32\idndl.dll 2008-12-31 16:36 24,576 ----a-w c:\windows\system32\nlsdl.dll 2008-12-31 16:36 24,064 ----a-w c:\windows\system32\hdaudprop.dll 2008-12-31 16:36 23,552 ----a-w c:\windows\system32\normaliz.dll 2008-12-31 16:36 156,160 ----a-w c:\windows\system32\msls31.dll 2008-12-31 16:36 113,664 ----a-w c:\windows\inf\hdaudio.sys 2008-12-31 16:35 99,840 ----a-w c:\windows\system32\wmpshell.dll 2008-12-31 16:35 78,336 ----a-w c:\windows\system32\ieencode.dll 2008-12-31 16:35 603,648 ----a-w c:\windows\system32\wmspdmod.dll 2008-12-31 16:35 4,096 ----a-w c:\windows\system32\wmvdmoe2.dll 2008-12-31 16:35 4,096 ----a-w c:\windows\system32\wmvdmod.dll 2008-12-31 16:35 4,096 ----a-w c:\windows\system32\wmsdmoe2.dll 2008-12-31 16:35 4,096 ----a-w c:\windows\system32\wmsdmod.dll 2008-12-31 16:35 314,880 ----a-w c:\windows\system32\wmpdxm.dll 2008-12-31 16:35 242,688 ----a-w c:\windows\system32\wmpasf.dll 2008-12-31 16:35 17,408 ----a-w c:\windows\system32\corpol.dll 2008-12-31 16:35 1,329,152 ----a-w c:\windows\system32\wmspdmoe.dll 2008-12-28 15:18 363,520 ----a-w c:\windows\system32\logon.scr 2008-12-23 15:31 2,148,864 ----a-w c:\windows\system32\ntoskrnl.exe 2008-12-13 06:39 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll 2008-11-25 08:45 2,283,027 ----a-w c:\windows\system32\x264vfw.dll 2008-11-25 07:00 1,424,384 ----a-w c:\windows\system32\logonui.exe 2008-11-24 14:32 57,344 ----a-w c:\windows\system32\ff_vfw.dll 2008-11-09 16:03 2,911,744 ----a-w c:\windows\system32\msgina.dll 2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll 2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll 2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll . ------- Sigcheck ------- 2007-07-11 05:06 642560 ce594e18fe0d0af804f1f3694921ce62 c:\windows\system32\user32.dll 2008-12-31 18:05 920064 88348f8c92c28ba99fe49bd392100ce0 c:\windows\system32\wininet.dll 2008-12-31 17:39 361344 030dc4d48cc2b894fee2f390d8e66ad5 c:\windows\system32\drivers\tcpip.sys 2008-12-31 18:04 549888 335813eacd16e84f3047a3326f6e5473 c:\windows\system32\winlogon.exe 2008-12-31 18:13 2027520 d3b530dd991cd66b97bdc4f5b30cba00 c:\windows\system32\ntkrnlpa.exe 2008-12-23 16:31 2148864 8961578e8501d65294803c0b0eaf8f47 c:\windows\system32\ntoskrnl.exe 2008-12-31 18:03 1553408 bda7a4169bf5e1f3ee76b017396e4f47 c:\windows\explorer.exe 2008-12-31 18:04 112128 37ed43f3dec4400586554d61c3129478 c:\windows\system32\wuauclt.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdoosoft"="c:\windows\system32\olhrwef.exe" [2009-01-18 110834] "cbvcs"="c:\windows\system32\urretnd.exe" [2009-01-18 107289] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="shell32" [X] "_nltide_3"="advpack.dll" [2008-12-31 c:\windows\system32\advpack.dll] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{BB4C402F-882A-4526-8C08-51278EA437C1}"= "c:\windows\system32\afmain0.dll" [2008-12-31 78848] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Tlen.pl\\tlen.exe"= "d:\\Rohan\\rohanclient.exe"= "e:\\pliki z pulpitu\\Nowy folder\\RohanBotEn1.0.24b\\Rohanbot.exe"= "e:\\Rohan\\rohanclient.exe"= "c:\\Documents and Settings\\SysOp\\Pulpit\\RohanBotEn1.0.26b\\Rohanbot.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-14 78416] R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-14 20560] S3 dump_wmimmc;dump_wmimmc;\??\e:\rohan\GameGuard\dump_wmimmc.sys --> e:\rohan\GameGuard\dump_wmimmc.sys [?] S3 NTProcDrv;Process creation detector for NT.;e:\pliki z pulpitu\Nowy folder\RohanBotEn1.0.24b\NTProcDrv.sys [2009-01-16 3584] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16651058-e3d1-11dd-ad04-000e50e2c979}] \Shell\AutoRun\command - H:\2.exe \Shell\open\Command - H:\2.exe . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.com/ IE: E&ksport do programu Microsoft Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\nvLsp.dll TCP: {063101A1-562D-4EE8-8008-FB65F1F1AD82} = 194.204.159.1 217.98.63.164 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-18 16:38:24 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ProgID] @DACL=(02 0000) @="AcroIEHelper.AcroIEHlprObj.1" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\Programmable] @DACL=(02 0000) @="" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\TypeLib] @DACL=(02 0000) @="{5F226421-415D-408D-9A09-0DCD94E25B48}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\VersionIndependentProgID] @DACL=(02 0000) @="AcroIEHelper.AcroIEHlprObj" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(768) c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(828) c:\windows\system32\scecli.dll c:\windows\system32\nvLsp.dll . Czas ukończenia: 2009-01-18 16:38:56 ComboFix-quarantined-files.txt 2009-01-18 15:38:55 Przed: 15 038 574 592 bajtów wolnych Po: 15,055,245,312 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer 282
