Prosze O Sprawdzenie Loga (dodany Log Z Combofix)

[akeen]

Witam, czasami komputer bardzo zwalnia nie wiem czemu proszę o sprawdzenie loga. Z góry dzięki 8O

 

 

logi:

HiJackThis:

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "HJT"

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:20:39, on 2009-01-18

Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\taskmgr.exe

E:\Mozilla Firefox\firefox.exe

C:\Program Files\Tlen.pl\tlen.exe

C:\Documents and Settings\SysOp\Pulpit\HiJackThis.exe

C:\WINDOWS\AhnRpta.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe

O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe

O4 - HKCU\..\Run: [cbvcs] C:\WINDOWS\system32\urretnd.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{063101A1-562D-4EE8-8008-FB65F1F1AD82}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS1\Services\Tcpip\..\{063101A1-562D-4EE8-8008-FB65F1F1AD82}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS2\Services\Tcpip\..\{063101A1-562D-4EE8-8008-FB65F1F1AD82}: NameServer = 194.204.159.1 217.98.63.164

O23 - Service: Usługa bramy warstwy aplikacji (ALG) - THOMSON - (no file)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

--

End of file - 5466 bytes

SR:

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "SR"

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"amva" = "C:\WINDOWS\system32\amvo.exe" [null data]

"cdoosoft" = "C:\WINDOWS\system32\olhrwef.exe" [null data]

"cbvcs" = "C:\WINDOWS\system32\urretnd.exe" [null data]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]

"WinampAgent" = ""C:\Program Files\Winamp\winampa.exe"" [null data]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"

-> {HKLM...CLSID} = "History Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

<<!>> "{BB4C402F-882A-4526-8C08-51278EA437C1}" = "hook dll rising"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\afmain0.dll" [null data]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\wpdshserviceobj.dll" [MS]

 

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

 

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

 

 

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

 

Note: detected settings may not have any effect.

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

 

"NoSMHelp" = (REG_DWORD) dword:0x00000001

{User Configuration|Administrative Templates|Start Menu and Taskbar|

Remove Help menu from Start Menu}

 

"NoSMConfigurePrograms" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

"ClearRecentDocsOnExit" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

"NoRecentDocsMenu" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

"NoRecentDocsHistory" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

 

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

 

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

 

"NoInternetOpenWith" = (REG_DWORD) dword:0x00000001

{unrecognized setting}

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

 

 

Enabled Screen Saver:

---------------------

 

HKCU\Control Panel\Desktop\

"SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS]

 

 

Autostart via AUTORUN.INF on local fixed drives:

------------------------------------------------

 

C:\

<<!>> C:\AUTORUN.INF -> "open=2.exe" [null data]

 

D:\

<<!>> D:\AUTORUN.INF -> "open=2.exe" [null data]

 

E:\

<<!>> E:\AUTORUN.INF -> "open=2.exe" [null data]

 

F:\

<<!>> F:\AUTORUN.INF -> "open=2.exe" [null data]

 

 

Windows Portable Device AutoPlay Handlers

-----------------------------------------

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

 

MSWPDShellNamespaceHandler\

"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"

"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"

"InitCmdLine" = " "

-> {HKLM...CLSID} = "WPDShextAutoplay"

\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

 

NeroAutoPlay8AudioToNeroDigital\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "AudioToNeroDigital_PlayCDAudioOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\AudioToNeroDigital_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

 

NeroAutoPlay8CDAudio\

"Provider" = "Nero Express"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "CDAudio_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CDAudio_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe -w /New:AudioCD" ["Nero AG"]

 

NeroAutoPlay8CopyCD\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "CopyCD_PlayMusicFilesOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\CopyCD_PlayMusicFilesOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:DiscCopy %L" ["Nero AG"]

 

NeroAutoPlay8DataDisc_CD\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "DataDisc_CD_HandleCDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_CD_HandleCDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /New:ISODisc /Media:CD %L" ["Nero AG"]

 

NeroAutoPlay8DataDisc_DVD\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "DataDisc_DVD_HandleDVDBurningOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\DataDisc_DVD_HandleDVDBurningOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /New:ISODisc /Media:DVD %L" ["Nero AG"]

 

NeroAutoPlay8RipCD\

"Provider" = "Nero Burning ROM"

"InvokeProgID" = "Nero.AutoPlay8"

"InvokeVerb" = "RipCD_PlayCDAudioOnArrival"

HKLM\SOFTWARE\Classes\Nero.AutoPlay8\shell\RipCD_PlayCDAudioOnArrival\command\(Default) = "C:\Program Files\Nero\Nero8\Nero Burning Rom\nero.exe /Dialog:SaveTracks %L" ["Nero AG"]

 

WinampMTPHandler\

"Provider" = "Winamp"

"ProgID" = "Shell.HWEventHandlerShellExecute"

"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"

HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"

-> {HKLM...CLSID} = "ShellExecute HW Event Handler"

\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

 

WinampPlayMediaOnArrival\

"Provider" = "Winamp"

"InvokeProgID" = "Winamp.File"

"InvokeVerb" = "Play"

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]

HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"

-> {HKLM...CLSID} = (no title provided)

\LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SYSTEMROOT%\system32\nvLsp.dll ["NVIDIA"], 01 - 03, 10

%SystemRoot%\system32\mswsock.dll [MS], 04 - 07, 11 - 22

%SystemRoot%\system32\rsvpsp.dll [MS], 08 - 09

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Explorer Bars

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

 

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

 

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Badanie"

 

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]

avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]

avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]

ForceWare Intelligent Application Manager (IAM), ForceWare Intelligent Application Manager (IAM), "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe" [empty string]

ForceWare IP service, nSvcIp, "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe" [null data]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

 

 

Print Monitors:

---------------

 

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

 

 

---------- (launch time: 2009-01-18 16:25:41)

<<!>>: Suspicious data at a malware launch point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

took 86 seconds.

---------- (total run time: 139 seconds)

Drugi problem to często gdy włączam komputer wyskakuje mi blue screen z błędem

DRIVER_IRQL_NOT_LESS_OR_EQUAL Nie jestem wielkim mózgiem w dziedzinie komputerów także każda pomoc jest mile widziana:)

 

 

ComboFix:

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "CF"

ComboFix 09-01-17.04 - SysOp 2009-01-18 16:37:30.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1603 [GMT 1:00]

Uruchomiony z: c:\documents and settings\SysOp\Pulpit\ComboFix.exe

* Utworzono nowy punkt przywracania

.

 

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\2.exe

C:\Autorun.inf

C:\j60osk9.cmd

c:\windows\system32\amvo.exe

D:\Autorun.inf

D:\j60osk9.cmd

D:\qquq.bat

E:\Autorun.inf

E:\j60osk9.cmd

E:\qquq.bat

F:\Autorun.inf

F:\j60osk9.cmd

F:\qquq.bat

 

.

((((((((((((((((((((((((( Pliki utworzone od 2008-12-18 do 2009-01-18 )))))))))))))))))))))))))))))))

.

 

2009-01-18 05:20 . 2009-01-18 05:20 107,289 -r-hs---- C:\v63enh.exe

2009-01-17 07:40 . 2009-01-18 05:20 107,289 -r-hs---- c:\windows\system32\urretnd.exe

2009-01-17 07:40 . 2009-01-17 07:40 106,047 -r-hs---- C:\982um3s9.exe

2009-01-17 07:40 . 2009-01-18 05:20 89,600 -r-hs---- c:\windows\system32\optyhww0.dll

2009-01-16 20:33 . 2009-01-17 14:29 110,003 -r-hs---- C:\x2csvg.exe

2009-01-16 14:29 . 2009-01-16 14:30 45,094 --a------ C:\romini.dmp

2009-01-15 21:40 . 2009-01-15 21:40 <DIR> d-------- c:\program files\Winamp

2009-01-15 21:40 . 2009-01-15 22:40 <DIR> d-------- c:\documents and settings\SysOp\Dane aplikacji\Winamp

2009-01-15 21:22 . 2009-01-15 21:22 89,600 -r-hs---- c:\windows\system32\cvnmhg1.dll

2009-01-15 21:16 . 2009-01-15 21:16 <DIR> d-------- c:\program files\Common Files\INCA Shared

2009-01-15 21:16 . 2003-07-19 16:17 5,174 --a------ c:\windows\system32\nppt9x.vxd

2009-01-15 21:16 . 2005-01-03 07:43 4,682 --a------ c:\windows\system32\npptNT2.sys

2009-01-14 22:19 . 2009-01-18 15:06 110,834 -r-hs---- c:\windows\system32\olhrwef.exe

2009-01-14 22:19 . 2009-01-15 21:42 108,940 -r-hs---- C:\ve.exe

2009-01-14 22:19 . 2009-01-18 14:58 95,744 -r-hs---- c:\windows\system32\nmdfgds1.dll

2009-01-14 22:19 . 2009-01-18 16:11 95,744 -r-hs---- c:\windows\system32\nmdfgds0.dll

2009-01-14 22:18 . 2008-12-31 18:03 70,144 --a------ c:\windows\AhnRpta.exe

2009-01-14 22:14 . 2009-01-14 22:14 <DIR> d-------- c:\documents and settings\SysOp\Dane aplikacji\Tlen.pl

2009-01-14 22:14 . 2009-01-14 22:14 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Tlen.pl

2009-01-14 22:13 . 2009-01-14 22:13 <DIR> d-------- c:\program files\Tlen.pl

2009-01-14 22:10 . 2009-01-18 16:11 89,600 -r-hs---- c:\windows\system32\cvnmhg0.dll

2009-01-14 22:10 . 2009-01-14 22:10 0 --a------ c:\windows\nsreg.dat

2009-01-14 22:06 . 2009-01-14 22:06 <DIR> d-------- c:\documents and settings\SysOp\Gadu-Gadu

2009-01-14 22:02 . 2009-01-14 22:02 <DIR> d-------- c:\windows\SHELLNEW

2009-01-14 22:02 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll

2009-01-14 22:02 . 2009-01-14 22:02 421 --a------ c:\windows\ODBC.INI

2009-01-14 22:00 . 2009-01-14 22:00 <DIR> dr-h----- C:\MSOCache

2009-01-14 21:27 . 2009-01-14 21:27 8,192 --a------ c:\windows\REGLOCS.OLD

2009-01-14 21:22 . 2009-01-14 21:22 <DIR> d-------- c:\program files\Thomson

2009-01-14 21:22 . 2009-01-14 21:22 <DIR> d-------- c:\program files\Neostrada TP

2009-01-14 21:22 . 2003-12-08 11:53 70,688 --a------ c:\windows\system32\drivers\alcaudsl.sys

2009-01-14 21:22 . 2003-12-08 11:53 53,600 --a------ c:\windows\system32\drivers\alcan5wn.sys

2009-01-14 21:22 . 2003-12-08 11:53 5,606 --a------ c:\windows\system32\stci.dll

2009-01-14 21:22 . 2003-12-08 11:53 5,280 --a------ c:\windows\system32\drivers\alcawh.sys

2009-01-14 21:22 . 2003-12-08 11:53 3,968 --a------ c:\windows\system32\drivers\alcacr.sys

2009-01-14 21:21 . 2009-01-14 21:21 <DIR> d--hs---- c:\windows\ftpcache

2009-01-14 21:10 . 2009-01-14 21:10 <DIR> d-------- c:\program files\Nero

2009-01-14 21:10 . 2009-01-14 21:10 <DIR> d-------- c:\program files\Common Files\Nero

2009-01-14 21:10 . 2009-01-14 21:10 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Nero

2009-01-14 21:06 . 2007-09-24 23:31 69,632 --a------ c:\windows\system32\javacpl.cpl

2009-01-14 21:05 . 2009-01-14 21:06 <DIR> d-------- c:\program files\Java

2009-01-14 21:05 . 2009-01-14 21:05 <DIR> d-------- c:\program files\Common Files\Java

2009-01-14 21:04 . 2009-01-14 21:04 <DIR> d-------- c:\program files\Windows Doctor

2009-01-14 21:04 . 2009-01-14 21:04 <DIR> d-------- c:\program files\Real Alternative

2009-01-14 21:03 . 2009-01-14 21:03 <DIR> d-------- c:\program files\K-Lite Codec Pack

2009-01-14 21:02 . 2009-01-14 21:03 <DIR> d-------- c:\documents and settings\SysOp\Dane aplikacji\BESTplayer

2009-01-14 21:01 . 2009-01-14 21:01 <DIR> d-------- c:\program files\Common Files\Adobe

 

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-01-14 20:22 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-14 20:22 --------- d-----w c:\program files\Common Files\InstallShield

2009-01-14 19:22 --------- d-----w c:\program files\Alwil Software

2009-01-14 19:11 --------- d-----w c:\program files\EXPERTool

2009-01-14 19:07 315,392 ----a-w c:\windows\HideWin.exe

2009-01-14 19:07 --------- d-----w c:\program files\Realtek

2009-01-14 19:05 --------- d-----w c:\program files\AMD

2009-01-14 19:05 --------- d-----w c:\documents and settings\SysOp\Dane aplikacji\InstallShield

2009-01-14 19:03 --------- d-----w c:\program files\NVIDIA Corporation

2009-01-14 18:45 --------- d-----w c:\program files\Windows Media Connect 2

2008-12-31 17:07 58,880 ----a-w c:\windows\system32\sol.exe

2008-12-31 17:07 57,344 ----a-w c:\windows\system32\freecell.exe

2008-12-31 17:07 130,048 ----a-w c:\windows\system32\mshearts.exe

2008-12-31 17:07 121,856 ----a-w c:\windows\system32\winmine.exe

2008-12-31 17:07 1,564,672 ----a-w c:\windows\system32\spider.exe

2008-12-31 17:07 1,384,960 ----a-w c:\windows\system32\cards.dll

2008-12-31 17:06 13,070,848 ----a-w c:\windows\system32\wmploc.dll

2008-12-31 17:05 94,720 ----a-w c:\windows\system32\mshta.exe

2008-12-31 17:05 920,064 ----a-w c:\windows\system32\wininet.dll

2008-12-31 17:05 70,144 ----a-w c:\windows\system32\iesetup.dll

2008-12-31 17:05 105,984 ----a-w c:\windows\system32\admparse.dll

2008-12-31 17:03 99,840 ----a-w c:\windows\system32\msiexec.exe

2008-12-31 17:02 949,760 ----a-w c:\windows\system32\wsecedit.dll

2008-12-31 17:01 740,864 ----a-w c:\windows\system32\regwizc.dll

2008-12-31 17:01 641,024 ----a-w c:\windows\system32\shdoclc.dll

2008-12-31 17:01 6,874,624 ----a-w c:\windows\system32\shimgvw.dll

2008-12-31 17:01 58,368 ----a-w c:\windows\system32\sendmail.dll

2008-12-31 17:01 36,864 ----a-w c:\windows\system32\shscrap.dll

2008-12-31 17:01 188,416 ----a-w c:\windows\system32\scrobj.dll

2008-12-31 17:01 152,064 ----a-w c:\windows\system32\remotepg.dll

2008-12-31 17:01 135,168 ----a-w c:\windows\system32\servdeps.dll

2008-12-31 17:01 1,392,640 ----a-w c:\windows\system32\setupapi.dll

2008-12-31 16:59 98,816 ----a-w c:\windows\system32\inetres.dll

2008-12-31 16:58 93,184 ----a-w c:\windows\system32\digest.dll

2008-12-31 16:57 89,600 ----a-w c:\windows\system32\cabview.dll

2008-12-31 16:57 724,992 ----a-w c:\windows\system32\comctl32.dll

2008-12-31 16:57 520,192 ----a-w c:\windows\system32\cmdial32.dll

2008-12-31 16:57 38,400 ----a-w c:\windows\system32\batmeter.dll

2008-12-31 16:57 372,224 ----a-w c:\windows\system32\appmgr.dll

2008-12-31 16:57 33,280 ----a-w c:\windows\system32\batt.dll

2008-12-31 16:57 306,176 ----a-w c:\windows\system32\cmprops.dll

2008-12-31 16:57 294,400 ----a-w c:\windows\system32\audiodev.dll

2008-12-31 16:57 222,208 ----a-w c:\windows\system32\capesnpn.dll

2008-12-31 16:57 140,800 ----a-w c:\windows\system32\acctres.dll

2008-12-31 16:57 1,218,048 ----a-w c:\windows\system32\certmgr.dll

2008-12-31 16:40 62,208 ----a-w c:\windows\system32\drivers\si3112.sys

2008-12-31 16:39 361,344 ----a-w c:\windows\system32\drivers\tcpip.sys

2008-12-31 16:39 219,648 ----a-w c:\windows\system32\uxtheme.dll

2008-12-31 16:39 143,872 ----a-w c:\windows\system32\drivers\usbport.sys

2008-12-31 16:39 140,800 ----a-w c:\windows\system32\sfc_os.dll

2008-12-31 16:38 999,936 ----a-w c:\windows\system32\syssetup.dll

2008-12-31 16:38 97,792 ----a-w c:\windows\system32\psbase.dll

2008-12-31 16:38 74,240 ----a-w c:\windows\system32\mscms.dll

2008-12-31 16:38 712,704 ----a-w c:\windows\system32\windowscodecs.dll

2008-12-31 16:38 347,648 ----a-w c:\windows\system32\windowscodecsext.dll

2008-12-31 16:38 330,752 ----a-w c:\windows\system32\ipnathlp.dll

2008-12-31 16:38 273,024 ----a-w c:\windows\system32\drivers\bthport.sys

2008-12-31 16:37 937,984 ----a-w c:\windows\system32\wmnetmgr.dll

2008-12-31 16:37 691,712 ----a-w c:\windows\system32\inetcomm.dll

2008-12-31 16:37 63,488 ----a-w c:\windows\system32\wpdmtpus.dll

2008-12-31 16:37 253,952 ----a-w c:\windows\system32\es.dll

2008-12-31 16:37 229,376 ----a-w c:\windows\system32\cewmdm.dll

2008-12-31 16:37 211,456 ----a-w c:\windows\system32\qasf.dll

2008-12-31 16:37 203,136 ----a-w c:\windows\system32\drivers\RMCast.sys

2008-12-31 16:37 199,168 ----a-w c:\windows\system32\portabledevicewmdrm.dll

2008-12-31 16:37 175,616 ----a-w c:\windows\system32\mspmsp.dll

2008-12-31 16:37 1,117,696 ----a-w c:\windows\system32\wmadmoe.dll

2008-12-31 16:36 61,952 ----a-w c:\windows\system32\hdaudpropshortcut.exe

2008-12-31 16:36 5,120 ----a-w c:\windows\system32\hdaudpropres.dll

2008-12-31 16:36 48,128 ----a-w c:\windows\system32\mshtmler.dll

2008-12-31 16:36 414,720 ----a-w c:\windows\system32\msscp.dll

2008-12-31 16:36 40,960 ----a-w c:\windows\system32\licmgr10.dll

2008-12-31 16:36 36,352 ----a-w c:\windows\system32\imgutil.dll

2008-12-31 16:36 26,112 ----a-w c:\windows\system32\idndl.dll

2008-12-31 16:36 24,576 ----a-w c:\windows\system32\nlsdl.dll

2008-12-31 16:36 24,064 ----a-w c:\windows\system32\hdaudprop.dll

2008-12-31 16:36 23,552 ----a-w c:\windows\system32\normaliz.dll

2008-12-31 16:36 156,160 ----a-w c:\windows\system32\msls31.dll

2008-12-31 16:36 113,664 ----a-w c:\windows\inf\hdaudio.sys

2008-12-31 16:35 99,840 ----a-w c:\windows\system32\wmpshell.dll

2008-12-31 16:35 78,336 ----a-w c:\windows\system32\ieencode.dll

2008-12-31 16:35 603,648 ----a-w c:\windows\system32\wmspdmod.dll

2008-12-31 16:35 4,096 ----a-w c:\windows\system32\wmvdmoe2.dll

2008-12-31 16:35 4,096 ----a-w c:\windows\system32\wmvdmod.dll

2008-12-31 16:35 4,096 ----a-w c:\windows\system32\wmsdmoe2.dll

2008-12-31 16:35 4,096 ----a-w c:\windows\system32\wmsdmod.dll

2008-12-31 16:35 314,880 ----a-w c:\windows\system32\wmpdxm.dll

2008-12-31 16:35 242,688 ----a-w c:\windows\system32\wmpasf.dll

2008-12-31 16:35 17,408 ----a-w c:\windows\system32\corpol.dll

2008-12-31 16:35 1,329,152 ----a-w c:\windows\system32\wmspdmoe.dll

2008-12-28 15:18 363,520 ----a-w c:\windows\system32\logon.scr

2008-12-23 15:31 2,148,864 ----a-w c:\windows\system32\ntoskrnl.exe

2008-12-13 06:39 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll

2008-11-25 08:45 2,283,027 ----a-w c:\windows\system32\x264vfw.dll

2008-11-25 07:00 1,424,384 ----a-w c:\windows\system32\logonui.exe

2008-11-24 14:32 57,344 ----a-w c:\windows\system32\ff_vfw.dll

2008-11-09 16:03 2,911,744 ----a-w c:\windows\system32\msgina.dll

2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll

2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll

2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll

.

 

------- Sigcheck -------

 

2007-07-11 05:06 642560 ce594e18fe0d0af804f1f3694921ce62 c:\windows\system32\user32.dll

 

2008-12-31 18:05 920064 88348f8c92c28ba99fe49bd392100ce0 c:\windows\system32\wininet.dll

 

2008-12-31 17:39 361344 030dc4d48cc2b894fee2f390d8e66ad5 c:\windows\system32\drivers\tcpip.sys

 

2008-12-31 18:04 549888 335813eacd16e84f3047a3326f6e5473 c:\windows\system32\winlogon.exe

 

2008-12-31 18:13 2027520 d3b530dd991cd66b97bdc4f5b30cba00 c:\windows\system32\ntkrnlpa.exe

 

2008-12-23 16:31 2148864 8961578e8501d65294803c0b0eaf8f47 c:\windows\system32\ntoskrnl.exe

 

2008-12-31 18:03 1553408 bda7a4169bf5e1f3ee76b017396e4f47 c:\windows\explorer.exe

 

2008-12-31 18:04 112128 37ed43f3dec4400586554d61c3129478 c:\windows\system32\wuauclt.exe

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdoosoft"="c:\windows\system32\olhrwef.exe" [2009-01-18 110834]

"cbvcs"="c:\windows\system32\urretnd.exe" [2009-01-18 107289]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_2"="shell32" [X]

"_nltide_3"="advpack.dll" [2008-12-31 c:\windows\system32\advpack.dll]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{BB4C402F-882A-4526-8C08-51278EA437C1}"= "c:\windows\system32\afmain0.dll" [2008-12-31 78848]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"msacm.divxa32"= divxa32.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Tlen.pl\\tlen.exe"=

"d:\\Rohan\\rohanclient.exe"=

"e:\\pliki z pulpitu\\Nowy folder\\RohanBotEn1.0.24b\\Rohanbot.exe"=

"e:\\Rohan\\rohanclient.exe"=

"c:\\Documents and Settings\\SysOp\\Pulpit\\RohanBotEn1.0.26b\\Rohanbot.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-14 78416]

R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-14 20560]

S3 dump_wmimmc;dump_wmimmc;\??\e:\rohan\GameGuard\dump_wmimmc.sys --> e:\rohan\GameGuard\dump_wmimmc.sys [?]

S3 NTProcDrv;Process creation detector for NT.;e:\pliki z pulpitu\Nowy folder\RohanBotEn1.0.24b\NTProcDrv.sys [2009-01-16 3584]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16651058-e3d1-11dd-ad04-000e50e2c979}]

\Shell\AutoRun\command - H:\2.exe

\Shell\open\Command - H:\2.exe

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.com/

IE: E&ksport do programu Microsoft Excel - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000

LSP: %SYSTEMROOT%\system32\nvLsp.dll

TCP: {063101A1-562D-4EE8-8008-FB65F1F1AD82} = 194.204.159.1 217.98.63.164

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-18 16:38:24

Windows 5.1.2600 Dodatek Service Pack 3 NTFS

 

skanowanie ukrytych procesów ...

 

skanowanie ukrytych wpisów autostartu ...

 

skanowanie ukrytych plików ...

 

skanowanie pomyślnie ukończone

ukryte pliki: 0

 

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\ProgID]

@DACL=(02 0000)

@="AcroIEHelper.AcroIEHlprObj.1"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\Programmable]

@DACL=(02 0000)

@=""

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\TypeLib]

@DACL=(02 0000)

@="{5F226421-415D-408D-9A09-0DCD94E25B48}"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\VersionIndependentProgID]

@DACL=(02 0000)

@="AcroIEHelper.AcroIEHlprObj"

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

 

- - - - - - - > 'winlogon.exe'(768)

c:\windows\system32\sfc_os.dll

c:\windows\system32\cscui.dll

 

- - - - - - - > 'lsass.exe'(828)

c:\windows\system32\scecli.dll

c:\windows\system32\nvLsp.dll

.

Czas ukończenia: 2009-01-18 16:38:56

ComboFix-quarantined-files.txt 2009-01-18 15:38:55

 

Przed: 15 038 574 592 bajtów wolnych

Po: 15,055,245,312 bajtów wolnych

 

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

 

282

Edytowane 18 Stycznia 2009 przez akeen

[Kolobos]

Masz infekcje z pendrive'a, daj log z combofix.