Prosba O Sprawdzenie Loga

[logimen]

» Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - "Log"

ComboFix 09-03-02.01 - logimen 2009-03-02 19:34:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.3071.2640 [GMT 1:00]
Uruchomiony z: c:\\documents and settings\\logimen\\Pulpit\\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
ADS - WINNT: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((( Pliki utworzone od 2009-02-02 do 2009-03-02 )))))))))))))))))))))))))))))))
.

2009-02-26 19:55 . 2009-01-09 20:19 1,089,883 -----c--- c:\\winnt\\system32\\dllcache\\ntprint.cat
2009-02-25 22:26 . 2009-02-25 22:26 <DIR> d-------- c:\\documents and settings\\logimen\\Dane aplikacji\\Leadertech
2009-02-25 22:25 . 2009-02-25 22:25 <DIR> d-------- c:\\winnt\\Downloaded Installations
2009-02-25 22:15 . 2009-02-25 22:16 84,475,904 --a------ C:\\LogFile.Etl
2009-02-25 22:13 . 2009-02-25 22:19 <DIR> d-------- c:\\program files\\BootLog XP
2009-02-21 10:53 . 2009-02-21 10:53 <DIR> d-------- C:\\hidownload
2009-02-21 09:06 . 2009-02-21 09:06 <DIR> d-------- c:\\program files\\Nuclear Coffee
2009-02-20 22:01 . 2009-02-20 22:01 <DIR> d-------- c:\\program files\\SlySoft
2009-02-20 20:33 . 2009-02-20 20:35 <DIR> d-------- c:\\documents and settings\\logimen\\Dane aplikacji\\Nowe Gadu-Gadu
2009-02-20 20:32 . 2009-02-20 20:32 <DIR> d-------- c:\\program files\\Nowe Gadu-Gadu
2009-02-20 19:16 . 2009-02-27 00:01 54,156 --ah----- c:\\winnt\\QTFont.qfn
2009-02-20 19:16 . 2009-02-20 19:16 1,409 --a------ c:\\winnt\\QTFont.for
2009-02-20 19:14 . 2009-02-20 19:14 <DIR> d-------- c:\\program files\\QuickTime Alternative
2009-02-20 19:14 . 2009-02-20 19:14 <DIR> d-------- c:\\documents and settings\\All Users\\Dane aplikacji\\Apple Computer
2009-02-20 19:14 . 2003-03-19 05:14 499,712 --a------ c:\\winnt\\system32\\msvcp71.dll
2009-02-20 19:14 . 2007-04-27 09:42 65,536 --a------ c:\\winnt\\system32\\QuickTimeVR.qtx
2009-02-20 19:14 . 2007-04-27 09:42 49,152 --a------ c:\\winnt\\system32\\QuickTime.qts
2009-02-19 21:43 . 2009-02-19 21:43 <DIR> d-------- c:\\documents and settings\\All Users\\Dane aplikacji\\WorkshopData
2009-02-19 21:43 . 1999-06-18 22:49 165,888 --a------ c:\\winnt\\Ckconfig.exe
2009-02-19 21:43 . 2006-09-22 00:33 69,632 --a------ c:\\winnt\\system32\\Crypserv.exe
2009-02-19 21:43 . 2006-01-10 03:47 31,846 --a------ c:\\winnt\\system32\\Ckldrv.sys
2009-02-19 21:43 . 1996-05-03 18:21 27,648 -ra------ c:\\winnt\\Setup_ck.exe
2009-02-19 21:43 . 1996-05-03 16:36 18,432 --a------ c:\\winnt\\Setup_ck.dll
2009-02-19 21:43 . 1995-07-04 19:33 11,776 --a------ c:\\winnt\\Ckrfresh.exe
2009-02-19 21:43 . 2009-02-19 21:43 83 --a------ c:\\winnt\\Crypkey.ini
2009-02-19 21:40 . 2009-02-19 21:40 <DIR> d--h----- c:\\program files\\Zero G Registry
2009-02-19 21:40 . 2009-02-19 21:52 <DIR> d-------- c:\\program files\\Vivid WorkshopData ATI
2009-02-19 21:39 . 2009-02-19 21:39 <DIR> d--h----- c:\\documents and settings\\logimen\\InstallAnywhere
2009-02-17 22:46 . 2009-02-17 22:46 <DIR> d-------- c:\\documents and settings\\logimen\\Dane aplikacji\\onOne Software
2009-02-15 14:53 . 2009-02-15 14:53 <DIR> d-------- c:\\documents and settings\\logimen\\Dane aplikacji\\e-on software
2009-02-15 14:53 . 2009-02-15 14:53 21 --a------ c:\\winnt\\Vue 7 xStream.reg
2009-02-14 23:01 . 2006-11-09 17:49 749,568 -ra------ c:\\winnt\\system32\\tmp56F.tmp
2009-02-11 21:44 . 2009-02-11 21:44 <DIR> d-------- c:\\program files\\Intel
2009-02-08 10:55 . 2009-02-08 10:55 <DIR> d-------- c:\\program files\\Common Files\\Autodata Limited Shared
2009-02-08 10:54 . 2009-02-08 10:54 <DIR> d-------- C:\\ADCDTEMP
2009-02-07 17:45 . 2004-08-04 01:44 221,184 --a------ c:\\winnt\\system32\\wmpns.dll
2009-02-04 22:35 . 2009-03-02 19:35 <DIR> d--h----- c:\\documents and settings\\kisiel\\Ustawienia lokalne
2009-02-04 22:35 . 2009-02-04 22:36 <DIR> dr------- c:\\documents and settings\\kisiel\\Ulubione
2009-02-04 22:35 . 2008-12-13 17:49 <DIR> d--h----- c:\\documents and settings\\kisiel\\Szablony
2009-02-04 22:35 . 2008-12-13 18:42 <DIR> d-------- c:\\documents and settings\\kisiel\\Pulpit
2009-02-04 22:35 . 2009-02-04 22:36 <DIR> dr------- c:\\documents and settings\\kisiel\\Moje dokumenty
2009-02-04 22:35 . 2008-12-13 18:42 <DIR> dr------- c:\\documents and settings\\kisiel\\Menu Start
2009-02-04 22:35 . 2009-02-04 22:35 <DIR> dr-h----- c:\\documents and settings\\kisiel\\Dane aplikacji
2009-02-04 22:35 . 2009-02-05 16:22 <DIR> d-------- c:\\documents and settings\\kisiel
2009-02-03 19:53 . 2009-02-03 19:58 <DIR> d-------- c:\\documents and settings\\logimen\\Dane aplikacji\\AutoPowerOn
2009-02-02 22:50 . 2009-02-02 22:50 <DIR> d-------- c:\\program files\\Weather Watcher Live
2009-02-02 22:50 . 2009-02-07 19:01 <DIR> d-------- c:\\documents and settings\\logimen\\Dane aplikacji\\WeatherWatcherLive
2009-02-02 22:50 . 2009-02-02 22:50 <DIR> d-------- c:\\documents and settings\\logimen\\Dane aplikacji\\WeatherWatcher
2009-02-02 22:50 . 2004-05-27 01:32 102,400 --a------ c:\\winnt\\system32\\unzip32.dll
2009-02-02 22:25 . 2009-02-02 22:25 <DIR> d-------- C:\\tmp

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 18:38 --------- d---a-w c:\\documents and settings\\All Users\\Dane aplikacji\\TEMP
2009-03-02 18:38 --------- d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\Kaspersky Lab
2009-03-02 18:36 942,112 --sha-w c:\\winnt\\system32\\drivers\\fidbox2.dat
2009-03-02 18:36 7,555,104 --sha-w c:\\winnt\\system32\\drivers\\fidbox.dat
2009-03-02 18:36 7,444 --sha-w c:\\winnt\\system32\\drivers\\fidbox2.idx
2009-03-02 18:36 64,296 --sha-w c:\\winnt\\system32\\drivers\\fidbox.idx
2009-02-28 00:03 --------- d-----w c:\\documents and settings\\logimen\\Dane aplikacji\\uTorrent
2009-02-25 17:56 --------- d-----w c:\\documents and settings\\logimen\\Dane aplikacji\\MxBoost
2009-02-17 21:46 --------- d--h--w c:\\program files\\InstallShield Installation Information
2009-02-15 00:54 --------- d-----w c:\\documents and settings\\logimen\\Dane aplikacji\\Tlen.pl
2009-02-14 23:06 --------- d-----w c:\\program files\\OpenAL
2009-02-10 10:53 33,808 ----a-w c:\\winnt\\system32\\drivers\\klbg.sys
2009-02-03 16:23 89,601 ----a-w c:\\winnt\\system32\\drivers\\klick.dat
2009-02-03 16:23 101,287 ----a-w c:\\winnt\\system32\\drivers\\klin.dat
2009-02-01 17:35 --------- d-----w c:\\program files\\DAEMON Tools Pro
2009-02-01 17:10 --------- d-----w c:\\program files\\Marvell
2009-02-01 13:49 --------- d-----w c:\\documents and settings\\logimen\\Dane aplikacji\\InstallShield
2009-02-01 13:35 --------- d-----w c:\\program files\\MSXML 4.0
2009-02-01 13:08 --------- d-----w c:\\program files\\Microsoft Games
2009-02-01 11:21 --------- d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\SlySoft
2009-02-01 09:44 --------- d-----w c:\\program files\\Common Files\\InstallShield
2009-02-01 09:22 --------- d-----w c:\\program files\\PowerISO
2009-01-31 22:11 --------- d-----w c:\\program files\\PhotomatixPro3
2009-01-29 23:02 103,488 ----a-w c:\\winnt\\system32\\drivers\\AnyDVD.sys
2009-01-29 22:57 23,976 ----a-w c:\\winnt\\system32\\drivers\\ElbyCDIO.sys
2009-01-28 17:55 --------- d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\Codemasters
2009-01-28 17:22 --------- d-----w c:\\program files\\Logitech
2009-01-28 17:22 --------- d-----w c:\\program files\\Common Files\\Logitech
2009-01-27 21:45 --------- d-----w c:\\program files\\SimBin
2009-01-25 13:43 --------- d-----w c:\\program files\\Driver Sweeper
2009-01-23 21:01 --------- d-----w c:\\program files\\Cooktop 2.5
2009-01-21 22:33 --------- d-----w c:\\program files\\Microsoft
2009-01-21 22:32 --------- d-----w c:\\program files\\Microsoft CAPICOM 2.1.0.2
2009-01-20 21:25 --------- d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\Acronis
2009-01-20 21:05 114,048 ----a-w c:\\winnt\\system32\\drivers\\snapman.sys
2009-01-20 21:05 --------- d-----w c:\\program files\\Common Files\\Acronis
2009-01-18 23:21 2,560 ----a-w c:\\winnt\\_MSRSTRT.EXE
2009-01-16 14:04 --------- d-----w c:\\program files\\Common Files\\Wise Installation Wizard
2009-01-16 14:04 --------- d-----w c:\\program files\\AGEIA Technologies
2009-01-09 16:14 --------- d-----w c:\\documents and settings\\logimen\\Dane aplikacji\\New Technology Studio
2009-01-08 15:27 --------- d-----w c:\\program files\\shield
2009-01-06 19:57 --------- d-----r c:\\documents and settings\\logimen\\Dane aplikacji\\Brother
2009-01-06 19:52 --------- d-----w c:\\program files\\Brother
2009-01-03 15:16 --------- d-----w c:\\program files\\Java
2009-01-03 14:24 --------- d-----w c:\\program files\\Neat Image
2009-01-03 14:21 --------- d-----w c:\\documents and settings\\All Users\\Dane aplikacji\\FLEXnet
2009-01-03 14:18 --------- d-----w c:\\program files\\Common Files\\Adobe
2009-01-03 14:18 --------- d-----w c:\\program files\\Bonjour
2009-01-03 14:13 --------- d-----w c:\\program files\\Common Files\\Macrovision Shared
2009-01-02 20:25 --------- d-----w c:\\program files\\Collectorz.com
2008-12-19 17:25 319,488 ----a-w c:\\winnt\\HideWin.exe
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"Fraps\"=\"k:\\programy\\FRAPS\\FRAPS.EXE\" [2007-09-11 3178152]
\"DAEMON Tools Pro Agent\"=\"c:\\program files\\DAEMON Tools Pro\\DTProAgent.exe\" [2007-06-22 133576]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run]
\"AVP\"=\"k:\\programy\\Kaspersky Internet Security 2009\\avp.exe\" [2009-02-10 206088]
\"NvCplDaemon\"=\"c:\\winnt\\system32\\NvCpl.dll\" [2008-12-26 13729792]
\"NvMediaCenter\"=\"c:\\winnt\\system32\\NvMcTray.dll\" [2008-12-26 86016]
\"DiskeeperSystray\"=\"k:\\programy\\Diskeeper10\\DkIcon.exe\" [2006-06-07 319488]
\"RTHDCPL\"=\"RTHDCPL.EXE\" [2008-07-03 c:\\winnt\\RTHDCPL.exe]
\"Kernel and Hardware Abstraction Layer\"=\"KHALMNPR.EXE\" [2008-10-10 c:\\winnt\\KHALMNPR.Exe]

[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Run]
\"CTFMON.EXE\"=\"c:\\winnt\\system32\\CTFMON.EXE\" [2008-04-14 15360]

[HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce]
\"tscuninstall\"=\"c:\\winnt\\system32\\tscupgrd.exe\" [2004-08-04 44544]

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\policies\\system]
\"SynchronousMachineGroupPolicy\"= 0 (0x0)
\"SynchronousUserGroupPolicy\"= 0 (0x0)

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\policies\\explorer]
\"NoWelcomeScreen\"= 1 (0x1)

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\policies\\explorer]
\"ForceClassicControlPanel\"= 1 (0x1)
\"MaxRecentDocs\"= 11 (0xb)
\"NoRecentDocsNetHood\"= 1 (0x1)

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\winlogon\\notify\\LBTWlgn]
2008-11-07 16:41 72208 c:\\program files\\Common Files\\Logishrd\\Bluetooth\\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows nt\\currentversion\\drivers32]
\"aux\"= ctwdm32.dll

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\\WdfLoadGroup]
@=\"\"

[HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\run-]
\"AdobeUpdater\"=\"c:\\program files\\Common Files\\Adobe\\Updater5\\AdobeUpdater.exe\"

[HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\run-]
\"UserFaultCheck\"=%systemroot%\\system32\\dumprep 0 -u
\"QFan Help\"=\"c:\\program files\\ASUS\\AI Suite\\QFan3\\QFanHelp.exe\"
\"Ai Nap\"=\"c:\\program files\\ASUS\\AI Suite\\AiNap\\AiNap.exe\"
\"Cpu Level Up help\"=c:\\program files\\ASUS\\AI Suite\\CpuLevelUpHelp.exe
\"Adobe Reader Speed Launcher\"=\"c:\\program files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"
\"PivotSoftware\"=\"c:\\program files\\Portrait Displays\\Pivot Software\\wpctrl.exe\"
\"DT HWP\"=c:\\program files\\Common Files\\Portrait Displays\\Shared\\DT_startup.exe -HWP
\"KernelFaultCheck\"=%systemroot%\\system32\\dumprep 0 -k
\"SunJavaUpdateSched\"=\"c:\\program files\\Java\\jre6\\bin\\jusched.exe\"
\"Start WingMan Profiler\"=c:\\program files\\Logitech\\Gaming Software\\LWEMon.exe /noui

[HKEY_LOCAL_MACHINE\\software\\microsoft\\security center\\Monitoring\\KasperskyAntiVirus]
\"DisableMonitoring\"=dword:00000001

[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile]
\"EnableFirewall\"= 0 (0x0)

[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\AuthorizedApplications\\List]
\"%windir%\\\\system32\\\\sessmgr.exe\"=
\"%windir%\\\\Network Diagnostic\\\\xpnetdiag.exe\"=

[HKLM\\~\\services\\sharedaccess\\parameters\\firewallpolicy\\standardprofile\\GloballyOpenPorts\\List]
\"3389:TCP\"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\\winnt\\system32\\drivers\\klbg.sys [2008-01-29 33808]
R0 mv61xx;mv61xx;c:\\winnt\\system32\\drivers\\mv61xx.sys [2008-07-22 151592]
R2 LBeepKE;LBeepKE;c:\\winnt\\system32\\drivers\\LBeepKE.sys [2008-12-13 10384]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\\winnt\\system32\\drivers\\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\\winnt\\system32\\drivers\\klim5.sys [2008-04-30 24592]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\\winnt\\system32\\drivers\\l1e51x86.sys [2008-12-13 36864]
S3 ALSysIO;ALSysIO;\\??\\c:\\docume~1\\logimen\\USTAWI~1\\Temp\\ALSysIO.sys --> c:\\docume~1\\logimen\\USTAWI~1\\Temp\\ALSysIO.sys [?]
S4 PdiService;Portrait Displays SDK Service;c:\\program files\\Common Files\\Portrait Displays\\Drivers\\pdisrvc.exe [2008-12-17 98304]
S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\\winnt\\system32\\TUProgSt.exe [2008-12-14 603904]

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Svchost - NetSvcs
UxTuneUp
.
.
------- Skan uzupełniający -------
.
uInternet Settings,ProxyOverride = *.local
IE: Dodaj do listy blokowanych banerów - k:\\programy\\Kaspersky Internet Security 2009\\ie_banner_deny.htm
IE: E&ksportuj do programu Microsoft Excel - c:\\progra~1\\MICROS~3\\Office12\\EXCEL.EXE/3000
IE: Pasek Narzędzi RoboForm - file://c:\\program files\\Siber Systems\\AI RoboForm\\RoboFormComShowToolbar.html
IE: Personalizuj Menu - file://c:\\program files\\Siber Systems\\AI RoboForm\\RoboFormComCustomizeIEMenu.html
IE: Wypełnij Pola - file://c:\\program files\\Siber Systems\\AI RoboForm\\RoboFormComFillForms.html
IE: Zapisz Pola - file://c:\\program files\\Siber Systems\\AI RoboForm\\RoboFormComSavePass.html
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 19:38:30
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\\S-1-5-21-343818398-2000478354-725345543-1003\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\\S-1-5-21-343818398-2000478354-725345543-1003\\Software\\SecuROM\\License information*]
\"datasecu\"=hex:33,14,29,35,b0,23,f0,d3,90,49,14,76,f9,34,89,46,57,61,1b,18,5f,
3f,a2,71,cd,4e,d0,ad,11,6e,7e,5f,85,90,32,1e,97,91,37,7d,4f,29,73,20,c8,4d,\\
\"rkeysecu\"=hex:f0,d5,e4,6e,db,e9,72,a9,ba,d6,4a,87,2f,8b,2e,12

[HKEY_LOCAL_MACHINE\\System\\ControlSet001\\Enum\\HID\\Vid_046d&Pid_c01e\\6&249d68f5&0&0000\\LogConf]
@DACL=(02 0000)
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > \'winlogon.exe\'(1792)
c:\\program files\\common files\\logishrd\\bluetooth\\LBTWlgn.dll
c:\\program files\\common files\\logishrd\\bluetooth\\LBTServ.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\\winnt\\system32\\nvsvc32.exe
c:\\winnt\\system32\\devldr32.exe
c:\\winnt\\system32\\rundll32.exe
c:\\winnt\\system32\\wscntfy.exe
.
**************************************************************************
.
Czas ukończenia: 2009-03-02 19:40:18 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-03-02 18:40:15

Przed: 11 612 786 688 bajtów wolnych
Po: 12,033,642,496 bajtów wolnych

234 --- E O F --- 2008-12-29 15:24:38

Komp strasznie muli kopiujac z pendrive na hdd (podejrewam sterownik marvella) i photoshop strasznie powoli chodzi. Zanim zareaguje na jakas funkcje to mmusze czekac ok. 3s. Wczesniej chodzil dobrze. System ma 3 miesiace :/ Edytowane 3 Marca 2009 przez logimen

[Kolobos]

Popraw swoj post i daj log z spoilerze.

 

Czy jakis proces obciaza procesor? Daj screeny ze wszystkich zakladek HdTune.

[logimen]

No wlasnie zaden proces nie obciaza mocno procka. Zakladki wstawie pozniej/jutro bo nie mam czasu teraz