Wolna praca komputera i internetu - Wersja do druku +- SafeGroup (https://safegroup.pl) +-- Dział: Bezpieczeństwo (https://safegroup.pl/forum-10.html) +--- Dział: Pomoc po zainfekowaniu (https://safegroup.pl/forum-5.html) +--- Wątek: Wolna praca komputera i internetu (/thread-286.html) |
Wolna praca komputera i internetu - mario200 - 30.04.2008 Wszystko w komputerze sie wiesza i powoli sie otwieraja katalogi.Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:46:43, on 2008-04-30 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20627) Boot mode: Normal Running processes: C:WINDOWSSystem32smss.exe C:WINDOWSsystem32winlogon.exe C:WINDOWSsystem32services.exe C:WINDOWSsystem32lsass.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSsystem32svchost.exe C:WINDOWSSystem32svchost.exe C:WINDOWSsystem32Ati2evxx.exe C:WINDOWSExplorer.EXE C:WINDOWSsystem32spoolsv.exe Crogram FilesCOMODOFirewallcfp.exe C:WINDOWSsystem32ctfmon.exe Crogram FilesCommon FilesNeroLibNMIndexStoreSvr.exe C:WINDOWSsystem32devldr32.exe Crogram FilesCOMODOFirewallcmdagent.exe Crogram FilesEsetnod32krn.exe C:WINDOWSSystem32PAStiSvc.exe C:WINDOWSsystem32svchost.exe Crogram FilesCommon FilesNeroLibNMIndexingService.exe C:WINDOWSsystem32wscntfy.exe Crogram FilesMozilla Firefoxfirefox.exe Crogram FilesTrend MicroHijackThisHijackThis.exe R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = [Aby zobaczyć linki, zarejestruj się tutaj] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =[Aby zobaczyć linki, zarejestruj się tutaj] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =[Aby zobaczyć linki, zarejestruj się tutaj] R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =[Aby zobaczyć linki, zarejestruj się tutaj] R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =[Aby zobaczyć linki, zarejestruj się tutaj] R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch = R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_03binssv.dll O4 - HKLM..Run: []Crogram FilesESETnod32kui.exe O4 - HKLM..Run: [COMODO Firewall Pro]"Crogram FilesCOMODOFirewallcfp.exe" -h O4 - HKLM..Run: [nod32kui]"Crogram FilesEsetnod32kui.exe" /WAITSERVICE O4 - HKLM..Run: [NeroFilterCheck]Crogram FilesCommon FilesNeroLibNeroCheck.exe O4 - HKCU..Run: [µTorrent]"Cocuments and SettingsmarioPulpitutorrent.exe" O4 - HKCU..Run: [nod32]Crogram FilesESETnod32kui.exe O4 - HKCU..Run: [ctfmon.exe]C:WINDOWSsystem32ctfmon.exe O4 - HKCU..Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]"Crogram FilesCommon FilesNeroLibNMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKUSS-1-5-19..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''USŁUGA LOKALNA'') O4 - HKUSS-1-5-19..RunOnce: [nltide_2]regsvr32 /s /n /i:U shell32 (User ''USŁUGA LOKALNA'') O4 - HKUSS-1-5-20..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''USŁUGA SIECIOWA'') O4 - HKUSS-1-5-20..RunOnce: [nltide_2]regsvr32 /s /n /i:U shell32 (User ''USŁUGA SIECIOWA'') O4 - HKUSS-1-5-18..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''SYSTEM'') O4 - HKUSS-1-5-18..RunOnce: [nltide_2]regsvr32 /s /n /i:U shell32 (User ''SYSTEM'') O4 - HKUS.DEFAULT..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''Default user'') O4 - HKUS.DEFAULT..RunOnce: [nltide_2]regsvr32 /s /n /i:U shell32 (User ''Default user'') O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - [Aby zobaczyć linki, zarejestruj się tutaj] O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dllO9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - CROGRA~1MICROS~1Office12ONBttnIE.dll O9 - Extra ''Tools'' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - CROGRA~1MICROS~1Office12ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CROGRA~1MICROS~1Office12REFIEBAR.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - CROGRA~1COMMON~1SkypeSKYPE4~1.DLL O20 - AppInit_DLLs:C:WINDOWSsystem32guard32.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - Crogram FilesAreschatServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - Crogram FilesCOMODOFirewallcmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe O23 - Service: NMIndexingService - Nero AG - Crogram FilesCommon FilesNeroLibNMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset- Crogram FilesEsetnod32krn.exe O23 - Service: STI Simulator - Unknown owner - C:WINDOWSSystem32PAStiSvc.exe -- End of file - 5336 bytes Re: Wolna praca komputera i internetu - Serafin - 30.04.2008 Proszę zapoznać się z [Aby zobaczyć linki, zarejestruj się tutaj] tematem oraz zmienić temat na konkretny - mówiący o problemie. W przeciwnym wypadku temat zostanie wyrzucony do kosza.Log z hijacka jest czysty. Poproszę o log z [Aby zobaczyć linki, zarejestruj się tutaj] Re: Wolna praca komputera i internetu - mario200 - 30.04.2008 ComboFix 08-04-29.5 - mario 2008-04-30 22:40:03.1 - NTFSx86 Microsoft Windows XP Professional5.1.2600.2.1250.1.1045.18.146 [GMT 2:00] Running from: Cocuments and SettingsmarioPulpitComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30))))))))))))))))))))))))))))))) . 2008-04-30 22:39 . 2008-04-30 22:39 1,024 --ah----- C:WINDOWSsystem32configsystemprofilentuser.dat.LOG 2008-04-30 18:46 . 2008-04-30 18:46 <DIR> d-------- Crogram FilesTrend Micro 2008-04-24 14:30 . 2008-04-24 14:30 54,156 --ah----- C:WINDOWSQTFont.qfn 2008-04-24 14:30 . 2008-04-24 14:30 1,409 --a------ C:WINDOWSQTFont.for 2008-04-19 20:25 . 2008-04-19 20:30 918 --a------ C:WINDOWSwininit.ini 2008-04-19 19:18 . 2008-04-22 19:03 <DIR> d-------- Crogram FilesSpybot - Search & Destroy 2008-04-19 19:18 . 2008-04-22 19:03 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiSpybot - Search & Destroy 2008-04-19 12:03 . 2001-01-12 18:47 122,884 --a------ C:WINDOWSUnGins.exe 2008-04-19 11:58 . 2008-04-19 11:58 260 --a------ C:WINDOWS_delis32.ini 2008-04-12 16:01 . 2008-04-12 16:01 <DIR> d-------- Cocuments and SettingsmarioDane aplikacjiArcSoft 2008-04-12 15:55 . 2003-09-19 15:45 21,248 --a------ C:WINDOWSsystem32driverspfc.sys 2008-04-12 15:54 . 1995-08-01 04:44 212,480 --a------ C:WINDOWSPCDLIB32.DLL 2008-04-12 15:50 . 2008-04-12 15:50 <DIR> dr------- Cocuments and SettingsLocalServiceMoje dokumenty 2008-04-12 15:35 . 2004-08-03 22:58 5,504 --a------ C:WINDOWSsystem32driversMSTEE.sys 2008-04-12 15:35 . 2004-08-03 22:58 5,504 --a------ C:WINDOWSsystem32dllcachemstee.sys 2008-04-12 15:34 . 2004-08-04 00:44 16,384 --a------ C:WINDOWSsystem32ipsink.ax 2008-04-12 15:34 . 2004-08-04 00:44 16,384 --a------ C:WINDOWSsystem32dllcacheipsink.ax 2008-04-12 15:34 . 2004-08-03 23:10 15,360 --a------ C:WINDOWSsystem32driversStreamIP.sys 2008-04-12 15:34 . 2004-08-03 23:10 15,360 --a------ C:WINDOWSsystem32dllcachestreamip.sys 2008-04-12 15:34 . 2004-08-03 23:10 10,880 --a------ C:WINDOWSsystem32driversNdisIP.sys 2008-04-12 15:34 . 2004-08-03 23:10 10,880 --a------ C:WINDOWSsystem32dllcachendisip.sys 2008-04-12 15:33 . 2004-08-03 23:10 19,328 --a------ C:WINDOWSsystem32driversWSTCODEC.SYS 2008-04-12 15:33 . 2004-08-03 23:10 19,328 --a------ C:WINDOWSsystem32dllcachewstcodec.sys 2008-04-12 15:33 . 2004-08-03 23:10 11,136 --a------ C:WINDOWSsystem32driversSLIP.sys 2008-04-12 15:33 . 2004-08-03 23:10 11,136 --a------ C:WINDOWSsystem32dllcacheslip.sys 2008-04-12 15:32 . 2004-08-03 23:10 85,376 --a------ C:WINDOWSsystem32driversNABTSFEC.sys 2008-04-12 15:32 . 2004-08-03 23:10 85,376 --a------ C:WINDOWSsystem32dllcachenabtsfec.sys 2008-04-12 15:30 . 2004-08-03 23:10 17,024 --a------ C:WINDOWSsystem32driversCCDECODE.sys 2008-04-12 15:30 . 2004-08-03 23:10 17,024 --a------ C:WINDOWSsystem32dllcacheccdecode.sys 2008-04-12 15:26 . 2008-04-12 15:26 <DIR> d-------- C:WINDOWSPixArt 2008-04-12 15:26 . 2008-04-12 15:26 <DIR> d-------- Crogram FilesTrust 2008-04-12 15:26 . 2008-04-12 15:26 <DIR> d-------- Crogram FilesCommon FilesPCCamera 2008-04-12 15:24 . 2008-04-12 15:24 <DIR> d-------- C:WINDOWSDownloaded Installations 2008-04-04 15:58 . 2008-04-04 15:58 <DIR> d-------- C:WINDOWSsystem32xircom 2008-04-04 15:58 . 2008-04-04 15:58 <DIR> d-------- C:WINDOWSsrchasst 2008-04-04 15:58 . 2008-04-04 15:58 <DIR> d-------- C:WINDOWSmsagent 2008-04-04 15:58 . 2008-04-04 15:58 <DIR> d-------- Crogram Filesmicrosoft frontpage 2008-04-04 09:52 . 2008-04-04 09:52 <DIR> d-------- C:WINDOWSsystem32Kaspersky Lab 2008-04-04 09:52 . 2008-04-04 09:52 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiKaspersky Lab 2008-04-01 12:59 . 2008-04-01 13:00 <DIR> d-------- C:WINDOWSsystem32QuickTime 2008-03-31 09:08 . 1999-11-10 11:05 86,016 --a------ C:WINDOWSunvise32qt.exe 2008-03-31 09:07 . 2008-04-01 13:01 <DIR> d-------- Crogram FilesQuickTime 2008-03-31 09:06 . 2008-03-31 10:00 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiQuickTime 2008-03-27 07:58 . 2006-06-22 21:44 2,201,224 -ra------ C:WINDOWSsystem32Flash9.ocx 2008-03-22 14:38 . 2008-03-22 14:39 <DIR> d-------- Cocuments and SettingsmarioDane aplikacjiDAEMON Tools Pro 2008-03-22 14:27 . 2008-03-22 14:27 685,816 --a------ C:WINDOWSsystem32driverssptd.sys 2008-03-22 13:57 . 2008-03-22 13:57 278,984 --a------ C:WINDOWSsystem32driversatksgt.sys 2008-03-22 13:57 . 2008-03-22 13:57 25,416 --a------ C:WINDOWSsystem32driverslirsgt.sys 2008-03-21 14:06 . 2006-10-26 20:56 32,592 --a------ C:WINDOWSsystem32msonpmon.dll 2008-03-21 14:02 . 2008-03-21 14:02 <DIR> d-------- Crogram FilesMicrosoft Works 2008-03-21 14:01 . 2008-03-21 14:01 <DIR> d-------- Crogram FilesMSBuild 2008-03-21 13:59 . 2008-03-21 13:59 <DIR> d-------- Crogram FilesMicrosoft.NET 2008-03-21 13:51 . 2008-03-21 14:00 <DIR> d-------- C:WINDOWSSHELLNEW 2008-03-21 13:49 . 2008-03-21 13:49 <DIR> dr-h----- C:MSOCache 2008-03-17 09:24 . 2008-04-21 18:58 139,008 --a------ C:WINDOWSsystem32guard32.dll 2008-03-09 15:56 . 2008-03-09 16:00 <DIR> d--h----- Crogram FilesZero G Registry 2008-03-09 15:55 . 2008-03-09 15:55 <DIR> d--h----- Cocuments and SettingsmarioInstallAnywhere 2008-03-03 16:39 . 2008-03-03 16:39 98,304 --a------ C:WINDOWSsystem32CmdLineExt.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-30 20:40 --------- d-----w Crogram FilesESET 2008-04-30 16:30 --------- d-----w Cocuments and SettingsmarioDane aplikacjiuTorrent 2008-04-29 14:15 --------- d-----w Cocuments and SettingsmarioDane aplikacjiSkype 2008-04-29 14:11 --------- d-----w Cocuments and SettingsmarioDane aplikacjiskypePM 2008-04-29 14:10 --------- d-----w Cocuments and SettingsmarioDane aplikacjiTlen.pl 2008-04-21 16:59 87,312 ----a-w C:WINDOWSsystem32driverscmdGuard.sys 2008-04-21 16:59 23,824 ----a-w C:WINDOWSsystem32driverscmdhlp.sys 2008-04-21 06:28 --------- d-----w Cocuments and SettingsmarioDane aplikacjiMyPhoneExplorer 2008-04-20 15:48 --------- d--h--w Crogram FilesInstallShield Installation Information 2008-04-08 12:45 --------- d-----w Crogram FileseMule 2008-04-07 08:15 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiVivendi Universal Games 2008-04-05 11:57 --------- d-----w Crogram FilesNAPI-PROJEKT 2008-04-04 14:10 --------- d---a-w Cocuments and SettingsAll UsersDane aplikacjiTEMP 2008-04-03 13:54 --------- d-----w Crogram FilesUltraISO 2008-04-03 13:30 --------- d-----w Crogram Files7-Zip 2008-03-21 12:22 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiMicrosoft Help 2008-03-12 13:07 --------- d-----w Crogram FilesTuxPaint 2008-02-22 21:30 298,104 ----a-w C:WINDOWSsystem32imon.dll 2008-01-21 21:33 214,528 ----a-w C:WINDOWSsystem321425.tmp 2008-01-13 13:56 32 ----a-w Cocuments and SettingsAll UsersDane aplikacjiezsid.dat 2008-01-08 15:20 53,248 ----a-w C:WINDOWSsystem32suppdll.dll 2008-01-08 15:20 35,363 ----a-w C:WINDOWSsystem32windrvNT.sys 2007-12-15 15:10 16,384 --sha-w C:WINDOWSsystem32configsystemprofileCookiesindex.dat 2007-12-15 15:10 32,768 --sha-w C:WINDOWSsystem32configsystemprofileUstawienia lokalneHistoriaHistory.IE5index.dat 2007-12-15 15:10 32,768 --sha-w C:WINDOWSsystem32configsystemprofileUstawienia lokalneHistoriaHistory.IE5MSHist012007121520071216index.dat 2007-12-15 15:10 32,768 --sha-w C:WINDOWSsystem32configsystemprofileUstawienia lokalneTemporary Internet FilesContent.IE5index.dat . ------- Sigcheck ------- 2007-07-10 15:06642560ce594e18fe0d0af804f1f3694921ce62 C:WINDOWSsystem32user32.dll 2007-07-14 00:56814592ce7193c5f7c01b19768e066087c1c919 C:WINDOWSsystem32wininet.dll 2007-10-16 01:193605760fb6743e937c7bb248b2530a5a77abc6 C:WINDOWSsystem32driverstcpip.sys 2007-10-19 00:1920668169aa8aeee2c77b68af93691758eb0a78b C:WINDOWSsystem32ntkrnlpa.exe 2007-10-19 00:1921898241aeb1a9aa55de24bda1d441989ae4492 C:WINDOWSsystem32ntoskrnl.exe 2007-10-17 21:3097484816df8a100e8966e48ba00c86f6c89972 C:WINDOWSexplorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "µTorrent"="Cocuments and SettingsmarioPulpitutorrent.exe" [2007-12-23 10:40 177152] "nod32"="Crogram FilesESETnod32kui.exe" [2008-02-22 23:29 949376] "ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 04:44 15360] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="Crogram FilesCommon FilesNeroLibNMIndexStoreSvr.exe" [2007-12-13 20:10 1688872] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "COMODO Firewall Pro"="Crogram FilesCOMODOFirewallcfp.exe" [2008-04-21 18:56 1572608] "nod32kui"="Crogram FilesEsetnod32kui.exe" [2008-02-22 23:29 949376] "NeroFilterCheck"="Crogram FilesCommon FilesNeroLibNeroCheck.exe" [2007-03-01 15:57 153136] [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun] "CTFMON.EXE"="C:WINDOWSsystem32CTFMON.EXE" [2004-08-04 04:44 15360] [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce] "nltide_2"="regsvr32 /s /n /i:U shell32" [] "nltide_3"="advpack.dll" [2007-10-09 02:01 124928 C:WINDOWSsystem32advpack.dll] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "DisableStatusMessages"= 1 (0x1) [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "NoSMHelp"= 1 (0x1) [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows] "AppInit_DLLs"= C:WINDOWSsystem32guard32.dll [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32] "aux"= ctwdm32.dll "VIDC.X264"= x264vfw.dll "VIDC.YV12"= yv12vfw.dll [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-] "µTorrent"="Cocuments and SettingsmarioPulpitutorrent.exe" "CTFMON.EXE"=C:WINDOWSsystem32ctfmon.exe [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-] "nod32kui"="Crogram FilesEsetnod32kui.exe" /WAITSERVICE [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center] "AntiVirusDisableNotify"=dword:00000001 [HKLM~servicessharedaccessparametersfirewallpolicystandardprofile] "EnableFirewall"= 0 (0x0) [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] "%windir%\Network Diagnostic\xpnetdiag.exe"= "%windir%\system32\sessmgr.exe"= "C:\Documents and Settings\mario\Pulpit\utorrent.exe"= "C:\Program Files\Ares\Ares.exe"= "C:\Program Files\Tlen.pl\tlen.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"= "C:\Program Files\Skype\Phone\Skype.exe"= R0 videX32;videX32;C:WINDOWSsystem32DRIVERSvideX32.sys [2007-10-17 20:23] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:WINDOWSsystem32DRIVERScmdguard.sys [2008-04-21 18:59] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:WINDOWSsystem32DRIVERScmdhlp.sys [2008-04-21 18:59] R1 SandBox;SandBox;C:WINDOWSsystem32DRIVERSSandBox.sys [2007-11-29 19:23] R1 VD_FileDisk;VD_FileDisk;C:WINDOWSsystem32driversVD_FileDisk.sys [2006-01-13 15:00] R3 afw;Agnitum firewall driver;C:WINDOWSsystem32DRIVERSafw.sys [2007-12-03 14:40] S3 ASWFilt;ASWFilt;C:WINDOWSsystem32FiltASWFilt.dll [2007-11-29 19:24] S3 PAC207;Trust WB-1400T Webcam;C:WINDOWSsystem32DRIVERSpfc027.sys [2005-02-24 12:29] S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:WINDOWSsystem32DRIVERSse59bus.sys [2006-09-05 21:07] S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:WINDOWSsystem32DRIVERSse59mdfl.sys [2006-09-05 21:07] S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:WINDOWSsystem32DRIVERSse59mdm.sys [2006-09-05 21:07] S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:WINDOWSsystem32DRIVERSse59mgmt.sys [2006-09-05 21:08] S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:WINDOWSsystem32DRIVERSse59nd5.sys [2006-09-05 21:06] S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:WINDOWSsystem32DRIVERSse59obex.sys [2006-09-05 21:09] S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:WINDOWSsystem32DRIVERSse59unic.sys [2006-09-05 21:06] S3 usbscan;Sterownik skanera USB;C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 23:58] S3 USBSTOR;Sterownik magazynu masowego USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 00:08] [HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{508866b0-b497-11dc-9556-0050bf070006}] ShellAutocommand - activexdebugger32.exe f ShellAutoRuncommand - C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f ShellexploreCommand - activexdebugger32.exe f ShellopenCommand - activexdebugger32.exe f *Newly Created Service* - CATCHME . Contents of the ''Scheduled Tasks'' folder "2008-04-25 15:15:00 C:WINDOWSTasks1-Click Maintenance.job" - Crogram FilesTuneUp Utilities 2008OneClick.exe . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:WINDOWSsystem32winlogon.exe -> C:WINDOWSsystem32guard32.dll PROCESS: C:WINDOWSsystem32lsass.exe -> C:WINDOWSsystem32guard32.dll -> Crogram FilesEsetpr_imon.dll . Completion time: 2008-04-30 22:50:15 ComboFix-quarantined-files.txt2008-04-30 20:48:57 Pre-Run: 1,440,333,824 bajtów wolnych Post-Run: 1,520,259,072 bajtów wolnych 204 Re: Wolna praca komputera i internetu - Serafin - 01.05.2008 Otwórz notatnik i wklej w nim to: Kod: Windows Registry Editor Version 5.00 plik>zapisz jako>zmień rozszerzenie na: wszystkie pliki>zapisz pod nazwą FIX.REG . Odpal plik FIX.REG w trybie awaryjnym i wyłączonym przywracaniem systemu. Pobierz program [Aby zobaczyć linki, zarejestruj się tutaj] * Dwuklik na SDFix.exe następnie program wypakuje się na dysk systemowy (standardowo C:SDFix) * Zrestartuj komputer i wejdź do trybu awaryjnego (klawisz F8 przed bootem Windowsa) * Wejdź do folderu z SDFix kliknij dwa razy na plik RunThis.bat * Wciśnij Ynastąpi proces usuwania. * Kiedy usuwanie się ukończy wciśnij dowolny klawisz (Any Key). Nastąpi restart komputera. * Po restarcie SDFix uruchomi się ponownie, żeby dokończyć proces usuwania kiedy pojawi się w oknie programu Finished, wciśnij dowolny klawisz do zakończenia scryptu i załadowania ikon na pulpicie. * Pokaż Report.txt znajdujący się w folderze SDFix. Po zabiegach dajesz nowy log z hijacka log z [Aby zobaczyć linki, zarejestruj się tutaj] Re: Wolna praca komputera i internetu - Lost World - 13.11.2011 mario200 byłeś o coś proszony? |