Wolna praca komputera i internetu

[mario200]

Wszystko w komputerze sie wiesza i powoli sie otwieraja katalogi.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:43, on 2008-04-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20627)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
Crogram FilesCOMODOFirewallcfp.exe
C:WINDOWSsystem32ctfmon.exe
Crogram FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:WINDOWSsystem32devldr32.exe
Crogram FilesCOMODOFirewallcmdagent.exe
Crogram FilesEsetnod32krn.exe
C:WINDOWSSystem32PAStiSvc.exe
C:WINDOWSsystem32svchost.exe
Crogram FilesCommon FilesNeroLibNMIndexingService.exe
C:WINDOWSsystem32wscntfy.exe
Crogram FilesMozilla Firefoxfirefox.exe
Crogram FilesTrend MicroHijackThisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =

[Aby zobaczyć linki, zarejestruj się tutaj]

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =

[Aby zobaczyć linki, zarejestruj się tutaj]

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Crogram FilesAdobeAcrobat 6.0 CEReaderActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - Crogram FilesJavajre1.6.0_03binssv.dll
O4 - HKLM..Run: []Crogram FilesESETnod32kui.exe
O4 - HKLM..Run: [COMODO Firewall Pro]"Crogram FilesCOMODOFirewallcfp.exe" -h
O4 - HKLM..Run: [nod32kui]"Crogram FilesEsetnod32kui.exe" /WAITSERVICE
O4 - HKLM..Run: [NeroFilterCheck]Crogram FilesCommon FilesNeroLibNeroCheck.exe
O4 - HKCU..Run: [µTorrent]"Cocuments and SettingsmarioPulpitutorrent.exe"
O4 - HKCU..Run: [nod32]Crogram FilesESETnod32kui.exe
O4 - HKCU..Run: [ctfmon.exe]C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]"Crogram FilesCommon FilesNeroLibNMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''USŁUGA LOKALNA'')
O4 - HKUSS-1-5-19..RunOnce: [nltide_2]regsvr32 /s /n /i:U shell32 (User ''USŁUGA LOKALNA'')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''USŁUGA SIECIOWA'')
O4 - HKUSS-1-5-20..RunOnce: [nltide_2]regsvr32 /s /n /i:U shell32 (User ''USŁUGA SIECIOWA'')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''SYSTEM'')
O4 - HKUSS-1-5-18..RunOnce: [nltide_2]regsvr32 /s /n /i:U shell32 (User ''SYSTEM'')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE]C:WINDOWSsystem32CTFMON.EXE (User ''Default user'')
O4 - HKUS.DEFAULT..RunOnce: [nltide_2]regsvr32 /s /n /i:U shell32 (User ''Default user'')
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel -

[Aby zobaczyć linki, zarejestruj się tutaj]

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dll
O9 - Extra ''Tools'' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Crogram FilesJavajre1.6.0_03binssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - CROGRA~1MICROS~1Office12ONBttnIE.dll
O9 - Extra ''Tools'' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - CROGRA~1MICROS~1Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - CROGRA~1MICROS~1Office12REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - CROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - AppInit_DLLs:C:WINDOWSsystem32guard32.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - Crogram FilesAreschatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:WINDOWSsystem32ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - Crogram FilesCOMODOFirewallcmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - Crogram FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - Crogram FilesCommon FilesNeroLibNMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset- Crogram FilesEsetnod32krn.exe
O23 - Service: STI Simulator - Unknown owner - C:WINDOWSSystem32PAStiSvc.exe

--
End of file - 5336 bytes

[Serafin]

Proszę zapoznać się z

[Aby zobaczyć linki, zarejestruj się tutaj]

tematem oraz zmienić temat na konkretny - mówiący o problemie. W przeciwnym wypadku temat zostanie wyrzucony do kosza.

Log z hijacka jest czysty. Poproszę o log z

[Aby zobaczyć linki, zarejestruj się tutaj]

[mario200]

ComboFix 08-04-29.5 - mario 2008-04-30 22:40:03.1 - NTFSx86
Microsoft Windows XP Professional5.1.2600.2.1250.1.1045.18.146 [GMT 2:00]
Running from: Cocuments and SettingsmarioPulpitComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-30)))))))))))))))))))))))))))))))
.

2008-04-30 22:39 . 2008-04-30 22:39 1,024 --ah----- C:WINDOWSsystem32configsystemprofilentuser.dat.LOG
2008-04-30 18:46 . 2008-04-30 18:46 <DIR> d-------- Crogram FilesTrend Micro
2008-04-24 14:30 . 2008-04-24 14:30 54,156 --ah----- C:WINDOWSQTFont.qfn
2008-04-24 14:30 . 2008-04-24 14:30 1,409 --a------ C:WINDOWSQTFont.for
2008-04-19 20:25 . 2008-04-19 20:30 918 --a------ C:WINDOWSwininit.ini
2008-04-19 19:18 . 2008-04-22 19:03 <DIR> d-------- Crogram FilesSpybot - Search & Destroy
2008-04-19 19:18 . 2008-04-22 19:03 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiSpybot - Search & Destroy
2008-04-19 12:03 . 2001-01-12 18:47 122,884 --a------ C:WINDOWSUnGins.exe
2008-04-19 11:58 . 2008-04-19 11:58 260 --a------ C:WINDOWS_delis32.ini
2008-04-12 16:01 . 2008-04-12 16:01 <DIR> d-------- Cocuments and SettingsmarioDane aplikacjiArcSoft
2008-04-12 15:55 . 2003-09-19 15:45 21,248 --a------ C:WINDOWSsystem32driverspfc.sys
2008-04-12 15:54 . 1995-08-01 04:44 212,480 --a------ C:WINDOWSPCDLIB32.DLL
2008-04-12 15:50 . 2008-04-12 15:50 <DIR> dr------- Cocuments and SettingsLocalServiceMoje dokumenty
2008-04-12 15:35 . 2004-08-03 22:58 5,504 --a------ C:WINDOWSsystem32driversMSTEE.sys
2008-04-12 15:35 . 2004-08-03 22:58 5,504 --a------ C:WINDOWSsystem32dllcachemstee.sys
2008-04-12 15:34 . 2004-08-04 00:44 16,384 --a------ C:WINDOWSsystem32ipsink.ax
2008-04-12 15:34 . 2004-08-04 00:44 16,384 --a------ C:WINDOWSsystem32dllcacheipsink.ax
2008-04-12 15:34 . 2004-08-03 23:10 15,360 --a------ C:WINDOWSsystem32driversStreamIP.sys
2008-04-12 15:34 . 2004-08-03 23:10 15,360 --a------ C:WINDOWSsystem32dllcachestreamip.sys
2008-04-12 15:34 . 2004-08-03 23:10 10,880 --a------ C:WINDOWSsystem32driversNdisIP.sys
2008-04-12 15:34 . 2004-08-03 23:10 10,880 --a------ C:WINDOWSsystem32dllcachendisip.sys
2008-04-12 15:33 . 2004-08-03 23:10 19,328 --a------ C:WINDOWSsystem32driversWSTCODEC.SYS
2008-04-12 15:33 . 2004-08-03 23:10 19,328 --a------ C:WINDOWSsystem32dllcachewstcodec.sys
2008-04-12 15:33 . 2004-08-03 23:10 11,136 --a------ C:WINDOWSsystem32driversSLIP.sys
2008-04-12 15:33 . 2004-08-03 23:10 11,136 --a------ C:WINDOWSsystem32dllcacheslip.sys
2008-04-12 15:32 . 2004-08-03 23:10 85,376 --a------ C:WINDOWSsystem32driversNABTSFEC.sys
2008-04-12 15:32 . 2004-08-03 23:10 85,376 --a------ C:WINDOWSsystem32dllcachenabtsfec.sys
2008-04-12 15:30 . 2004-08-03 23:10 17,024 --a------ C:WINDOWSsystem32driversCCDECODE.sys
2008-04-12 15:30 . 2004-08-03 23:10 17,024 --a------ C:WINDOWSsystem32dllcacheccdecode.sys
2008-04-12 15:26 . 2008-04-12 15:26 <DIR> d-------- C:WINDOWSPixArt
2008-04-12 15:26 . 2008-04-12 15:26 <DIR> d-------- Crogram FilesTrust
2008-04-12 15:26 . 2008-04-12 15:26 <DIR> d-------- Crogram FilesCommon FilesPCCamera
2008-04-12 15:24 . 2008-04-12 15:24 <DIR> d-------- C:WINDOWSDownloaded Installations
2008-04-04 15:58 . 2008-04-04 15:58 <DIR> d-------- C:WINDOWSsystem32xircom
2008-04-04 15:58 . 2008-04-04 15:58 <DIR> d-------- C:WINDOWSsrchasst
2008-04-04 15:58 . 2008-04-04 15:58 <DIR> d-------- C:WINDOWSmsagent
2008-04-04 15:58 . 2008-04-04 15:58 <DIR> d-------- Crogram Filesmicrosoft frontpage
2008-04-04 09:52 . 2008-04-04 09:52 <DIR> d-------- C:WINDOWSsystem32Kaspersky Lab
2008-04-04 09:52 . 2008-04-04 09:52 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiKaspersky Lab
2008-04-01 12:59 . 2008-04-01 13:00 <DIR> d-------- C:WINDOWSsystem32QuickTime
2008-03-31 09:08 . 1999-11-10 11:05 86,016 --a------ C:WINDOWSunvise32qt.exe
2008-03-31 09:07 . 2008-04-01 13:01 <DIR> d-------- Crogram FilesQuickTime
2008-03-31 09:06 . 2008-03-31 10:00 <DIR> d-------- Cocuments and SettingsAll UsersDane aplikacjiQuickTime
2008-03-27 07:58 . 2006-06-22 21:44 2,201,224 -ra------ C:WINDOWSsystem32Flash9.ocx
2008-03-22 14:38 . 2008-03-22 14:39 <DIR> d-------- Cocuments and SettingsmarioDane aplikacjiDAEMON Tools Pro
2008-03-22 14:27 . 2008-03-22 14:27 685,816 --a------ C:WINDOWSsystem32driverssptd.sys
2008-03-22 13:57 . 2008-03-22 13:57 278,984 --a------ C:WINDOWSsystem32driversatksgt.sys
2008-03-22 13:57 . 2008-03-22 13:57 25,416 --a------ C:WINDOWSsystem32driverslirsgt.sys
2008-03-21 14:06 . 2006-10-26 20:56 32,592 --a------ C:WINDOWSsystem32msonpmon.dll
2008-03-21 14:02 . 2008-03-21 14:02 <DIR> d-------- Crogram FilesMicrosoft Works
2008-03-21 14:01 . 2008-03-21 14:01 <DIR> d-------- Crogram FilesMSBuild
2008-03-21 13:59 . 2008-03-21 13:59 <DIR> d-------- Crogram FilesMicrosoft.NET
2008-03-21 13:51 . 2008-03-21 14:00 <DIR> d-------- C:WINDOWSSHELLNEW
2008-03-21 13:49 . 2008-03-21 13:49 <DIR> dr-h----- C:MSOCache
2008-03-17 09:24 . 2008-04-21 18:58 139,008 --a------ C:WINDOWSsystem32guard32.dll
2008-03-09 15:56 . 2008-03-09 16:00 <DIR> d--h----- Crogram FilesZero G Registry
2008-03-09 15:55 . 2008-03-09 15:55 <DIR> d--h----- Cocuments and SettingsmarioInstallAnywhere
2008-03-03 16:39 . 2008-03-03 16:39 98,304 --a------ C:WINDOWSsystem32CmdLineExt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-30 20:40 --------- d-----w Crogram FilesESET
2008-04-30 16:30 --------- d-----w Cocuments and SettingsmarioDane aplikacjiuTorrent
2008-04-29 14:15 --------- d-----w Cocuments and SettingsmarioDane aplikacjiSkype
2008-04-29 14:11 --------- d-----w Cocuments and SettingsmarioDane aplikacjiskypePM
2008-04-29 14:10 --------- d-----w Cocuments and SettingsmarioDane aplikacjiTlen.pl
2008-04-21 16:59 87,312 ----a-w C:WINDOWSsystem32driverscmdGuard.sys
2008-04-21 16:59 23,824 ----a-w C:WINDOWSsystem32driverscmdhlp.sys
2008-04-21 06:28 --------- d-----w Cocuments and SettingsmarioDane aplikacjiMyPhoneExplorer
2008-04-20 15:48 --------- d--h--w Crogram FilesInstallShield Installation Information
2008-04-08 12:45 --------- d-----w Crogram FileseMule
2008-04-07 08:15 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiVivendi Universal Games
2008-04-05 11:57 --------- d-----w Crogram FilesNAPI-PROJEKT
2008-04-04 14:10 --------- d---a-w Cocuments and SettingsAll UsersDane aplikacjiTEMP
2008-04-03 13:54 --------- d-----w Crogram FilesUltraISO
2008-04-03 13:30 --------- d-----w Crogram Files7-Zip
2008-03-21 12:22 --------- d-----w Cocuments and SettingsAll UsersDane aplikacjiMicrosoft Help
2008-03-12 13:07 --------- d-----w Crogram FilesTuxPaint
2008-02-22 21:30 298,104 ----a-w C:WINDOWSsystem32imon.dll
2008-01-21 21:33 214,528 ----a-w C:WINDOWSsystem321425.tmp
2008-01-13 13:56 32 ----a-w Cocuments and SettingsAll UsersDane aplikacjiezsid.dat
2008-01-08 15:20 53,248 ----a-w C:WINDOWSsystem32suppdll.dll
2008-01-08 15:20 35,363 ----a-w C:WINDOWSsystem32windrvNT.sys
2007-12-15 15:10 16,384 --sha-w C:WINDOWSsystem32configsystemprofileCookiesindex.dat
2007-12-15 15:10 32,768 --sha-w C:WINDOWSsystem32configsystemprofileUstawienia lokalneHistoriaHistory.IE5index.dat
2007-12-15 15:10 32,768 --sha-w C:WINDOWSsystem32configsystemprofileUstawienia lokalneHistoriaHistory.IE5MSHist012007121520071216index.dat
2007-12-15 15:10 32,768 --sha-w C:WINDOWSsystem32configsystemprofileUstawienia lokalneTemporary Internet FilesContent.IE5index.dat
.

------- Sigcheck -------

2007-07-10 15:06642560ce594e18fe0d0af804f1f3694921ce62 C:WINDOWSsystem32user32.dll

2007-07-14 00:56814592ce7193c5f7c01b19768e066087c1c919 C:WINDOWSsystem32wininet.dll

2007-10-16 01:193605760fb6743e937c7bb248b2530a5a77abc6 C:WINDOWSsystem32driverstcpip.sys

2007-10-19 00:1920668169aa8aeee2c77b68af93691758eb0a78b C:WINDOWSsystem32ntkrnlpa.exe

2007-10-19 00:1921898241aeb1a9aa55de24bda1d441989ae4492 C:WINDOWSsystem32ntoskrnl.exe

2007-10-17 21:3097484816df8a100e8966e48ba00c86f6c89972 C:WINDOWSexplorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"µTorrent"="Cocuments and SettingsmarioPulpitutorrent.exe" [2007-12-23 10:40 177152]
"nod32"="Crogram FilesESETnod32kui.exe" [2008-02-22 23:29 949376]
"ctfmon.exe"="C:WINDOWSsystem32ctfmon.exe" [2004-08-04 04:44 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="Crogram FilesCommon FilesNeroLibNMIndexStoreSvr.exe" [2007-12-13 20:10 1688872]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"COMODO Firewall Pro"="Crogram FilesCOMODOFirewallcfp.exe" [2008-04-21 18:56 1572608]
"nod32kui"="Crogram FilesEsetnod32kui.exe" [2008-02-22 23:29 949376]
"NeroFilterCheck"="Crogram FilesCommon FilesNeroLibNeroCheck.exe" [2007-03-01 15:57 153136]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSsystem32CTFMON.EXE" [2004-08-04 04:44 15360]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2007-10-09 02:01 124928 C:WINDOWSsystem32advpack.dll]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"AppInit_DLLs"= C:WINDOWSsystem32guard32.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"aux"= ctwdm32.dll
"VIDC.X264"= x264vfw.dll
"VIDC.YV12"= yv12vfw.dll

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun-]
"µTorrent"="Cocuments and SettingsmarioPulpitutorrent.exe"
"CTFMON.EXE"=C:WINDOWSsystem32ctfmon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
"nod32kui"="Crogram FilesEsetnod32kui.exe" /WAITSERVICE

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"%windir%\system32\sessmgr.exe"=
"C:\Documents and Settings\mario\Pulpit\utorrent.exe"=
"C:\Program Files\Ares\Ares.exe"=
"C:\Program Files\Tlen.pl\tlen.exe"=
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"=
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"=
"C:\Program Files\Skype\Phone\Skype.exe"=

R0 videX32;videX32;C:WINDOWSsystem32DRIVERSvideX32.sys [2007-10-17 20:23]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:WINDOWSsystem32DRIVERScmdguard.sys [2008-04-21 18:59]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:WINDOWSsystem32DRIVERScmdhlp.sys [2008-04-21 18:59]
R1 SandBox;SandBox;C:WINDOWSsystem32DRIVERSSandBox.sys [2007-11-29 19:23]
R1 VD_FileDisk;VD_FileDisk;C:WINDOWSsystem32driversVD_FileDisk.sys [2006-01-13 15:00]
R3 afw;Agnitum firewall driver;C:WINDOWSsystem32DRIVERSafw.sys [2007-12-03 14:40]
S3 ASWFilt;ASWFilt;C:WINDOWSsystem32FiltASWFilt.dll [2007-11-29 19:24]
S3 PAC207;Trust WB-1400T Webcam;C:WINDOWSsystem32DRIVERSpfc027.sys [2005-02-24 12:29]
S3 se59bus;Sony Ericsson Device 089 driver (WDM);C:WINDOWSsystem32DRIVERSse59bus.sys [2006-09-05 21:07]
S3 se59mdfl;Sony Ericsson Device 089 USB WMC Modem Filter;C:WINDOWSsystem32DRIVERSse59mdfl.sys [2006-09-05 21:07]
S3 se59mdm;Sony Ericsson Device 089 USB WMC Modem Driver;C:WINDOWSsystem32DRIVERSse59mdm.sys [2006-09-05 21:07]
S3 se59mgmt;Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM);C:WINDOWSsystem32DRIVERSse59mgmt.sys [2006-09-05 21:08]
S3 se59nd5;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS);C:WINDOWSsystem32DRIVERSse59nd5.sys [2006-09-05 21:06]
S3 se59obex;Sony Ericsson Device 089 USB WMC OBEX Interface;C:WINDOWSsystem32DRIVERSse59obex.sys [2006-09-05 21:09]
S3 se59unic;Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM);C:WINDOWSsystem32DRIVERSse59unic.sys [2006-09-05 21:06]
S3 usbscan;Sterownik skanera USB;C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 23:58]
S3 USBSTOR;Sterownik magazynu masowego USB;C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-04 00:08]

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{508866b0-b497-11dc-9556-0050bf070006}]
ShellAutocommand - activexdebugger32.exe f
ShellAutoRuncommand - C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f
ShellexploreCommand - activexdebugger32.exe f
ShellopenCommand - activexdebugger32.exe f

*Newly Created Service* - CATCHME
.
Contents of the ''Scheduled Tasks'' folder
"2008-04-25 15:15:00 C:WINDOWSTasks1-Click Maintenance.job"
- Crogram FilesTuneUp Utilities 2008OneClick.exe
.
**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:WINDOWSsystem32winlogon.exe
-> C:WINDOWSsystem32guard32.dll

PROCESS: C:WINDOWSsystem32lsass.exe
-> C:WINDOWSsystem32guard32.dll
-> Crogram FilesEsetpr_imon.dll
.
Completion time: 2008-04-30 22:50:15
ComboFix-quarantined-files.txt2008-04-30 20:48:57

Pre-Run: 1,440,333,824 bajtów wolnych
Post-Run: 1,520,259,072 bajtów wolnych

204

[Serafin]

Otwórz notatnik i wklej w nim to:

Kod:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints 2{508866b0-b497-11dc-9556-0050bf070006}]

plik>zapisz jako>zmień rozszerzenie na: wszystkie pliki>zapisz pod nazwą FIX.REG .
Odpal plik FIX.REG w trybie awaryjnym i wyłączonym przywracaniem systemu.

Pobierz program

[Aby zobaczyć linki, zarejestruj się tutaj]

* Dwuklik na SDFix.exe następnie program wypakuje się na dysk systemowy (standardowo C:SDFix)
* Zrestartuj komputer i wejdź do trybu awaryjnego (klawisz F8 przed bootem Windowsa)
* Wejdź do folderu z SDFix kliknij dwa razy na plik RunThis.bat
* Wciśnij Ynastąpi proces usuwania.
* Kiedy usuwanie się ukończy wciśnij dowolny klawisz (Any Key). Nastąpi restart komputera.
* Po restarcie SDFix uruchomi się ponownie, żeby dokończyć proces usuwania kiedy pojawi się w oknie programu Finished, wciśnij dowolny klawisz do zakończenia scryptu i załadowania ikon na pulpicie.
* Pokaż Report.txt znajdujący się w folderze SDFix.

Po zabiegach dajesz nowy log z hijacka log z

[Aby zobaczyć linki, zarejestruj się tutaj]

[Lost World]

mario200 byłeś o coś proszony?