Problem z uruchamianiem systemu/baaaardzo wydluzony czas
Odpowiedzi: 11
-
[quote=kwapa]Przeinstalowałem windowsa(opcja napraw) [/quote] mozesz mi to rozwinac?](*,) :redface: dzieki
-
[quote=Rebe]tych dotyczących modelu notebooka brak. Tak jak i tego co sie dzieje z systemem po tych "10 minutach" - zaczyna pracować normalnie czy dalej coś się wlacze. Do tego dochodzi kwestia tych "normalnie" funkcjonujących ponad 50 prcesów - bez konfiguracji sprżetu ( CPU , pamięć )[/quote] notebook Fujitsu Siemens Amilo Pro V3505 T5500 core 2 duo (1,66ghz), 2gbram owszem jak juz sie uruchomi - pracuje normalnie [quote=Rebe] wolałbym informacje z trybu trace BootVisa [/quote] sprobuje... nie wiem jak podczepic zalacznik --> to moze tak: [url]http://www.imagic.pl/public/pview/131410/bootvis.JPG[/url] [quote=Rebe]Jedna rzecz mnie zastanawia - możliwość wejścia do managera zadań w czasie tej operacji ładowania - on też powinien się opierać z właczeniem do czasu załadowania "kompletu startowego" [/quote] tak. wejsc do managera moge bez problemu i np.wylogowac sie --> choc tez trwa dluzej [quote=Rebe]i ta jedna wątpliwość każe mi z mniejsża wiarą na sprawę czystości patrzeć ( choć dalekim od uznania, że Autor nie wie co na jej temat napisał ).[/quote] no coz , pewnikiem skkanery online cosik moga przeoczyc, jednakowoz do tej pory nie zawiodlem sie na poczciwym "kaspersky anti-virus skaner online";] edit ponowny skan (rowniez symantec-iem i avastem) nic nie wykazal
-
[quote=Rebe]A dupa tam (...)[/quote]To było baaardzo uprzejme :-" :-s
-
[quote=XanTyp]Wstaw log z HiJacka, może ktoś Ci więcej powie...[/quote] moze to wystarczy... [code] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:42:31, on 2008-04-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe D:\Diskeeper\DKService.exe d:\GoBack\GBPoll.exe D:\Norton\Norton Ghost\GhostStartService.exe C:\Program Files\Kerio\Personal Firewall 4\Personal Firewall 4\kpf4ss.exe D:\Norton\Norton Utilities\NPROTECT.EXE C:\Program Files\Kerio\Personal Firewall 4\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\PMJ151LA.BIN D:\Norton\SPEEDD~1\nopdb.exe D:\Alcohol_120%\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kerio\Personal Firewall 4\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe D:\Notebook Hardware Control\nhc.exe D:\Spybot\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Launch Manager\WLBTTray.exe D:\Shareaza\Shareaza\Shareaza.exe C:\WINDOWS\system32\igfxsrvc.exe D:\Diskeeper\DfrgNTFS.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE d:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NotebookHardwareControl] "D:\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Konwertuj do Adobe PDF - res://D:\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do Adobe PDF - res://D:\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konwertuj miejsce docelowe łącza do istniejącego pliku PDF - res://D:\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Konwertuj wybrane łącza do Adobe PDF - res://D:\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Konwertuj zaznaczenie do Adobe PDF - res://D:\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Konwertuj zaznaczenie do istniejącego pliku PDF - res://D:\Adobe Acrobat 8 Professional\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\ACTIVE~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\ACTIVE~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Utwórz Ulubione dla urządzenia przenośnego... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\ACTIVE~1\INetRepl.dll O9 - Extra button: Opcje tłumaczenia angielsko-polskie (Kompas wersja 4) - {4F1DF60B-1BFF-4566-924B-9F24A974C910} - D:\Tlumacz\trenpl4ie_opcje.htm O9 - Extra 'Tools' menuitem: Opcje tłumaczenia angielsko-polskie (Kompas wersja 4) - {4F1DF60B-1BFF-4566-924B-9F24A974C910} - D:\Tlumacz\trenpl4ie_opcje.htm O9 - Extra button: Tłumacz angielski->polski (Kompas wersja 4) - {50C285B9-12A7-427B-B1B4-3BD810513848} - D:\Tlumacz\trenpl4ie_tlumaczenpl.htm O9 - Extra 'Tools' menuitem: Tłumacz angielski->polski (Kompas wersja 4) - {50C285B9-12A7-427B-B1B4-3BD810513848} - D:\Tlumacz\trenpl4ie_tlumaczenpl.htm O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Tłumacz polski->angielski (Kompas wersja 4) - {860D2F9E-9D14-4D7C-A3C9-1B1B40C758F6} - D:\Tlumacz\trenpl4ie_tlumaczplen.htm O9 - Extra 'Tools' menuitem: Tłumacz polski->angielski (Kompas wersja 4) - {860D2F9E-9D14-4D7C-A3C9-1B1B40C758F6} - D:\Tlumacz\trenpl4ie_tlumaczplen.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Spybot\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://mks.com.pl O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193301393390 O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A3F} (SignActivX Control) - https://planet.fortisbanking.com.pl/hades/components/SignActivXFortis.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/SU/SU1.5/ocx/15034/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Diskeeper\DKService.exe O23 - Service: GBPoll - Roxio, Inc. - d:\GoBack\GBPoll.exe O23 - Service: GhostStartService - Symantec Corporation - D:\Norton\Norton Ghost\GhostStartService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\Personal Firewall 4\kpf4ss.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Norton\Norton Utilities\NPROTECT.EXE O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN O23 - Service: Speed Disk service - Symantec Corporation - D:\Norton\SPEEDD~1\nopdb.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\WINDOWSO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [/code]
[quote=Żółty] Jeszcze raz nowe logi - Hijacka i Combofixa pokaz. [/quote] ok [code]ComboFix 08-04-14.2 - Piotr 2008-04-18 11:09:13.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1526 [GMT 2:00] Running from: D:\HijackThis\inne\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 ))))))))))))))))))))))))))))))) . 2008-04-15 16:47 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-04-15 13:08 . 2008-04-15 13:10 <DIR> d-------- C:\WINDOWS\system32\Adobe 2008-04-14 21:37 . 2008-04-15 11:22 <DIR> d-------- C:\Program Files\Panda Security 2008-04-14 18:24 . 2008-04-14 18:24 <DIR> d-------- C:\Documents and Settings\Piotr\Dane aplikacji\TransEngPol4 2008-04-11 22:36 . 2002-01-21 12:36 156,301 --a------ C:\WINDOWS\system32\drivers\GoBack2K.sys 2008-04-11 22:36 . 2002-01-21 12:37 15,024 --a------ C:\WINDOWS\system32\drivers\GBFSHook.sys 2008-04-11 22:36 . 2002-01-21 12:37 3,945 --a------ C:\WINDOWS\system32\drivers\GBDevice.sys 2008-04-10 10:36 . 2008-04-10 10:38 107 --a------ C:\WINDOWS\IfoEdit.INI 2008-04-07 16:14 . 2008-04-07 16:14 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0 2008-04-07 12:00 . 2008-04-07 14:26 133 --a------ C:\WINDOWS\VobEdit.INI 2008-04-07 11:55 . 2008-04-07 14:04 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-03-31 22:12 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys 2008-03-31 22:12 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-18 07:14 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys 2008-04-15 14:47 --------- d-----w C:\Program Files\Java 2008-04-15 09:17 --------- d-----w C:\Documents and Settings\Piotr\Dane aplikacji\Vso 2008-04-15 08:38 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-15 08:38 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ulead Systems 2008-04-12 07:54 --------- d-----w C:\Program Files\Kerio 2008-04-11 18:51 669 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2008-04-07 09:53 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe 2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr 2008-03-26 16:45 --------- d-----w C:\Documents and Settings\Piotr\Dane aplikacji\Shareaza 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-17 15:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2008-03-16 23:18 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll 2008-03-16 21:13 --------- d-----w C:\Documents and Settings\Piotr\Dane aplikacji\vlc 2008-03-12 18:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet 2008-03-05 11:18 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-03-04 16:50 --------- d-----w C:\Documents and Settings\Piotr\Dane aplikacji\Skype 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 09:05 662,016 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-11 20:19 691,545 ----a-w C:\WINDOWS\unins000.exe 2008-02-09 09:21 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-11-20 13:34 47,360 ----a-w C:\Documents and Settings\Piotr\Dane aplikacji\pcouffin.sys 2007-10-26 14:51 32 --sha-w C:\WINDOWS\{688B7486-7E93-427C-B9C4-9B6C47B40C9C}.dat 2007-10-26 14:52 32 --sha-w C:\WINDOWS\{790A1911-B9E5-447E-82B7-4BEC4C621F23}.dat 2007-10-26 14:52 32 --sha-w C:\WINDOWS\{9BCA75AB-9061-4C4C-8D20-8233E44BFA15}.dat 2007-10-26 14:53 32 --sha-w C:\WINDOWS\{AB4B00AF-96B9-4F67-922D-44937C0D66F6}.dat 2007-10-26 14:51 32 --sha-w C:\WINDOWS\{AC6514AB-B69F-4E65-84DE-7DACB2007E0E}.dat 2007-10-26 14:51 32 --sha-w C:\WINDOWS\{F6503DF5-4DDE-44BA-AFF6-F06074BAC69C}.dat 2007-10-26 14:52 32 --sha-w C:\WINDOWS\system32\{12CE0101-E9AF-4A2E-9347-0F6E769CBCC2}.dat 2007-10-26 14:51 32 --sha-w C:\WINDOWS\system32\{29EC5304-9CE1-421D-A794-69582173C7E7}.dat 2007-10-26 14:51 32 --sha-w C:\WINDOWS\system32\{6D65A4A2-EC31-43DA-9C8E-6535D4BC605C}.dat 2007-10-26 14:51 32 --sha-w C:\WINDOWS\system32\{909B0A8A-1FF5-4695-A1C9-8C0F11CAF5BC}.dat 2007-10-26 14:52 32 --sha-w C:\WINDOWS\system32\{BDB1DE1B-0119-4588-B79C-1B75C445C533}.dat 2007-10-26 14:53 32 --sha-w C:\WINDOWS\system32\{F263E58E-5338-4575-8096-CA370BD013F0}.dat . ------- Sigcheck ------- 2008-01-17 12:07 360064 00bd107f910c6bbaaa91eeb6415bf314 C:\WINDOWS\system32\dllcache\TCPIP.SYS 2008-01-17 12:07 360064 00bd107f910c6bbaaa91eeb6415bf314 C:\WINDOWS\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((( snapshot@2008-04-15_11.08.10,18 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-15 08:51:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-18 07:14:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-03-24 17:33:02 1,527,056 ----a-w C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe + 2008-03-19 17:23:20 114,688 ----a-w C:\WINDOWS\system32\Adobe\Director\np32dsw.dll + 2008-03-19 17:36:22 202,168 ----a-w C:\WINDOWS\system32\Adobe\Director\swdir.dll + 2008-03-19 17:36:40 67,000 ----a-w C:\WINDOWS\system32\Adobe\Director\SwDnld.exe + 2008-03-19 17:24:02 487,424 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll + 2008-03-19 16:46:26 1,798,144 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll + 2008-03-19 17:24:04 9,216 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll + 2008-03-19 16:36:14 754,688 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll + 2008-03-19 16:36:16 1,145,896 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe + 2008-03-19 16:36:14 52,288 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll + 2008-03-19 16:42:42 892,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll + 2008-03-19 17:22:34 249,856 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll + 2008-03-19 17:25:36 442,368 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll + 2008-03-19 17:36:06 439,736 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100429.exe + 2008-03-19 17:26:20 110,592 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe + 2008-03-19 17:22:22 94,208 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll + 2008-03-19 16:36:14 50,808 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL + 1999-06-25 08:55:30 149,504 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE - 2006-10-11 23:35:14 49,248 ----a-w C:\WINDOWS\system32\java.exe + 2008-02-21 23:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe - 2006-10-11 23:35:24 53,346 ----a-w C:\WINDOWS\system32\javaw.exe + 2008-02-21 23:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe - 2006-10-12 01:10:56 127,078 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-02-22 00:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe + 2008-03-25 02:32:44 218,496 ----a-r C:\WINDOWS\system32\Macromed\Flash\FlashUtil9f.exe + 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll + 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2008-04-15 15:19:08 74,649 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe + 2008-04-15 14:51:51 70,264 ----a-w C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe - 2008-04-14 16:23:20 60,786 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-04-16 11:05:31 60,786 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-04-14 16:23:20 77,372 ----a-w C:\WINDOWS\system32\perfc015.dat + 2008-04-16 11:05:31 77,372 ----a-w C:\WINDOWS\system32\perfc015.dat - 2008-04-14 16:23:20 399,236 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-04-16 11:05:31 399,236 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-04-14 16:23:20 456,256 ----a-w C:\WINDOWS\system32\perfh015.dat + 2008-04-16 11:05:31 456,256 ----a-w C:\WINDOWS\system32\perfh015.dat + 2008-04-18 07:14:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_198.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="D:\Spybot\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488] "H/PC Connection Agent"="D:\ActiveSync\wcescomm.exe" [2006-11-13 15:57 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224] "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-05-04 10:34 86016] "HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2006-04-19 17:03 65536] "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 13:36 32768] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-21 15:16 761946] "NotebookHardwareControl"="D:\Notebook Hardware Control\nhc.exe" [2007-05-04 02:33 2629632] "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [ ] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\ActiveSync\rapimgr.exe"= D:\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "D:\ActiveSync\wcescomm.exe"= D:\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "D:\ActiveSync\WCESMgr.exe"= D:\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "D:\\GaduGadu\\Gadu-Gadu\\gg.exe"= "C:\\WINDOWS\\system32\\LEXPPS.EXE"= "D:\\Shareaza\\Shareaza\\Shareaza.exe"= "C:\\Program Files\\Kerio\\Personal Firewall 4\\Personal Firewall 4\\kpf4gui.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31] R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-09-22 17:14] R1 GhPciScan;GhostPciScanner;D:\Norton\Norton Ghost\ghpciscan.sys [2002-08-14 15:11] R1 Hotkey;Hotkey;C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 11:27] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35] R2 PMJ151NM;Panasonic DVC Web Camera;C:\WINDOWS\system32\DRIVERS\PMJ151NM.sys [2002-03-19 11:33] S1 Wbutton;Wbutton;C:\WINDOWS\system32\drivers\Wbutton.sys [] S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 05:50] S3 flash;flash;C:\WINDOWS\system32\drivers\flash.sys [2005-11-17 15:36] S3 KS-959;Kingsun KS-959 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-09 05:26] . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-18 11:10:54 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LaunchAp = C:\Program Files\Launch Manager\LaunchAp.exe????\??????|x??|????q??|?j?wQj?w????????,??? ???????????????d??????|????????p?????@??c??????0y?w,??????????????sx??s@??????????????|h??st??????????s?????????????????C?sc"?sx??s???????w??@?N'?slF9? :@?xF9???????? CtrlVol = C:\Program Files\Launch Manager\CtrlVol.exe??L??\??????|x??|????q??|?j?wQj?w????????0??? ???????????????d??????|????????p?????@?p???????0y?w???????????????sx??s@??????????????|h??st??????????s?????????????????C?sc"?sx??s??????7~??@?N'?s?n7? :@??n7???????? scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PMJ151LA] "ImagePath"="%SystemRoot%\PMJ151LA.BIN" . Completion time: 2008-04-18 11:15:02 ComboFix-quarantined-files.txt 2008-04-18 09:13:59 ComboFix2.txt 2008-04-15 09:09:09 Pre-Run: 39,209,312,256 bajtów wolnych Post-Run: 39,229,722,624 bajtów wolnych . 2008-04-12 07:48:08 --- E O F --- [/code] [code]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:17:27, on 2008-04-18 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe D:\Diskeeper\DKService.exe d:\GoBack\GBPoll.exe C:\Program Files\Kerio\Personal Firewall 4\Personal Firewall 4\kpf4ss.exe D:\Norton\Norton Utilities\NPROTECT.EXE C:\Program Files\Kerio\Personal Firewall 4\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\PMJ151LA.BIN D:\Alcohol_120%\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe D:\Notebook Hardware Control\nhc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\lexpps.exe D:\ActiveSync\wcescomm.exe C:\Program Files\Launch Manager\WLBTTray.exe D:\ACTIVE~1\rapimgr.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\explorer.exe D:\Spybot\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NotebookHardwareControl] "D:\Notebook Hardware Control\nhc.exe" -quiet O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\ActiveSync\wcescomm.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193301393390 O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A3F} (SignActivX Control) - https://planet.fortisbanking.com.pl/hades/components/SignActivXFortis.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Unknown owner - C:\Program Files\Creative\Shared Files\CTDevSrv.exe (file missing) O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Diskeeper\DKService.exe O23 - Service: GBPoll - Roxio, Inc. - d:\GoBack\GBPoll.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\Personal Firewall 4\kpf4ss.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\Norton\Norton Utilities\NPROTECT.EXE O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\WINDOWSO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing) -- End of file - 6547 bytes [/code] co sadzisz?