Dzięki panowie. Wyłączyłem ten proces z autostartu po czym przeskanowałem kompa combofixem i hijackthis. Nie wiem dokładnie co się stało, ale w tym momencie komp mi chodzi jakby dostał 2-krotnie wyższej mocy obliczeniowej
Oto logi (if you care :P)
Kod:
ComboFix 13-02-07.01 - xxx 2013-02-07 23:33:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2046.1530 [GMT 1:00]
Uruchomiony z: G:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\xxx\WINDOWS
.
.
((((((((((((((((((((((((( Pliki utworzone od 2013-01-07 do 2013-02-07 )))))))))))))))))))))))))))))))
.
.
2013-02-07 17:16 . 2013-02-07 17:16 -------- d-----w- c:\documents and settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Sun
2013-02-07 16:11 . 2004-12-10 11:48 68992 ----a-w- c:\windows\system32\drivers\LMouKE.Sys
2013-02-07 16:11 . 2004-12-10 11:48 52992 ----a-w- c:\windows\system32\drivers\L8042MOU.SYS
2013-02-07 16:11 . 2004-12-10 11:48 36480 ----a-w- c:\windows\system32\drivers\LHidUsbK.sys
2013-02-07 16:11 . 2013-02-07 16:11 -------- d-----w- c:\program files\Common Files\Logitech
2013-02-07 16:11 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2013-02-07 16:11 . 2003-03-18 20:12 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2013-02-07 16:11 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-02-07 16:11 . 2003-03-18 18:05 89088 ----a-w- c:\windows\system32\atl71.dll
2013-02-07 16:11 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-02-07 16:10 . 2004-12-10 11:48 24704 ----a-w- c:\windows\system32\drivers\LHidKE.Sys
2013-02-07 16:10 . 2004-12-10 11:45 49152 ----a-w- c:\windows\KHALMNPR.Exe
2013-02-07 16:10 . 2013-02-07 16:10 -------- d-----w- c:\program files\Logitech
2013-02-07 16:10 . 2004-12-10 11:47 13056 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys
2013-02-07 16:10 . 2004-07-15 23:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2013-02-07 16:10 . 2004-07-15 23:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2013-02-07 16:10 . 2004-07-15 23:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2013-02-07 16:10 . 2004-07-15 23:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2013-02-07 16:10 . 2004-07-15 23:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2013-02-07 16:10 . 2013-02-07 16:10 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2013-02-07 16:10 . 2013-02-07 16:10 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2013-02-07 00:20 . 2013-02-07 00:20 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-07 00:20 . 2013-02-07 00:20 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-29 19:37 . 2013-01-29 19:37 -------- d-----w- c:\documents and settings\xxx\Ustawienia lokalne\Dane aplikacji\Logitech
2013-01-28 13:39 . 2013-01-28 13:39 -------- d-----w- c:\program files\WavCombiner
2013-01-28 13:39 . 2006-05-16 18:41 81920 ----a-w- c:\windows\system32\wavejoiner.ax
2013-01-28 13:06 . 2013-01-28 13:06 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NCH Software
2013-01-28 13:06 . 2013-01-28 13:06 -------- d-----w- c:\program files\NCH Software
2013-01-28 13:06 . 2013-01-28 13:06 -------- d-----w- c:\documents and settings\xxx\Dane aplikacji\NCH Software
2013-01-28 12:29 . 2013-01-28 12:29 -------- d-----w- c:\documents and settings\xxx\Ustawienia lokalne\Dane aplikacji\Greyfirst
2013-01-28 12:29 . 2013-01-28 12:29 -------- d-----w- c:\documents and settings\xxx\Dane aplikacji\Greyfirst
2013-01-28 11:40 . 2013-01-28 11:40 -------- d-----w- c:\documents and settings\xxx\Ustawienia lokalne\Dane aplikacji\WMTools Downloaded Files
2013-01-27 17:49 . 2006-11-08 20:19 4544 ----a-w- c:\windows\system32\drivers\hidusbf.sys
2013-01-27 17:34 . 2013-01-27 17:34 -------- d-----w- C:\Mouse Rate Checker 1.1b
2013-01-26 23:15 . 2013-02-04 19:49 -------- d-----w- C:\Nor
2013-01-26 16:12 . 2013-01-26 17:42 -------- d-----w- c:\documents and settings\xxx\Dane aplikacji\Mp3tag
2013-01-26 16:12 . 2013-01-26 16:12 -------- d-----w- c:\program files\Mp3tag
2013-01-23 00:12 . 2013-01-24 23:27 -------- d-----w- c:\documents and settings\xxx\Ustawienia lokalne\Dane aplikacji\Greenshot
2013-01-23 00:12 . 2013-01-24 23:27 -------- d-----w- c:\documents and settings\xxx\Dane aplikacji\Greenshot
2013-01-20 11:31 . 2013-01-20 11:31 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-01-14 20:32 . 2013-01-14 20:32 -------- d-----w- c:\program files\PowerQuest
2013-01-10 23:11 . 2013-01-10 23:11 -------- d-----w- c:\program files\7-Zip
2013-01-09 18:03 . 2013-01-09 18:03 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-07 00:20 . 2012-11-07 20:57 861088 -c--a-w- c:\windows\system32\npDeployJava1.dll
2013-02-07 00:20 . 2012-11-07 20:57 782240 -c--a-w- c:\windows\system32\deployJava1.dll
2013-01-29 19:36 . 2012-11-18 18:56 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-01-09 18:03 . 2012-11-07 19:46 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 18:03 . 2012-11-07 19:46 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-09 17:17 . 2012-12-09 17:17 249856 ------w- c:\windows\Setup1.exe
2012-12-09 17:17 . 2012-12-09 17:17 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-12-01 16:21 . 2012-11-13 13:34 21840 ----atw- c:\windows\system32\SIntfNT.dll
2012-12-01 16:21 . 2012-11-13 13:34 17212 ----atw- c:\windows\system32\SIntf32.dll
2012-12-01 16:21 . 2012-11-13 13:34 12067 ----atw- c:\windows\system32\SIntf16.dll
2012-11-22 23:41 . 2012-11-22 23:41 2829 -c--a-w- c:\windows\DiabUnin.pif
2012-11-22 23:41 . 2012-11-22 23:41 118784 -c--a-w- c:\windows\DiabUnin.exe
2012-11-18 18:45 . 2012-11-18 18:45 53248 -c--a-r- c:\documents and settings\xxx\Dane aplikacji\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-11-15 01:44 . 2012-11-15 01:44 56320 ----a-w- c:\windows\system32\rzdevinfo.dll
2012-11-15 01:44 . 2012-11-15 01:44 148480 ----a-w- c:\windows\system32\rztouchdll.dll
2012-11-15 01:44 . 2012-11-15 01:44 617472 ----a-w- c:\windows\system32\rzdevicedll.dll
2012-11-13 12:08 . 2012-11-13 12:08 94208 -c--a-w- c:\windows\DIIUnin.exe
2012-11-13 12:08 . 2012-11-13 12:08 2829 -c--a-w- c:\windows\DIIUnin.pif
2013-02-06 10:31 . 2013-02-06 10:30 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-08 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-05-08 . 9F02C1CF7C3100E4AEA7DD8B6A86A01B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-12-09 969104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\program files\VDOTool\TBPanel.exe" [2007-06-26 2165272]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-23 8466432]
"nwiz"="nwiz.exe" [2007-07-23 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-23 81920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 49152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2013-2-7 434176]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
= [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-11-15 09:42 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-27 18:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HGTXPEI]
2002-06-11 13:34 24576 ----a-w- c:\windows\system32\FirstReboot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Konnekt]
2005-05-24 21:41 503808 ----a-w- c:\program files\Konnekt\konnekt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-02-13 06:31 16857600 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundFusion]
2002-09-13 14:53 884736 ----a-w- c:\windows\system32\hercplgs.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\JDownloader\\jre\\bin\\javaw.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Battle.net\\Agent\\Agent.954\\Agent.exe"=
"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Battle.net\\Agent\\Agent.1363\\Agent.exe"=
"c:\\Program Files\\Konnekt\\konnekt.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2012-11-07 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-26 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-12-26 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-12-26 21256]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2012-11-18 12184]
R3 hercspud;Hercules (R) WDM Audio Driver;c:\windows\system32\drivers\hercspud.sys [2012-11-07 132352]
R3 hercwdm;Hercules (R) WDM Interface Driver;c:\windows\system32\drivers\hercwdm.sys [2012-11-07 465152]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [2013-01-27 4544]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys --> c:\windows\system32\drivers\LGBusEnum.sys [?]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys --> c:\windows\system32\DRIVERS\LGSHidFilt.Sys [?]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys --> c:\windows\system32\drivers\LGVirHid.sys [?]
S3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\drivers\rzdaendpt.sys [2013-01-02 22400]
S3 rzkbdhid;Razer HID Keyboard Driver Service;c:\windows\system32\drivers\rzkbdhid.sys [2013-01-02 3456]
S3 rzudd;Razer Keyboard Driver;c:\windows\system32\drivers\rzudd.sys [2013-01-02 94592]
S3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\drivers\rzvkeyboard.sys [2013-01-02 19968]
.
Zawartość folderu 'Zaplanowane zadania'
.
2013-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-07 18:03]
.
2013-02-07 c:\windows\Tasks\AdobeARM.job
- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 07:35]
.
2013-02-07 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-12-26 22:50]
.
2013-02-07 c:\windows\Tasks\jucheck.job
- c:\program files\Common Files\Java\Java Update\jucheck.exe [2012-07-03 08:04]
.
.
------- Skan uzupełniający -------
.
IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\831gqmv3.default-1358783685125\
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - ExtSQL: 2012-12-26 16:02; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-01-21 18:30; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\831gqmv3.default-1358783685125\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-01-21 19:04; foxcconverter@gmail.com; c:\documents and settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\831gqmv3.default-1358783685125\extensions\foxcconverter@gmail.com.xpi
FF - ExtSQL: 2013-01-21 19:04; alertbox@ajitk.com; c:\documents and settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\831gqmv3.default-1358783685125\extensions\alertbox@ajitk.com.xpi
FF - ExtSQL: 2013-01-21 19:04; adblockpopups@jessehakanen.net; c:\documents and settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\831gqmv3.default-1358783685125\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-01-21 19:07; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\documents and settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\831gqmv3.default-1358783685125\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF - ExtSQL: 2013-01-21 19:14; gmailwatcher@sonthakit; c:\documents and settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\831gqmv3.default-1358783685125\extensions\gmailwatcher@sonthakit.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-07 23:35
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'explorer.exe'(3580)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Czas ukończenia: 2013-02-07 23:36:44
ComboFix-quarantined-files.txt 2013-02-07 22:36
.
Przed: 2*899*464*192 bajtów wolnych
Po: 4*861*931*520 bajtów wolnych
.
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 2F7E437EEC4BA45E638CEDC9682C8739
Kod:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:43:58, on 2013-02-07
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
G:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Gainward] C:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Moduł wstępnego ładowania interfejsu Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demon buforu kategorii składników - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 5500 bytes
07.02.2013, 20:02
Co to za proces?
Wygląd liniowy
Podobne wątki
