SunnyMan Napisano Luty 8, 2010 Zgłoś Share Napisano Luty 8, 2010 Witam, Ostatnimi czasy przy starcie systemu wyskakuje mi na pulpicie ten błąd Naciskam ok i wszystko gra - jednak ogólnie irytuje mnie ten błąd i mam też myśli że on coś może robić "be" z moim komputerem xD Wie ktoś jak temu zapobiec ? Oto log z HiJacka... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:11:00, on 2010-02-08 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\nvsvc32.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\windows\system32\PnkBstrA.exe C:\windows\system32\PnkBstrB.exe C:\windows\System32\svchost.exe C:\windows\system32\wscntfy.exe C:\windows\RTHDCPL.EXE C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\windows\system32\RUNDLL32.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Nowe Gadu-Gadu\gg.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\program files\steam\steam.exe C:\Program Files\ipla\ipla.exe C:\Program Files\DC Live.Netico.pl\DCPlusPlus.exe C:\Program Files\Xfire\Xfire.exe C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Konrad\Pulpit\HiJackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe F3 - REG:win.ini: run=C:\WINDOWS\scvhost.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Konrad\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe O4 - HKLM\..\Run: [icq lite] C:\WINDOWS\scvhost.exe O4 - HKLM\..\Run: [update Checker] C:\WINDOWS\scvhost.exe O4 - HKLM\..\Run: [AntiVir] C:\WINDOWS\scvhost.exe O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe O4 - HKLM\..\RunServices: [update Checker] C:\WINDOWS\scvhost.exe O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [iPLA!] C:\Program Files\ipla\ipla.exe /autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: DC Live.Netico.pl.lnk = C:\Program Files\DC Live.Netico.pl\DCPlusPlus.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/up...er_4.0.23.0.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe -- End of file - 7097 bytes Dzięki z góry za odp. Pozdrawiam Dodam jeszcze że w menadżerze zadań usługa potem nadal działa Konrad Link do komentarza Udostępnij na innych stronach More sharing options...
Shaker Napisano Luty 8, 2010 Zgłoś Share Napisano Luty 8, 2010 Moim zdaniem to mały trojan, który podpisał się pod ,,svchost", prawie nie zauważalny, bo ma tylko literówkę ,,scvhost". Wpisał ci się w uruchamianie po starcie systemu. Możesz go zapewne wyłaczyć poprzez wpisanie w Menu Start> Uruchom, ,,msconfig" i tam zakładkę uruchamianie. Z usunięciem to może reszta pomoże. PS. Nie ukrył się zbyt dobrze, bo natrafił na błąd Po drugie, jest to chyba tylko jego pozostałość, bo samego pliku już nie ma, jak zapewne zauważyłeś. Link do komentarza Udostępnij na innych stronach More sharing options...
SunnyMan Napisano Luty 8, 2010 Autor Zgłoś Share Napisano Luty 8, 2010 Tak tak, ja czyściłem kwarantannę przed tym błędem w Nodzie Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Luty 8, 2010 Zgłoś Share Napisano Luty 8, 2010 Daj log z Malwarebytes' Anti-Malware oraz RSITa. Link do komentarza Udostępnij na innych stronach More sharing options...
SunnyMan Napisano Luty 8, 2010 Autor Zgłoś Share Napisano Luty 8, 2010 Powyłączałem te dziadostwa ale nadal to samo tzn. już wyskakuje tylko jedno okienko z błędem nie 2 Jest postęp ^^ Już zaraz to zrobię... Malwarebytes' Anti-Malware 1.44 Wersja bazy definicji: 3510 Windows 5.1.2600 Dodatek Service Pack 3 Internet Explorer 6.0.2900.5512 2010-02-08 17:44:21 logi Typ skanowania: Szybkie skanowanie Przeskanowane obiekty: 106874 Upłynęło: 3 minute(s), 31 second(s) Zainfekowane procesy w pamięci: 0 Zainfekowane moduły pamięci: 0 Zainfekowane klucze rejestru: 0 Zainfekowane wartości rejestru: 1 Zainfekowane pliki rejestru: 1 Zainfekowane foldery: 0 Zainfekowane pliki: 0 Zainfekowane procesy w pamięci: (Nie wykryto groźnych plików) Zainfekowane moduły pamięci: (Nie wykryto groźnych plików) Zainfekowane klucze rejestru: (Nie wykryto groźnych plików) Zainfekowane wartości rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\windows update (Backdoor.Bot) -> No action taken. Zainfekowane pliki rejestru: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe scvhost.exe) Good: (Explorer.exe) -> No action taken. Zainfekowane foldery: (Nie wykryto groźnych plików) Zainfekowane pliki: (Nie wykryto groźnych plików) Link do komentarza Udostępnij na innych stronach More sharing options...
Shaker Napisano Luty 8, 2010 Zgłoś Share Napisano Luty 8, 2010 Bad: (Explorer.exe scvhost.exe) To ci wywala tego błęda, program do ręcznego usuwania wpisów i wszystko powinno wrócić do normy. @ down EasyCleaner na przykład. http://shp.net.pl/modules.php?name=Downloa...tit&lid=172 Link do komentarza Udostępnij na innych stronach More sharing options...
SunnyMan Napisano Luty 8, 2010 Autor Zgłoś Share Napisano Luty 8, 2010 A jakiś tego typu programik ? Aby usunąć go szybko i bezboleśnie w humanitarny sposób ^^ No ok, a mógłbyś mnie jakoś pokierować? Nie wiem za bardzo co i jak w tym programie a nie chce czegoś spitolić w rejestrze. Link do komentarza Udostępnij na innych stronach More sharing options...
Sevard Napisano Luty 8, 2010 Zgłoś Share Napisano Luty 8, 2010 Pozwól Malwarebytes' naprawić to co znalazł. To powinno przynajmniej częściowo rozwiązać problem. Jeszcze log z RSITa poproszę. Link do komentarza Udostępnij na innych stronach More sharing options...
SunnyMan Napisano Luty 8, 2010 Autor Zgłoś Share Napisano Luty 8, 2010 RSIT Logfile of random's system information tool 1.06 (written by random/random) Run by Konrad at 2010-02-08 19:21:42 Microsoft Windows XP Professional Dodatek Service Pack 3 System drive C: has 22 GB (44%) free of 50 GB Total RAM: 2047 MB (62% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:21:57, on 2010-02-08 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\nvsvc32.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.exe C:\windows\RTHDCPL.EXE C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\windows\system32\RUNDLL32.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Nowe Gadu-Gadu\gg.exe C:\Program Files\DAEMON Tools Lite\DTLite.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\program files\steam\steam.exe C:\Program Files\ipla\ipla.exe C:\Program Files\Xfire\Xfire.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\windows\system32\PnkBstrA.exe C:\windows\system32\PnkBstrB.exe C:\windows\System32\svchost.exe C:\windows\system32\wscntfy.exe C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Konrad\Pulpit\RSIT.exe C:\Program Files\trend micro\Konrad.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = : R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: Shell=Explorer.exe scvhost.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Konrad\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe O4 - HKLM\..\RunServices: [msconfig] C:\WINDOWS\scvhost.exe O4 - HKLM\..\RunServices: [icq lite] C:\WINDOWS\scvhost.exe O4 - HKLM\..\RunServices: [update Checker] C:\WINDOWS\scvhost.exe O4 - HKLM\..\RunServices: [AntiVir] C:\WINDOWS\scvhost.exe O4 - HKLM\..\RunServices: [] C:\WINDOWS\scvhost.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [iPLA!] C:\Program Files\ipla\ipla.exe /autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: DC Live.Netico.pl.lnk = C:\Program Files\DC Live.Netico.pl\DCPlusPlus.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/up...er_4.0.23.0.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe -- End of file - 6918 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-14 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-14 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}] IEPluginBHO Class - C:\Documents and Settings\Konrad\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-05-28 42088] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"=C:\windows\RTHDCPL.EXE [2008-06-13 16871936] "Alcmtr"=C:\windows\ALCMTR.EXE [2005-05-03 69632] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792] "COMODO Firewall Pro"=C:\Program Files\Comodo\Firewall\CPF.exe [2009-08-09 1115728] "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-02-20 1443072] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-14 149280] "nwiz"=nwiz.exe /installquiet [] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-11-20 12669544] "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-11-20 110184] "MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 171520] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-11-24 94208] "Nowe Gadu-Gadu"=C:\Program Files\Nowe Gadu-Gadu\gg.exe [2009-08-31 11391592] "ALLUpdate"=C:\Program Files\ALLPlayer\ALLUpdate.exe [2008-11-24 869888] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200] "Pando Media Booster"=C:\Program Files\Pando Networks\Media Booster\PMB.exe [2009-11-22 2923192] "Steam"=c:\program files\steam\steam.exe [2009-12-06 1217808] "IPLA!"=C:\Program Files\ipla\ipla.exe [2009-12-12 14100376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiVir] C:\WINDOWS\scvhost.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq lite] C:\WINDOWS\scvhost.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run] C:\WINDOWS\scvhost.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update Checker] C:\WINDOWS\scvhost.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update] C:\WINDOWS\scvhost.exe [] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart DC Live.Netico.pl.lnk - C:\Program Files\DC Live.Netico.pl\DCPlusPlus.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE C:\Documents and Settings\Konrad\Menu Start\Programy\Autostart Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster" "C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:?Torrent" "C:\Documents and Settings\Konrad\Pulpit\utorrent.exe"="C:\Documents and Settings\Konrad\Pulpit\utorrent.exe:*:Enabled:?Torrent" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "D:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe"="D:\Program Files\Electronic Arts\Battlefield Bad Company 2 - BETA\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA" "C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe"="C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2" "C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe"="C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2010-02-08 19:21:42 ----D---- C:\rsit 2010-02-08 19:21:42 ----D---- C:\Program Files\trend micro 2010-02-08 18:02:34 ----D---- C:\Program Files\ToniArts 2010-02-08 17:38:59 ----D---- C:\Documents and Settings\Konrad\Dane aplikacji\Malwarebytes 2010-02-08 17:38:54 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2010-02-08 17:38:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-02-08 17:28:02 ----D---- C:\windows\pss 2010-02-08 16:14:43 ----HD---- C:\windows\system32\GroupPolicy 2010-01-31 15:57:04 ----A---- C:\windows\system32\pbsvc_bc2.exe 2010-01-30 13:09:14 ----A---- C:\windows\ARCHPR.INI 2010-01-30 13:09:06 ----D---- C:\Program Files\ElcomSoft 2010-01-22 11:40:27 ----D---- C:\Program Files\Ubisoft 2010-01-22 02:33:06 ----A---- C:\windows\system32\xfcodec.dll ======List of files/folders modified in the last 1 months====== 2010-02-08 19:21:47 ----D---- C:\windows\Prefetch 2010-02-08 19:21:43 ----D---- C:\windows\Temp 2010-02-08 19:21:42 ----RD---- C:\Program Files 2010-02-08 18:02:34 ----HD---- C:\Program Files\InstallShield Installation Information 2010-02-08 17:57:41 ----D---- C:\Program Files\DC Live.Netico.pl 2010-02-08 17:38:55 ----D---- C:\windows\system32\drivers 2010-02-08 17:35:47 ----A---- C:\windows\win.ini 2010-02-08 17:35:47 ----A---- C:\windows\system.ini 2010-02-08 17:35:37 ----D---- C:\Program Files\Mozilla Firefox 2010-02-08 17:34:46 ----D---- C:\windows\system32 2010-02-08 17:34:46 ----D---- C:\Documents and Settings\Konrad\Dane aplikacji\ipla 2010-02-08 17:34:45 ----D---- C:\Program Files\Steam 2010-02-08 17:33:14 ----A---- C:\windows\SchedLgU.Txt 2010-02-08 17:28:02 ----D---- C:\WINDOWS 2010-02-08 16:22:35 ----HD---- C:\windows\inf 2010-02-08 16:20:32 ----D---- C:\Program Files\Common Files\Akamai 2010-02-08 16:13:03 ----A---- C:\windows\system32\PnkBstrB.exe 2010-02-08 15:06:02 ----D---- C:\Documents and Settings\Konrad\Dane aplikacji\Xfire 2010-02-07 20:30:36 ----D---- C:\Program Files\ALLPlayer 2010-02-03 14:58:52 ----D---- C:\Program Files\Xfire 2010-01-31 16:00:12 ----SHD---- C:\windows\Installer 2010-01-31 15:58:56 ----D---- C:\windows\system32\DirectX 2010-01-31 15:58:27 ----RSD---- C:\windows\assembly 2010-01-31 09:57:34 ----D---- C:\windows\system32\CatRoot2 2010-01-30 15:01:31 ----D---- C:\Program Files\JDownloader 2010-01-30 13:55:33 ----A---- C:\windows\system32\PerfStringBackup.INI 2010-01-29 20:35:03 ----D---- C:\windows\WinSxS 2010-01-25 16:24:35 ----D---- C:\Documents and Settings\Konrad\Dane aplikacji\Skype 2010-01-25 14:50:15 ----D---- C:\Documents and Settings\Konrad\Dane aplikacji\skypePM 2010-01-20 14:12:04 ----D---- C:\Documents and Settings\Konrad\Dane aplikacji\runic games ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 CmdMon;Comodo Application Engine; C:\windows\System32\DRIVERS\cmdmon.sys [2009-08-09 75520] R1 easdrv;easdrv; C:\windows\system32\DRIVERS\easdrv.sys [2008-02-20 29704] R1 epfwtdir;epfwtdir; C:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800] R1 intelppm;Sterownik procesora Intel; C:\windows\System32\DRIVERS\intelppm.sys [2008-04-14 40448] R2 atksgt;atksgt; C:\windows\system32\DRIVERS\atksgt.sys [2009-10-12 271360] R2 eamon;EAMON; C:\windows\system32\DRIVERS\eamon.sys [2008-02-20 39944] R2 lirsgt;lirsgt; C:\windows\system32\DRIVERS\lirsgt.sys [2009-10-12 18048] R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Sterownik Microsoft klasy HID; C:\windows\System32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2008-06-13 4754944] R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\l1e51x86.sys [2008-02-03 36864] R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\windows\system32\drivers\mbamswissarmy.sys [] R3 mouhid;Sterownik myszy HID; C:\windows\System32\DRIVERS\mouhid.sys [2001-10-26 12160] R3 MTsensor;ATK0110 ACPI UTILITY; C:\windows\System32\DRIVERS\ASACPI.sys [2004-08-13 5810] R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2009-11-21 10235968] R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\windows\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Koncentrator z obsługą USB2; C:\windows\System32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Sterownik Miniport uniwersalnego kontrolera hosta USB Microsoft; C:\windows\System32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\windows\system32\drivers\WmBEnum.sys [2004-05-13 10144] R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\windows\system32\drivers\WmXlCore.sys [2004-05-13 44384] S1 InCDPass;InCDPass; C:\windows\system32\drivers\InCDPass.sys [] S1 InCDRm;InCD Reader; C:\windows\system32\drivers\InCDRm.sys [] S1 kbdhid;Sterownik klawiatury HID; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] S3 auewg9zl;auewg9zl; C:\windows\system32\drivers\auewg9zl.sys [] S3 CA504AV;GSmart Mini 2 WDM Video Capture; C:\windows\System32\Drivers\CA504AV.SYS [2002-07-12 508394] S3 CCDECODE;Dekoder napisów; C:\windows\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 hamachi;Hamachi Network Interface; C:\windows\system32\DRIVERS\hamachi.sys [2009-08-22 25280] S3 MSTEE;Konwerter strumieni Tee/Sink-to-Sink Microsoft Streaming; C:\windows\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;Koder-dekoder NABTS/FEC VBI; C:\windows\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Połączenie TV/wideo firmy Microsoft; C:\windows\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 PnkBstrK;PnkBstrK; \??\C:\windows\system32\drivers\PnkBstrK.sys [] S3 SLIP;BDA Slip De-Framer; C:\windows\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA IPSink; C:\windows\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 Sunplus;GSmart Mini 2 Still Image Capture; C:\windows\System32\Drivers\Bulk504.sys [2002-07-11 10988] S3 usbccgp;Rodzajowy sterownik nadrzędny USB Microsoft; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbprint;Klasa PRINTER USB Microsoft; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S3 usbscan;Sterownik skanera USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 USBSTOR;Sterownik magazynu masowego USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WmFilter;Logitech WingMan HID Filter Driver; C:\windows\system32\drivers\WmFilter.sys [2004-05-13 21440] S3 WmHidLo;Logitech WingMan USB Filter Driver; C:\windows\system32\drivers\WmHidLo.sys [2004-05-13 14720] S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\windows\system32\drivers\WmVirHid.sys [2004-05-13 5600] S3 WSTCODEC;Kodery-dekodery teletekstu w standardzie światowym; C:\windows\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\windows\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\windows\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 InCDFs;InCD File System; C:\windows\system32\drivers\InCDFs.sys [] S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 CmdAgent;Comodo Application Agent; C:\Program Files\Comodo\Firewall\cmdagent.exe [2009-08-09 361040] R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-14 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvsvc32.exe [2009-11-20 154216] R2 PnkBstrA;PnkBstrA; C:\windows\system32\PnkBstrA.exe [2009-11-16 75064] R2 PnkBstrB;PnkBstrB; C:\windows\system32\PnkBstrB.exe [2010-02-08 215128] S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\WINDOWS\system32\regedt32.exe [2001-10-26 3584] S3 aspnet_state;Usuga stanu ASP.NET; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-02-20 19200] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-11-23 3608412] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\windows\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Usługa udostępniania portów Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Dobra wszystko już działa jak należy, OGROMNE dzięki za pomoc Świetnie teraz cały świat wie co mam w komputerze i co robię xD Link do komentarza Udostępnij na innych stronach More sharing options...