log do sprawdzenia

[growlithe]

Mój komputer strasznie wolno chodzi już nawet nie wiem co robić może to jakiś wirus więc proszę o log do sprawdzenia.

Hijack

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 22:30:23, on 2007-06-02
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
E:\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\WLAN\802.11 Wireless LAN\WlanMonitor.exe
C:\WINDOWS\System32\lxcgcoms.exe
E:\BitComet\BitComet.exe
C:\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Maciek\Walka z Wirusami\Logi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Configuration & Monitor Utility.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O4 - Global Startup: TrayMin210.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B284173C-2076-4BD9-8DE9-AC1ACEE84F44}: NameServer = 194.204.159.1,194.204.152.34
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxcg_device -   - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Net MD Simple Burner Service (NetMDSB) - Unknown owner - C:\Program Files\Sony\Net MD Simple Burner\NetMDSB.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe



ComboScan

Kod: Zaznacz wszystko

ComboScan v20070306.20 run by Maciek on 2007-06-02 at 22:36:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Maciek.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 22:36:11, on 2007-06-02
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
E:\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\WLAN\802.11 Wireless LAN\WlanMonitor.exe
C:\WINDOWS\System32\lxcgcoms.exe
E:\BitComet\BitComet.exe
C:\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Maciek\Walka z Wirusami\Logi\comboscan.exe
D:\Maciek\WALKAZ~1\Logi\Maciek.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Configuration & Monitor Utility.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O4 - Global Startup: TrayMin210.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B284173C-2076-4BD9-8DE9-AC1ACEE84F44}: NameServer = 194.204.159.1,194.204.152.34
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxcg_device -   - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Net MD Simple Burner Service (NetMDSB) - Unknown owner - C:\Program Files\Sony\Net MD Simple Burner\NetMDSB.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


-- Files created between 2007-05-02 and 2007-06-02 -----------------------------

2007-05-17 21:21:54         0 d-------- C:\Program Files\AZPR
2007-05-17 14:57:07         0 d-------- C:\Program Files\Dziobas Rar Player<DZIOBA~1>
2007-05-13 17:37:32     27255 -----n--- C:\WINDOWS\System32\drivers\NWWMUSB.sys
2007-05-13 17:37:23     11510 -----n--- C:\WINDOWS\System32\drivers\VMCUSB.sys
2007-05-13 17:37:23         0 d-------- C:\Program Files\Sony Corporation<SONYCO~1>
2007-05-13 17:37:08     36232 -----n--- C:\WINDOWS\System32\drivers\NETMD033.sys
2007-05-13 17:37:08     90112 -----n--- C:\WINDOWS\snymsico.dll
2007-05-13 17:36:13    757760 --a------ C:\WINDOWS\System32\CDDBUI.dll
2007-05-13 17:36:13    630784 --a------ C:\WINDOWS\System32\CDDBControl.dll<CDDBCO~1.DLL>
2007-05-13 17:36:12    151552 -----n--- C:\WINDOWS\System32\pxwma.dll
2007-05-13 17:36:12    104960 -----n--- C:\WINDOWS\System32\pxinsi64.exe
2007-05-13 17:36:12    108544 -----n--- C:\WINDOWS\System32\pxcpyi64.exe
2007-05-13 17:36:12     20576 -----n--- C:\WINDOWS\System32\drivers\PxHelp20.sys
2007-05-06 15:35:52         0 d-------- C:\Program Files\Kalendarz XP<KALEND~1>
2007-05-05 10:50:33    253696 --a------ C:\WINDOWS\hppunin.exe
2007-05-05 10:50:30         0 d-------- C:\POKUS
2007-05-02 11:05:54    121860 --a------ C:\WINDOWS\UnGins.exe
2007-05-02 11:00:57         0 d-------- C:\Program Files\Sims


-- Find3M Report ---------------------------------------------------------------

2007-06-02 20:54:50         0 d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Skype
2007-06-02 19:43:01         0 d-------- C:\Program Files\Save
2007-06-02 09:42:58         0 d-------- C:\Program Files\Lx_cats
2007-06-01 17:59:01         0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-05-25 23:01:22         0 d-------- C:\Program Files\MioNet
2007-05-17 07:10:45         0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-05-13 17:37:32         0 d-------- C:\Program Files\Sony
2007-05-13 17:34:02         0 d-------- C:\Program Files\Common Files\Sony Shared<SONYSH~1>
2007-05-04 21:22:54         0 d-------- C:\Program Files\mIRC
2007-04-17 13:47:58         0 d-------- C:\Program Files\DAEMON Tools<DAEMON~1>
2007-04-15 13:22:56     43520 --a------ C:\WINDOWS\System32\CmdLineExt03.dll<CMDLIN~1.DLL>
2007-04-14 21:18:19         0 d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Adobe
2007-04-14 21:11:25         0 d-------- C:\Program Files\Common Files\Adobe
2007-04-14 21:09:51         0 d-------- C:\Program Files\Common Files\Adobe Systems Shared<ADOBES~1>
2007-04-13 20:51:07         0 d-------- C:\Program Files\Java
2007-04-08 18:19:24         0 d-------- C:\Program Files\URUSoft
2007-04-07 23:46:13      1168 --a------ C:\WINDOWS\mozver.dat
2007-04-07 23:15:45         0 --a------ C:\WINDOWS\nsreg.dat
2007-04-07 23:15:26         0 d-------- C:\Documents and Settings\Maciek\Dane aplikacji\Mozilla
2007-04-07 22:43:51         0 d-------- C:\Program Files\FlashGet
2007-04-04 18:16:37         0 d-------- C:\Program Files\Ortalion Entertainment<ORTALI~1>
2007-04-02 14:28:16      4608 --a------ C:\WINDOWS\System32\w95inf32.dll
2007-04-02 14:28:16      2272 --a------ C:\WINDOWS\System32\w95inf16.dll
2007-03-25 03:02:12    355830 --a------ C:\WINDOWS\System32\perfh015.dat
2007-03-25 03:02:12     49712 --a------ C:\WINDOWS\System32\perfc015.dat
2007-03-25 02:55:14    298104 --a------ C:\WINDOWS\System32\imon.dll
2007-03-25 02:35:34       484 --a------ C:\Program Files\INSTALL.LOG
2007-03-22 19:40:04     21840 --a-----t C:\WINDOWS\System32\SIntfNT.dll
2007-03-22 19:40:04     17212 --a-----t C:\WINDOWS\System32\SIntf32.dll
2007-03-22 19:40:04     12067 --a-----t C:\WINDOWS\System32\SIntf16.dll
2007-03-19 21:13:10   6422611 --a------ C:\Program Files\frostwire-4.13.1.6.windows.exe<FROSTW~1.EXE>
2007-03-05 21:14:06        33 --a------ C:\Documents and Settings\Maciek\Dane aplikacji\pcouffin.log
2007-03-05 21:14:05     47360 --a------ C:\Documents and Settings\Maciek\Dane aplikacji\pcouffin.sys
2007-03-05 21:14:05      1144 --a------ C:\Documents and Settings\Maciek\Dane aplikacji\pcouffin.inf
2007-03-05 21:14:05      1074 --a------ C:\Documents and Settings\Maciek\Dane aplikacji\pcouffin.cat
2007-03-05 21:14:05     87608 --a------ C:\Documents and Settings\Maciek\Dane aplikacji\ezpinst.exe


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"WhenUSave"="\"C:\\Program Files\\Save\\Save.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"lxcgmon.exe"="\"C:\\Program Files\\Lexmark 2300 Series\\lxcgmon.exe\""
"EzPrint"="\"C:\\Program Files\\Lexmark 2300 Series\\ezprint.exe\""
"FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"LVCOMSX"="C:\\WINDOWS\\System32\\LVCOMSX.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"BigDogPath"="C:\\WINDOWS\\VM_STI.EXE Philips SPC210NC Webcam"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"LXCGCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCGtime.dll,_RunDLLEntry@16"
   

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService   REG_MULTI_SZ      Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService   REG_MULTI_SZ      DnsCache\0\0
rpcss   REG_MULTI_SZ      RpcSs\0\0
imgsvc   REG_MULTI_SZ      StiSvc\0\0
termsvcs   REG_MULTI_SZ      TermService\0\0



-- End of ComboScan: finished at 2007-06-02 at 22:37:05 ------------------------



[Dzi@dek]

Wyłącz przywracanie systemu i w awaryjnym usuwasz wpisy w hijackthis:

O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Pogrubiony katalog usuwasz ręcznie z dysku.

[growlithe]

Jak się wyłącza przywracanie systemy ?

[Dzi@dek]

Mój komputer-prawa mysz - właściwości-przywracanie systemu-wyłącz na wszystkich dyskach.

Autor postu otrzymał pochwałę

[growlithe]

OK wszystko co kazałeś zrobiłem i co teraz trzeba zrobić z tym przywracaniem systemu ?

[Dzi@dek]

Daj logi z HJ + silentrunners

[growlithe]

Dobra ale nic nie przestawiać tam w moim komputerze to co robiłem przed przywracaniem systemu

Hijack

Kod: Zaznacz wszystko

Logfile of HijackThis v1.99.1
Scan saved at 23:55:15, on 2007-06-02
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
E:\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Kalendarz XP\Kalendarz.exe
C:\Program Files\WLAN\802.11 Wireless LAN\WlanMonitor.exe
C:\WINDOWS\System32\lxcgcoms.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Eset\nod32.exe
E:\NAPI-PROJEKT\napisy.exe
D:\Maciek\Walka z Wirusami\Logi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Configuration & Monitor Utility.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O4 - Global Startup: TrayMin210.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B284173C-2076-4BD9-8DE9-AC1ACEE84F44}: NameServer = 194.204.159.1,194.204.152.34
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - E:\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxcg_device -   - C:\WINDOWS\System32\lxcgcoms.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Net MD Simple Burner Service (NetMDSB) - Unknown owner - C:\Program Files\Sony\Net MD Simple Burner\NetMDSB.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe



[Dzi@dek]

+ silentrunners

Gdzie log
Czy dalej wolno chodzi

[growlithe]

Nie mam tego programu a mój komputer i tak wolno chodzi ? Co mam dalej robić ?

[Dzi@dek]

Nie mam tego programu

Jak nie masz - tutaj jest temat i opis:
http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

[growlithe]

Oto mój log z Silent Runers

Kod: Zaznacz wszystko

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"lxcgmon.exe" = ""C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"" ["Lexmark International, Inc."]
"EzPrint" = ""C:\Program Files\Lexmark 2300 Series\ezprint.exe"" ["Lexmark International Inc."]
"FaxCenterServer" = ""C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s" [null data]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"LVCOMSX" = "C:\WINDOWS\System32\LVCOMSX.EXE" ["Logitech Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"BigDogPath" = "C:\WINDOWS\VM_STI.EXE Philips SPC210NC Webcam" ["BIGDOG"]
"nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"LXCGCATS" = "rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "AcroIEHlprObj Class"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Google Toolbar Helper"
                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
                   \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "E:\WinRAR\rarext.dll" [null data]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
  -> {HKLM...CLSID} = "AlcoholShellEx"
                   \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "E:\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "E:\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}"
  -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "E:\WinRAR\rarext.dll" [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Maciek\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Maciek" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\Maciek\Menu Start\Programy\Autostart
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Configuration & Monitor Utility" -> shortcut to: "C:\Program Files\WLAN\802.11 Wireless LAN\WlanMonitor.exe" ["ATMEL"]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"BlueSoleil" -> shortcut to: "E:\IVT Corporation\BlueSoleil\BlueSoleil.exe" ["IVT Corporation"]
"Kalendarz XP" -> shortcut to: "C:\Program Files\Kalendarz XP\Kalendarz.exe" [null data]
"TrayMin210.exe" -> shortcut to: "C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe" [empty string]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\System32\imon.dll ["Eset "], 01 - 05, 21
%SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 11 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
  -> {HKLM...CLSID} = "&Google"
                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
  -> {HKLM...CLSID} = "&Google"
                   \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in 1.6.0"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.6.0"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll" ["Sun Microsystems, Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

BlueSoleil Hid Service, BlueSoleil Hid Service, "E:\IVT Corporation\BlueSoleil\BTNtService.exe" [null data]
LightScribeService Direct Disc Labeling Service, LightScribeService, "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" ["Hewlett-Packard Company"]
Logitech Process Monitor, LVPrcSrv, "c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe" ["Logitech Inc."]
lxcg_device, lxcg_device, "C:\WINDOWS\System32\lxcgcoms.exe -service" [" "]
MioNet Service, MioNet, ""C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf"" [null data]
NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
2300 Series Port\Driver = "lxcglmpm.DLL" [" "]
Lexmark Print-2-Fax Port\Driver = "LXPRMON.DLL" [null data]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 669 seconds.
---------- (total run time: 4318 seconds)

[Dzi@dek]

Logi OK.