Freezy RSIT

[lolux]

witam umieszaczam scan z loga poniewaz mam scinki i zwiechy przy uzytkowaniu neta a dostawca jest ok

Logfile of random's system information tool 1.06 (written by random/random)
Run by mariusz at 2009-11-21 22:23:08
Microsoft Windows XP Professional Dodatek Service Pack 3
System drive C: has 968 MB (5%) free of 20 GB
Total RAM: 3583 MB (75% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
Yahoo! Companion BHO - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll [2005-04-22 328275]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-11-11 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
ZoneAlarm Spy Blocker BHO - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2009-11-17 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Companion - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll [2005-04-22 328275]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - ZoneAlarm Spy Blocker - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2009-11-17 262144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-19 61440]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-11-20 208616]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RGSC"=E:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2009-10-19 306088]
"ares"=D:\Program Files\Ares\Ares.exe [2009-11-19 882176]

C:\Documents and Settings\mariusz\Menu Start\Programy\Autostart
GIGABYTE Gamer HUD Lite.lnk - C:\Program Files\GIGABYTE\Gamer HUD Lite\HUD.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-09-11 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-11-11 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="E:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"E:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="E:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"D:\Program Files\Ares\Ares.exe"="D:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"D:\Program Files\Nowe Gadu-Gadu\gg.exe"="D:\Program Files\Nowe Gadu-Gadu\gg.exe:*:Enabled:Nowe Gadu-Gadu"
"E:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="E:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-11-21 22:23:08 ----D---- C:\Program Files\trend micro
2009-11-21 22:23:07 ----D---- C:\rsit
2009-11-19 22:10:47 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2009-11-19 21:53:17 ----D---- C:\WINDOWS\temp
2009-11-19 21:48:48 ----D---- C:\ComboFix
2009-11-19 19:22:01 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2009-11-19 18:12:26 ----RASHD---- C:\cmdcons
2009-11-19 18:10:47 ----A---- C:\WINDOWS\zip.exe
2009-11-19 18:10:47 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-19 18:10:47 ----A---- C:\WINDOWS\SWSC.exe
2009-11-19 18:10:47 ----A---- C:\WINDOWS\SWREG.exe
2009-11-19 18:10:47 ----A---- C:\WINDOWS\sed.exe
2009-11-19 18:10:47 ----A---- C:\WINDOWS\PEV.exe
2009-11-19 18:10:47 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-19 18:10:47 ----A---- C:\WINDOWS\MBR.exe
2009-11-19 18:10:47 ----A---- C:\WINDOWS\grep.exe
2009-11-19 18:10:43 ----D---- C:\WINDOWS\ERDNT
2009-11-19 18:10:22 ----D---- C:\Qoobox
2009-11-19 17:59:15 ----A---- C:\WINDOWS\system32\RootkitReveal.txt
2009-11-17 20:15:59 ----D---- C:\Program Files\ZoneAlarmSB
2009-11-17 20:15:17 ----D---- C:\WINDOWS\system32\ZoneLabs
2009-11-17 20:15:17 ----A---- C:\WINDOWS\system32\zpeng24.dll
2009-11-17 19:44:41 ----D---- C:\WINDOWS\system32\appmgmt
2009-11-16 15:53:50 ----D---- C:\Documents and Settings\mariusz\Dane aplikacji\Tibia
2009-11-15 22:01:00 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\MailFrontier
2009-11-15 22:00:52 ----A---- C:\WINDOWS\system32\SpOrder.dll
2009-11-15 22:00:09 ----D---- C:\WINDOWS\Internet Logs
2009-11-15 20:08:42 ----A---- C:\WINDOWS\c.txt
2009-11-07 19:20:55 ----D---- C:\Documents and Settings\mariusz\Dane aplikacji\ipla
2009-11-07 19:20:55 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\ipla
2009-11-07 19:20:47 ----A---- C:\WINDOWS\system32\Msvcr71.dll
2009-11-07 19:20:47 ----A---- C:\WINDOWS\system32\mfc71.dll
2009-11-07 19:20:47 ----A---- C:\WINDOWS\system32\gdiplus.dll
2009-10-31 20:53:07 ----D---- C:\Documents and Settings\mariusz\Dane aplikacji\Ventrilo
2009-10-27 19:17:11 ----D---- C:\Documents and Settings\mariusz\Dane aplikacji\OpenFM
2009-10-27 16:25:14 ----D---- C:\WINDOWS\Minidump
2009-10-27 16:08:28 ----D---- C:\Documents and Settings\mariusz\Dane aplikacji\teamspeak2
2009-10-27 12:47:49 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-10-27 12:47:49 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-10-27 12:47:49 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-10-27 12:47:49 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-10-27 12:47:49 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-10-27 12:47:49 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-10-27 12:47:49 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-10-27 12:47:49 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-10-27 12:47:49 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-10-27 12:47:49 ----N---- C:\WINDOWS\system32\px.dll
2009-10-27 12:47:48 ----D---- C:\Documents and Settings\mariusz\Dane aplikacji\Winamp
2009-10-25 19:21:22 ----D---- C:\Documents and Settings\mariusz\Dane aplikacji\skypePM
2009-10-25 19:17:16 ----D---- C:\Documents and Settings\mariusz\Dane aplikacji\Skype
2009-10-25 19:16:18 ----D---- C:\Program Files\Common Files\Skype
2009-10-25 19:16:17 ----RD---- C:\Program Files\Skype
2009-10-25 19:16:14 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Skype

======List of files/folders modified in the last 1 months======

2009-11-21 22:23:08 ----D---- C:\Program Files
2009-11-21 20:58:26 ----D---- C:\Program Files\Mozilla Firefox
2009-11-21 20:57:27 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2009-11-21 18:02:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-20 20:47:34 ----D---- C:\WINDOWS
2009-11-20 20:45:02 ----SHD---- C:\WINDOWS\Installer
2009-11-20 20:45:00 ----HD---- C:\WINDOWS\inf
2009-11-20 20:44:57 ----D---- C:\WINDOWS\system32\drivers
2009-11-20 20:44:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-20 20:44:57 ----D---- C:\WINDOWS\system32
2009-11-20 20:26:22 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-20 16:10:19 ----R---- C:\WINDOWS\SoundMan.exe
2009-11-20 16:10:19 ----R---- C:\WINDOWS\SkyTel.exe
2009-11-20 16:09:15 ----R---- C:\WINDOWS\RtlUpd.exe
2009-11-20 16:09:15 ----R---- C:\WINDOWS\RTLCPL.exe
2009-11-20 16:09:13 ----R---- C:\WINDOWS\MicCal.exe
2009-11-20 16:09:12 ----R---- C:\WINDOWS\alcwzrd.exe
2009-11-20 16:09:12 ----A---- C:\WINDOWS\HideWin.exe
2009-11-19 22:32:03 ----SD---- C:\WINDOWS\Tasks
2009-11-19 22:13:26 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-19 22:11:29 ----D---- C:\Program Files\Kaspersky Lab
2009-11-19 21:59:29 ----A---- C:\WINDOWS\system.ini
2009-11-19 21:53:25 ----D---- C:\WINDOWS\system32\config
2009-11-19 21:52:33 ----D---- C:\WINDOWS\AppPatch
2009-11-19 21:52:32 ----D---- C:\Program Files\Common Files
2009-11-19 21:49:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-19 19:21:59 ----D---- C:\WINDOWS\WinSxS
2009-11-19 18:53:18 ----D---- C:\WINDOWS\Prefetch
2009-11-19 18:12:29 ----RASH---- C:\boot.ini
2009-11-17 19:44:41 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-15 15:11:01 ----RSD---- C:\WINDOWS\Fonts
2009-11-11 19:04:54 ----D---- C:\WINDOWS\system32\Restore
2009-11-04 14:56:43 ----SHD---- C:\System Volume Information
2009-11-01 12:00:54 ----D---- C:\RECYCLER
2009-10-31 21:01:33 ----SD---- C:\Documents and Settings\mariusz\Dane aplikacji\Microsoft
2009-10-31 18:43:00 ----D---- C:\Documents and Settings\All Users\Dane aplikacji\OpenFM
2009-10-27 12:32:56 ----D---- C:\WINDOWS\Help
2009-10-26 13:13:58 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-10-25 19:54:27 ----D---- C:\Documents and Settings\mariusz\Dane aplikacji\Nowe Gadu-Gadu
2009-10-25 13:09:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Sterownik procesora AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-11-20 226832]
R1 SbFw;SbFw; C:\WINDOWS\system32\drivers\SbFw.sys [2008-10-31 270888]
R1 sbhips;Sunbelt HIPS Driver; C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 66600]
R1 Tcpip6;Sterownik protokołu IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-04-13 225664]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-09-11 3331072]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
R3 HDAudBus;Sterownik magistrali Microsoft UAA dla High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport; C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 65576]
R3 tunmp;Sterownik karty Microsoft Tun Miniport; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Sterownik Miniport rozszerzonego kontrolera hosta USB 2.0 Microsoft; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Koncentrator z obsługą USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Sterownik Miniport otwartego kontrolera hosta USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 catchme;catchme; \??\C:\DOCUME~1\mariusz\USTAWI~1\Temp\catchme.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-05-23 29696]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Usługa Pomocnik IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-09-11 581632]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-11-20 208616]
R2 SbPF.Launcher;SbPF.Launcher; D:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SimpTcp;Usługi Simple TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-26 19456]
R2 SPF4;Sunbelt Personal Firewall 4; D:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-09-10 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;Serwer wydruku TCP/IP; C:\WINDOWS\system32\tcpsvcs.exe [2001-10-26 19456]
S3 p2pgasvc;Uwierzytelnianie grup sieci równorzędnej; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Menedżer tożsamości sieci równorzędnej; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Sieć równorzędna; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Protokół PNRP (Peer Name Resolution Protocol); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[mateo8898]

Po pierwsze log nie jest kompletny, a po drugie dopiero co miałeś problemy z Confickerem, lecz sprawa nie jest do końca jasna, bo nie podałeś w tamtym wątku logu z usuwania, więc zapodaj log z Combofixa

[lolux]

zapodalem a log jest kompletny