logi: Generic Host Process, + dzwiek + net

**fi_dell** · 06-30-2008

Bardzo proszę o psprawdzenie logów i rady.

Oto opis problemu:

W kilka minut do kilkudziesięciu minut po włączeniu kompa pojawia się komunikat: Generic host Process for Win32. Bywały też problemy ze zniknięciem netu oraz dzwiękiem po pojawieniu się komunikatu o błędzie.

Zainstalowałem łatki do XPka, ściągnąłem firewalla, poblokowałem porty - nadal to samo. Nawet format dysku nie pomógł - co prawda pozostała partycja D: bez formatu, ale sprawdzałem ją nodem, ad-awarem oraz szczepionką symanteca na wirusa [blaster czy coś], który był podejrzewany o powodowanie tego błędu.

Jak zapewne widzicie sprawa jest dość skomplikowana.

A oto logi:

Kod:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:43, on 08-06-30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\system\wupdmgr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = &#163;&#185;cza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 4623 bytes

**fi_dell** · 06-30-2008

ComboFix cz.1

Kod:

ComboFix 08-06-20.4 - Gosia 2008-06-30 14:30:34.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1250.1.1045.18.528 [GMT 2:00]
Running from: C:\Documents and Settings\Gosia\Pulpit\ComboFix.exe
 * Created a new restore point
 * Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\system32\Desktop_.ini
C:\WINDOWS\system32\mdm.exe
D:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CreateProcess
-------\Service_CreateProcess


(((((((((((((((((((((((((   Files Created from 2008-05-28 to 2008-06-30  )))))))))))))))))))))))))))))))
.

2008-06-30 11:26 . 2008-06-30 11:26	<DIR>	d--------	C:\Program Files\Sygate
2008-06-30 11:26 . 2004-10-15 18:32	83,096	--a------	C:\WINDOWS\system32\SSSensor.dll
2008-06-30 11:26 . 2004-10-15 18:17	60,496	--a------	C:\WINDOWS\system32\drivers\Teefer.sys
2008-06-30 11:26 . 2004-10-15 18:18	21,075	--a------	C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-06-30 11:26 . 2004-10-15 18:32	14,568	--a------	C:\WINDOWS\system32\drivers\wg6n.sys
2008-06-30 11:26 . 2004-10-15 18:32	14,568	--a------	C:\WINDOWS\system32\drivers\wg5n.sys
2008-06-30 11:26 . 2004-10-15 18:32	14,568	--a------	C:\WINDOWS\system32\drivers\wg4n.sys
2008-06-30 11:26 . 2004-10-15 18:32	14,568	--a------	C:\WINDOWS\system32\drivers\wg3n.sys
2008-06-30 10:44 . 2008-06-30 10:44	<DIR>	d--------	C:\Program Files\Trend Micro
2008-06-30 10:29 . 2008-06-30 10:29	<DIR>	d--------	C:\Program Files\MSXML 4.0
2008-06-30 10:13 . 2008-04-23 09:20	6,066,176	-----c---	C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-30 10:13 . 2007-04-17 11:32	2,455,488	-----c---	C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-30 10:13 . 2007-03-08 07:11	1,036,288	-----c---	C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-30 10:13 . 2008-04-23 09:20	459,264	-----c---	C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-30 10:13 . 2008-04-23 09:20	383,488	-----c---	C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-30 10:13 . 2008-04-23 09:20	267,776	-----c---	C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-30 10:13 . 2008-04-23 09:20	63,488	-----c---	C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-30 10:13 . 2008-04-23 09:20	52,224	-----c---	C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-30 10:13 . 2008-04-22 09:39	13,824	-----c---	C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-29 12:21 . 2008-06-29 12:47	<DIR>	d--------	C:\Program Files\IrfanView
2008-06-29 12:12 . 2008-06-29 16:42	69	--a------	C:\WINDOWS\NeroDigital.ini
2008-06-29 12:06 . 2008-06-29 12:06	<DIR>	d--------	C:\Program Files\eMule
2008-06-29 11:53 . 2008-06-29 11:53	<DIR>	d--------	C:\Program Files\Gadu-Gadu
2008-06-29 11:53 . 2008-06-29 11:54	<DIR>	d--------	C:\Documents and Settings\Gosia\Gadu-Gadu
2008-06-29 11:08 . 2004-08-04 00:44	159,232	--a------	C:\WINDOWS\system32\ptpusd.dll
2008-06-29 11:08 . 2004-08-03 22:58	15,104	--a------	C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-29 11:08 . 2004-08-03 22:58	15,104	--a--c---	C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-29 11:08 . 2001-10-26 17:29	5,632	--a------	C:\WINDOWS\system32\ptpusb.dll
2008-06-29 11:05 . 2008-06-29 11:05	<DIR>	d--------	C:\Program Files\Common Files\Adobe
2008-06-29 10:51 . 2008-06-29 10:51	<DIR>	d--------	C:\Program Files\Lavasoft
2008-06-29 10:51 . 2008-06-29 10:53	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-06-29 10:50 . 2008-06-30 11:26	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard
2008-06-29 10:49 . 2008-06-29 10:49	<DIR>	d--------	C:\Documents and Settings\Gosia\Dane aplikacji\Nero
2008-06-29 10:39 . 2008-06-29 10:39	<DIR>	d--------	C:\Program Files\Nero
2008-06-29 10:39 . 2008-06-29 10:41	<DIR>	d--------	C:\Program Files\Common Files\Nero
2008-06-29 10:39 . 2008-06-29 10:39	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-06-29 09:57 . 2008-06-29 09:57	<DIR>	d--------	C:\Acer
2008-06-29 09:57 . 2004-09-01 23:57	221,258	--a------	C:\WINDOWS\system32\Epm-Po.dll
2008-06-29 09:57 . 2005-04-07 18:08	78,208	--a------	C:\WINDOWS\system32\drivers\epm-shd.sys
2008-06-29 09:57 . 2004-07-19 13:10	4,096	--a------	C:\WINDOWS\system32\drivers\epm-psd.sys
2008-06-29 03:53 . 2008-06-30 10:32	<DIR>	d--------	C:\WINDOWS\system32\pl-pl
2008-06-29 03:28 . 2008-06-29 03:28	427	--a------	C:\WINDOWS\ODBC.INI
2008-06-29 03:28 . 2008-06-29 03:28	63	--a------	C:\WINDOWS\mdm.ini
2008-06-29 03:26 . 2008-06-29 03:26	<DIR>	d--------	C:\WINDOWS\ShellNew
2008-06-29 03:25 . 2008-06-29 03:25	<DIR>	d--------	C:\WINDOWS\Twain32
2008-06-29 03:25 . 2008-06-29 03:25	<DIR>	d--------	C:\Documents and Settings\Gosia\Dane aplikacji\Microsoft Web Folders
2008-06-29 03:18 . 2008-06-29 03:18	<DIR>	d--------	C:\WINDOWS\NOWPA
2008-06-29 03:12 . 2008-03-03 14:25	5,702	--ah-----	C:\WINDOWS\nod32restoretemdono.reg
2008-06-29 03:12 . 2008-03-03 18:21	568	--ah-----	C:\WINDOWS\nod32fixtemdono.reg
2008-06-29 03:09 . 2008-06-29 03:09	<DIR>	d--------	C:\Program Files\ESET
2008-06-29 03:09 . 2008-06-29 03:09	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-06-29 03:02 . 2008-06-29 03:02	940,794	--a------	C:\WINDOWS\system32\LoopyMusic.wav
2008-06-29 03:02 . 2008-06-29 03:02	146,650	--a------	C:\WINDOWS\system32\BuzzingBee.wav
2008-06-29 02:56 . 2006-06-14 11:00	82,944	--a------	C:\WINDOWS\system32\drivers\wdmaud.sys
2008-06-29 02:56 . 2006-06-14 11:00	82,944	--a--c---	C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-06-29 02:56 . 2004-08-03 23:07	52,864	--a------	C:\WINDOWS\system32\drivers\DMusic.sys
2008-06-29 02:56 . 2004-08-03 23:07	52,864	--a--c---	C:\WINDOWS\system32\dllcache\dmusic.sys
2008-06-29 02:56 . 2006-06-14 10:47	6,400	--a------	C:\WINDOWS\system32\drivers\splitter.sys
2008-06-29 02:56 . 2006-06-14 10:47	6,400	--a--c---	C:\WINDOWS\system32\dllcache\splitter.sys
2008-06-29 02:38 . 2008-06-14 20:01	273,024	---------	C:\WINDOWS\system32\drivers\bthport.sys
2008-06-29 02:38 . 2008-06-14 20:01	273,024	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-29 02:26 . 2005-05-03 18:43	69,632	--a------	C:\WINDOWS\Alcmtr.exe
2008-06-29 02:25 . 2008-06-29 02:25	<DIR>	d--------	C:\WINDOWS\system32\URTTemp
2008-06-29 02:19 . 2008-06-30 11:40	17	--a------	C:\WINDOWS\system\win32out.dll
2008-06-29 02:19 . 2008-06-30 11:40	0	--a------	C:\WINDOWS\system\win32in.dll
2008-06-29 02:16 . 2008-06-30 10:31	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$
2008-06-29 02:07 . 2004-08-04 00:44	77,312	--a------	C:\WINDOWS\system32\usbui.dll
2008-06-29 02:07 . 2004-08-04 00:44	77,312	--a--c---	C:\WINDOWS\system32\dllcache\usbui.dll
2008-06-29 02:07 . 2004-08-04 02:35	58,624	--a------	C:\WINDOWS\system32\drivers\redbook.sys
2008-06-29 02:07 . 2004-08-04 01:07	14,080	--a------	C:\WINDOWS\system32\drivers\CmBatt.sys
2008-06-29 02:07 . 2001-08-17 23:57	14,080	--a------	C:\WINDOWS\system32\drivers\battc.sys
2008-06-29 02:07 . 2001-08-17 23:58	9,344	--a------	C:\WINDOWS\system32\drivers\compbatt.sys
2008-06-29 02:07 . 2004-08-04 01:07	8,832	--a------	C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-06-29 02:07 . 2001-08-17 23:59	3,072	--a------	C:\WINDOWS\system32\drivers\audstub.sys
2008-06-29 02:05 . 2004-08-04 13:00	13,463,552	--a--c---	C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-29 02:04 . 2008-06-29 02:04	<DIR>	dr-h-----	C:\Documents and Settings\Default User\Ustawienia lokalne
2008-06-29 02:04 . 2008-06-29 02:04	<DIR>	d--------	C:\Documents and Settings\Default User\Ulubione
2008-06-29 02:04 . 2008-06-29 00:13	<DIR>	d--h-----	C:\Documents and Settings\Default User\Szablony
2008-06-29 02:04 . 2008-06-29 02:04	<DIR>	d--------	C:\Documents and Settings\Default User\Pulpit
2008-06-29 02:04 . 2008-06-29 02:04	<DIR>	d--------	C:\Documents and Settings\Default User\Moje dokumenty
2008-06-29 02:04 . 2008-06-29 02:04	<DIR>	dr-------	C:\Documents and Settings\Default User\Menu Start
2008-06-29 02:04 . 2008-06-29 02:04	<DIR>	d--------	C:\Documents and Settings\All Users\Ulubione
2008-06-29 02:04 . 2008-06-29 02:04	<DIR>	d--h-----	C:\Documents and Settings\All Users\Szablony
2008-06-29 02:04 . 2008-06-29 12:48	<DIR>	d--------	C:\Documents and Settings\All Users\Pulpit
2008-06-29 02:04 . 2008-06-29 03:28	<DIR>	dr-------	C:\Documents and Settings\All Users\Menu Start
2008-06-29 02:04 . 2008-06-29 00:14	<DIR>	dr-------	C:\Documents and Settings\All Users\Dokumenty
2008-06-29 02:04 . 2004-08-04 13:00	1,896,400	--a--c---	C:\WINDOWS\system32\dllcache\NT5.CAT
2008-06-29 02:03 . 2008-06-30 11:13	<DIR>	d--------	C:\WINDOWS\system32\CatRoot2
2008-06-29 02:03 . 2008-06-30 11:13	<DIR>	d--------	C:\WINDOWS\system32\CatRoot
2008-06-29 02:03 . 2008-06-29 02:04	<DIR>	dr-h-----	C:\Documents and Settings\Default User\Dane aplikacji
2008-06-29 02:03 . 2008-06-29 00:16	<DIR>	d--h-----	C:\Documents and Settings\Default User
2008-06-29 02:03 . 2008-06-29 11:05	<DIR>	dr-h-----	C:\Documents and Settings\All Users\Dane aplikacji
2008-06-29 02:03 . 2008-06-29 00:16	<DIR>	d--------	C:\Documents and Settings\All Users
2008-06-29 02:03 . 2008-06-29 00:24	<DIR>	d--------	C:\Documents and Settings
2008-06-29 02:02 . 2008-06-29 00:18	287	--a------	C:\WINDOWS\system32\$winnt$.inf
2008-06-10 18:56 . 2008-06-10 18:56	34,312	--a------	C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-06-10 18:48 . 2008-06-10 18:48	53,256	--a------	C:\WINDOWS\system32\drivers\easdrv.sys
2008-06-10 18:47 . 2008-06-10 18:47	39,944	--a------	C:\WINDOWS\system32\drivers\eamon.sys
2008-05-16 11:58 . 2008-05-16 11:58	12,632	--a------	C:\WINDOWS\system32\lsdelete.exe

**fi_dell** · 06-30-2008

ComboFix cz. 2

Kod:

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 07:57	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-06-29 01:25	---------	d-----w	C:\Program Files\microsoft frontpage
2008-06-28 23:40	---------	d-----w	C:\Program Files\Launch Manager
2008-06-28 22:53	---------	d-----w	C:\Program Files\Atheros
2008-06-28 22:52	---------	d-----w	C:\Documents and Settings\Gosia\Dane aplikacji\InstallShield
2008-06-28 22:52	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Atheros
2008-06-28 22:43	315,392	----a-w	C:\WINDOWS\HideWin.exe
2008-06-28 22:43	---------	d-----w	C:\Program Files\Realtek
2008-06-28 22:43	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-06-28 22:35	---------	d-----w	C:\Program Files\Intel
2008-06-28 22:15	---------	d-----w	C:\Program Files\Us&#179;ugi online
2008-05-08 12:28	202,752	----a-w	C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-29 09:20	15,648	----a-w	C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19	15,648	----a-w	C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19	12,960	----a-w	C:\WINDOWS\system32\drivers\Awrtpd.sys
2007-11-05 21:37	129,368	--shatr	C:\WINDOWS\system32\Panel sterowania.{21EC2020-3AEA-1069-A2DD-08002B30309D}\winlogon.dll
.

------- Sigcheck -------

2008-06-29 03:32  504832  033dfd0b69af3fbc60138c0ac5c75042	C:\WINDOWS\system32\winlogon.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 13:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 13:00 455168]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-08-24 11:01 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-08-24 11:01 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-08-24 11:00 131072]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-07-16 13:51 768520]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 11:57 16855552 C:\WINDOWS\RTHDCPL.exe]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-08-11 19:21 200704]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-15 10:03 2893824]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-07 18:08]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2004-08-04 13:00]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-30 14:34:07
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\DOCUME~1\Gosia\USTAWI~1\temp\RtkBtMnt.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-30 14:35:48 - machine was rebooted
ComboFix-quarantined-files.txt  2008-06-30 12:35:44

Pre-Run: 43,678,720,000 bajtów wolnych
Post-Run: 44,714,016,768 bajt&#162;w wolnych

214	--- E O F ---	2008-06-30 08:32:19

Czekam niecierpliwie na rady. Komp mi jest niezbędny do pisania pracy magisterskiej, dlatego błagam o pomoc.

[/code]

**rip** · 06-30-2008

wwdc na pendrive -> reinstalka -> uruchom wwdc -> polacz sie z netem

koniecznie w takiej kolejnosci.

**fi_dell** · 06-30-2008

Ok, dzieki wielkie. Brzmi obiecujaco.

Czyli nic nie zsotawiac tez na d:\ ? Formatowac nie tylko partycje systemowa ale wszystko?

**rip** · 06-30-2008

Formatowac nie tylko partycje systemowa ale wszystko?

nie musisz formatowac partycji, poprostu zainstaluj na niej system na nowo...

a d to zostaw, wir nie zainfekowal execow.

Temat: logi: Generic Host Process, + dzwiek + net

Narzędzia wątku

Display

logi: Generic Host Process, + dzwiek + net

Podobne wątki

process explorer vs hooks

Logi hijack

hijack logi

logi hijackthis

Logi

Zasady Postowania

Subskrybuj