Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

Logi - Duże zużycie procesora

Rozpoczęty przez Piotrek20 , 28 08 2008 16:03

Temat jest zamknięty

1 odpowiedź w tym temacie

#1 Piotrek20

Zaawansowany użytkownik

556 postów

Napisano 28 08 2008 - 16:03

ComboFix 08-08-27.06 - Piotrek 2008-08-28 15:59:17.1 - [color="red"][b]FAT32[/b][/color]x86

Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.1508 [GMT 2:00]

Running from: C:\Documents and Settings\Piotrek\Pulpit\ComboFix.exe

 * Created a new restore point



[color="red"][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]

.



(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.



C:\WINDOWS\system32\setup.ini



.

(((((((((((((((((((((((((   Files Created from 2008-07-28 to 2008-08-28  )))))))))))))))))))))))))))))))

.



2008-08-28 15:54 . 2008-08-28 15:54	<DIR>	d--------	C:\Program Files\Trend Micro

2008-08-25 19:10 . 2008-08-25 19:10	<DIR>	d--hs----	C:\FOUND.001

2008-08-25 11:52 . 2008-08-25 11:52	<DIR>	d--------	C:\Program Files\<a href="http://www.download.net.pl/219/IrfanView/">IrfanView</a>

2008-08-24 22:43 . 2006-10-26 19:56	32,592	--a------	C:\WINDOWS\system32\msonpmon.dll

2008-08-24 22:42 . 2008-08-24 22:42	<DIR>	d--------	C:\Program Files\MSBuild

2008-08-24 22:42 . 2008-08-24 22:42	<DIR>	d--------	C:\Program Files\Microsoft.NET

2008-08-24 22:42 . 2008-08-24 22:42	<DIR>	d--------	C:\Program Files\Microsoft Works

2008-08-24 22:40 . 2008-08-24 22:40	<DIR>	d--------	C:\WINDOWS\SHELLNEW

2008-08-24 22:40 . 2008-08-24 22:40	<DIR>	d--------	C:\Program Files\Microsoft Visual Studio 8

2008-08-24 22:40 . 2008-08-24 22:40	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2008-08-24 22:39 . 2008-08-24 22:39	<DIR>	dr-h-----	C:\MSOCache

2008-08-24 21:36 . 2008-08-24 21:36	<DIR>	d--------	C:\Documents and Settings\Piotrek\Dane aplikacji\InstallShield

2008-08-24 20:48 . 2008-08-27 19:30	4,096	--a------	C:\WINDOWS\system32\crash

2008-08-24 20:46 . 2008-08-24 20:46	262,144	--a------	C:\WINDOWS\system32\wrap_oal.dll

2008-08-24 20:46 . 2008-08-24 20:46	86,016	--a------	C:\WINDOWS\system32\OpenAL32.dll

2008-08-24 20:45 . 2008-08-24 20:45	<DIR>	d--------	C:\WINDOWS\system32\Futuremark

2008-08-24 20:45 . 2008-08-24 20:45	<DIR>	d--------	C:\Program Files\Futuremark

2008-08-24 20:45 . 2007-08-20 10:05	27,672	-ra------	C:\WINDOWS\system32\drivers\Entech.sys

2008-08-24 20:45 . 2007-09-07 14:55	12,744	--a------	C:\WINDOWS\system32\drivers\Entech64.sys

2008-08-24 20:45 . 2007-09-07 14:55	6,173	--a------	C:\WINDOWS\system32\drivers\Entech.vxd

2008-08-24 20:45 . 2001-11-19 20:05	3,972	--a------	C:\WINDOWS\system32\drivers\PciBus.sys

2008-08-24 13:13 . 2008-08-24 13:13	<DIR>	d--------	C:\Documents and Settings\Piotrek\Dane aplikacji\HPAppData

2008-08-24 12:06 . 2008-08-24 12:06	<DIR>	d--------	C:\Program Files\SpeedFan

2008-08-23 22:34 . 2008-08-23 22:34	<DIR>	d--------	C:\Program Files\Gadu-Gadu

2008-08-23 21:39 . 2008-08-23 21:39	<DIR>	d--------	C:\Documents and Settings\Piotrek\Dane aplikacji\Dev-Cpp

2008-08-23 21:38 . 2008-08-23 21:39	<DIR>	d--------	C:\Dev-Cpp

2008-08-23 16:07 . 2008-08-23 16:07	<DIR>	d--------	C:\Documents and Settings\Piotrek\Dane aplikacji\Sports Interactive

2008-08-23 00:35 . 2008-08-23 00:38	49	--a------	C:\WINDOWS\NeroDigital.ini

2008-08-22 22:44 . 2008-08-22 22:44	<DIR>	d--hs----	C:\FOUND.000

2008-08-20 10:20 . 2008-08-20 10:20	<DIR>	d--------	C:\Program Files\7-Zip

2008-08-20 09:35 . 2008-08-20 09:35	<DIR>	d--------	C:\Program Files\BitComet

2008-08-20 03:00 . 2008-08-20 09:40	226	--a------	C:\WINDOWS\AWS.ini

2008-08-20 01:23 . 2008-08-20 01:23	<DIR>	d--------	C:\Program Files\SkaWit

2008-08-19 22:08 . 2008-08-19 22:08	<DIR>	d--------	C:\Program Files\Prime95

2008-08-19 19:22 . 2008-08-19 19:22	<DIR>	d--------	C:\Program Files\RivaTuner v2.09

2008-08-19 14:43 . 2008-08-19 14:43	<DIR>	d--------	C:\Program Files\Hamachi

2008-08-18 22:51 . 2008-08-18 22:51	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\WEBREG

2008-08-18 22:50 . 2008-08-18 22:50	<DIR>	d--------	C:\Documents and Settings\Piotrek\Dane aplikacji\HP

2008-08-18 22:50 . 2008-08-18 22:50	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Hewlett-Packard

2008-08-18 22:49 . 2007-03-15 15:32	118,272	--a------	C:\WINDOWS\system32\hpz3l5ha.dll

2008-08-18 22:49 . 2008-04-14 00:15	15,104	--a------	C:\WINDOWS\system32\drivers\usbscan.sys

2008-08-18 22:49 . 2008-04-14 00:15	15,104	--a------	C:\WINDOWS\system32\dllcache\usbscan.sys

2008-08-18 22:47 . 2008-08-18 22:47	<DIR>	d--------	C:\Program Files\Hewlett-Packard

2008-08-18 22:47 . 2008-08-18 22:47	<DIR>	d--------	C:\Program Files\Common Files\HP

2008-08-18 22:47 . 2008-08-18 22:47	<DIR>	d--------	C:\Program Files\Common Files\Hewlett-Packard

2008-08-18 22:47 . 2008-08-18 22:47	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\HP Product Assistant

2008-08-18 22:47 . 2008-08-18 22:47	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\HP

2008-08-18 22:47 . 2008-08-18 22:47	0	--a------	C:\WINDOWS\system32\YOYO

2008-08-18 22:46 . 2008-08-18 22:46	<DIR>	d--------	C:\Program Files\HP

2008-08-17 23:39 . 2008-08-17 23:39	<DIR>	d--------	C:\Program Files\MSXML 4.0

2008-08-17 22:24 . 2008-08-17 22:24	4,096	--a------	C:\WINDOWS\d3dx.dat

2008-08-16 10:28 . 2008-08-16 10:28	92	--a------	C:\WINDOWS\mp3wavcon.ini

2008-08-16 10:22 . 2008-08-16 10:22	<DIR>	d--------	C:\My Music

2008-08-16 10:13 . 2008-08-16 10:13	<DIR>	d--------	C:\Program Files\AudioToolsFactory

2008-08-16 10:13 . 2003-12-15 12:43	1,871,872	--a------	C:\WINDOWS\system32\NCTAudioFile2.dll

2008-08-16 10:13 . 2003-12-08 12:19	425,984	--a------	C:\WINDOWS\system32\NCTAudioTransform2.dll

2008-08-16 10:13 . 2002-01-05 14:37	344,064	--a------	C:\WINDOWS\system32\msvcr70.dll

2008-08-16 10:13 . 2003-08-07 14:01	237,568	--a------	C:\WINDOWS\system32\lame_enc.dll

2008-08-16 10:13 . 2003-12-15 12:24	196,608	--a------	C:\WINDOWS\system32\NCTWMAFile2.dll

2008-08-16 10:13 . 2003-12-08 12:49	116,304	--a------	C:\WINDOWS\system32\NCTWMAProfiles.prx

2008-08-16 10:13 . 2008-08-16 10:28	5	--a------	C:\WINDOWS\system32\SySmp3con.dat

2008-08-16 09:13 . 2008-08-16 09:13	<DIR>	d--------	C:\Documents and Settings\Piotrek\Dane aplikacji\Ahead

2008-08-16 08:56 . 2008-08-16 08:56	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Ahead

2008-08-16 08:55 . 2008-08-16 08:55	<DIR>	d--------	C:\Program Files\Nero

2008-08-16 08:55 . 2008-08-16 08:55	<DIR>	d--------	C:\Program Files\Common Files\Ahead

2008-08-16 08:55 . 2008-08-16 08:55	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Nero

2008-08-16 08:52 . 2008-08-16 08:52	54,156	--ah-----	C:\WINDOWS\QTFont.qfn

2008-08-16 08:52 . 2008-08-16 08:52	1,409	--a------	C:\WINDOWS\QTFont.for

2008-08-15 22:13 . 2008-08-15 22:13	<DIR>	d--------	C:\WINDOWS\system32\QuickTime

2008-08-15 22:13 . 2008-08-15 22:13	<DIR>	d--------	C:\Program Files\QuickTime

2008-08-15 22:13 . 1999-11-10 12:05	86,016	--a------	C:\WINDOWS\unvise32qt.exe

2008-08-15 22:12 . 2008-08-15 22:12	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\QuickTime

2008-08-15 18:30 . 2008-08-15 18:30	<DIR>	d--------	C:\Documents and Settings\Piotrek\Dane aplikacji\Hamachi

2008-08-15 18:29 . 2008-08-19 14:43	25,544	--a------	C:\WINDOWS\system32\drivers\hamachi.sys

2008-08-15 14:20 . 2008-04-14 21:45	2,977,792	---------	C:\WINDOWS\system32\dllcache\wmploc.dll

2008-08-15 14:18 . 2008-04-14 00:10	10,240	---------	C:\WINDOWS\system32\drivers\sffp_mmc.sys

2008-08-15 13:03 . 2008-04-14 00:17	25,856	--a------	C:\WINDOWS\system32\drivers\usbprint.sys

2008-08-15 13:02 . 2008-04-14 00:15	32,128	--a------	C:\WINDOWS\system32\drivers\usbccgp.sys

2008-08-14 23:37 . 2008-08-14 23:37	<DIR>	d--------	C:\mp3

2008-08-14 20:17 . 2008-04-11 21:06	691,712	---------	C:\WINDOWS\system32\dllcache\inetcomm.dll

2008-08-14 20:17 . 2008-05-01 16:37	331,776	---------	C:\WINDOWS\system32\dllcache\msadce.dll

2008-08-10 18:05 . 2008-08-10 18:05	<DIR>	d--------	C:\Program Files\DAEMON Tools Toolbar

2008-08-10 18:04 . 2008-08-10 18:04	<DIR>	d--------	C:\Program Files\DAEMON Tools Lite

2008-08-10 18:02 . 2008-08-10 18:02	<DIR>	d--------	C:\Documents and Settings\Piotrek\Dane aplikacji\DAEMON Tools

2008-08-10 17:54 . 2008-08-10 17:55	<DIR>	d--------	C:\Program Files\Dzielenie i laczenie plikow

2008-08-10 16:43 . 2008-08-10 17:46	23	--a------	C:\WINDOWS\BlendSettings.ini

2008-08-09 20:31 . 2005-05-26 15:34	2,297,552	--a------	C:\WINDOWS\system32\d3dx9_26.dll

2008-08-09 20:23 . 2008-08-10 18:02	717,296	--a------	C:\WINDOWS\system32\drivers\sptd.sys

2008-08-09 20:20 . 2008-08-09 20:20	<DIR>	d--------	C:\Program Files\foobar2000

2008-08-09 20:20 . 2008-08-09 20:21	<DIR>	d--------	C:\Documents and Settings\Piotrek\Dane aplikacji\foobar2000

2008-08-09 18:20 . 2008-08-09 18:20	<DIR>	d--------	C:\Program Files\SubEdit-Player

2008-08-09 18:19 . 2008-06-14 19:36	273,024	---------	C:\WINDOWS\system32\dllcache\bthport.sys

2008-08-09 18:17 . 2008-05-08 16:02	203,136	---------	C:\WINDOWS\system32\dllcache\rmcast.sys

2008-08-09 18:12 . 2008-08-09 18:12	<DIR>	d--h-----	C:\WINDOWS\$hf_mig$

2008-08-09 18:10 . 2008-08-09 18:10	<DIR>	d--------	C:\Program Files\K-Lite Codec Pack

2008-08-09 18:03 . 2008-08-09 18:03	<DIR>	d--------	C:\Program Files\Media Player Classic

2008-08-09 18:03 . 2008-08-09 18:03	<DIR>	d--------	C:\Documents and Settings\Piotrek\Dane aplikacji\Media Player Classic

2008-08-09 15:23 . 2008-08-09 15:23	<DIR>	d---s----	C:\Documents and Settings\Piotrek\UserData

2008-08-09 14:20 . 2008-08-09 14:20	<DIR>	d--------	C:\Program Files\SkanerOnline

2008-08-09 14:10 . 2008-08-09 14:10	<DIR>	d--h-----	C:\WINDOWS\system32\GroupPolicy

2008-08-07 21:02 . 2008-08-07 21:02	<DIR>	d--------	C:\Program Files\PowerISO

2008-08-07 17:37 . 2008-08-07 17:37	<DIR>	d--------	C:\Documents and Settings\Piotrek\Dane aplikacji\Gadu-Gadu

2008-08-07 17:35 . 2008-08-07 17:35	<DIR>	d--------	C:\Documents and Settings\Piotrek\Gadu-Gadu

2008-08-07 17:26 . 2008-08-07 17:26	<DIR>	d--------	C:\Documents and Settings\LocalService\Menu Start

2008-08-07 17:20 . 2008-08-07 17:20	<DIR>	d--------	C:\WINDOWS\ServicePackFiles

2008-08-07 17:17 . 2008-08-07 17:17	<DIR>	d--------	C:\WINDOWS\EHome

2008-08-07 16:50 . 2008-08-24 12:06	45	--a------	C:\WINDOWS\system32\initdebug.nfo

2008-08-07 16:00 . 2008-08-07 16:00	0	--a------	C:\WINDOWS\nsreg.dat

2008-08-07 15:48 . 2008-08-07 15:48	<DIR>	d--------	C:\Documents and Settings\Piotrek\Dane aplikacji\PCToolsFirewallPlus

2008-08-07 15:46 . 2008-08-07 15:46	<DIR>	d--------	C:\Program Files\PC Tools Firewall Plus

2008-08-07 15:46 . 2008-08-07 15:46	<DIR>	d--------	C:\Program Files\Common Files\PC Tools

2008-08-07 15:46 . 2008-07-28 11:29	160,792	--a------	C:\WINDOWS\system32\drivers\pctfw2.sys

2008-08-07 15:46 . 2008-07-17 16:53	93,952	--a------	C:\WINDOWS\system32\drivers\pctfw.sys

2008-08-07 15:46 . 2008-07-28 16:44	57,624	--a------	C:\WINDOWS\system32\drivers\FWAuthdriver.sys

2008-08-07 15:43 . 2008-08-07 15:43	<DIR>	d--------	C:\Program Files\Spyware Doctor

2008-08-07 15:43 . 2008-08-07 15:43	<DIR>	d--------	C:\Documents and Settings\Piotrek\Dane aplikacji\PC Tools

2008-08-07 15:43 . 2008-08-07 15:43	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-08-07 15:43 . 2008-06-10 21:22	81,288	--a------	C:\WINDOWS\system32\drivers\iksyssec.sys

2008-08-07 15:43 . 2008-06-02 15:19	66,952	--a------	C:\WINDOWS\system32\drivers\iksysflt.sys

2008-08-07 15:43 . 2008-06-02 15:19	42,376	--a------	C:\WINDOWS\system32\drivers\ikfilesec.sys

2008-08-07 15:43 . 2008-06-02 15:19	29,576	--a------	C:\WINDOWS\system32\drivers\kcom.sys

2008-08-07 15:41 . 2008-08-07 15:41	<DIR>	d--------	C:\Program Files\Google

2008-08-07 15:39 . 2008-08-07 15:39	<DIR>	d--hs----	C:\Recycled

2008-08-07 15:39 . 2008-08-07 15:39	<DIR>	d--------	C:\Program Files\Odkurzacz

2008-08-07 15:23 . 2008-08-07 15:23	<DIR>	d--------	C:\Program Files\Alwil Software



.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-08-07 14:46	15,600	----a-w	C:\WINDOWS\gdrv.sys

2008-08-07 12:56	---------	d-----w	C:\Program Files\ATI Technologies

2008-08-07 12:53	---------	d-----w	C:\Program Files\Kaspersky Lab

2008-08-07 12:53	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab

2008-08-07 12:48	315,392	----a-w	C:\WINDOWS\HideWin.exe

2008-08-07 12:48	---------	d--h--w	C:\Program Files\InstallShield Installation Information

2008-08-07 12:48	---------	d-----w	C:\Program Files\Realtek

2008-08-07 12:48	---------	d-----w	C:\Program Files\Common Files\InstallShield

2008-08-07 12:43	---------	d-----w	C:\Program Files\microsoft frontpage

2008-08-07 12:40	---------	d-----w	C:\Program Files\Usługi online

2008-07-25 08:34	81,920	----a-w	C:\WINDOWS\system32\dpl100.dll

2008-07-25 08:34	683,520	----a-w	C:\WINDOWS\system32\divx.dll

2008-07-23 16:50	3,596,288	----a-w	C:\WINDOWS\system32\qt-dx331.dll

2008-07-07 20:29	253,952	----a-w	C:\WINDOWS\system32\es.dll

2008-07-07 20:29	253,952	------w	C:\WINDOWS\system32\dllcache\es.dll

2008-07-07 07:40	56,108	----a-w	C:\WINDOWS\system32\drivers\scdemu.sys

2008-06-26 08:14	619,520	------w	C:\WINDOWS\system32\dllcache\urlmon.dll

2008-06-26 08:14	1,499,136	------w	C:\WINDOWS\system32\dllcache\shdocvw.dll

2008-06-24 16:46	74,240	----a-w	C:\WINDOWS\system32\mscms.dll

2008-06-24 16:46	74,240	------w	C:\WINDOWS\system32\dllcache\mscms.dll

2008-06-23 15:13	668,672	----a-w	C:\WINDOWS\system32\wininet.dll

2008-06-23 15:13	668,672	------w	C:\WINDOWS\system32\dllcache\wininet.dll

2008-06-23 15:13	3,088,384	------w	C:\WINDOWS\system32\dllcache\mshtml.dll

2008-06-20 17:48	246,784	----a-w	C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:48	246,784	------w	C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:48	147,968	------w	C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 11:51	361,600	------w	C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 11:40	138,496	------w	C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 11:08	225,856	------w	C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-12 18:36	7,680	----a-w	C:\WINDOWS\system32\ff_vfw.dll

.



(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360]

"Odkurzacz-MCD"="C:\Program Files\Odkurzacz\odk_mcd.exe" [2008-03-03 14:44 266240]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-07 15:42 171448]

"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 17:02 490952]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]

"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-07-29 08:42 2602904]

"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 09:35 167936]

"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-07-16 09:16 1166216]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-08-15 22:13 98304]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 15:55 1628208]

"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 15:55 1057328]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 21:17 49152]

"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31 80896]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 11:08 16342528 C:\WINDOWS\RTHDCPL.exe]

"AdslTaskBar"="stmctrl.dll" [2006-06-02 13:01 151552 C:\WINDOWS\system32\stmctrl.dll]



[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 22:51 15360]



C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 20:38:52 214360]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"VIDC.YV12"= yv12vfw.dll



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\BitComet\\BitComet.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"D:\\GRY\\EA Sports\\FIFA 08\\FIFA08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"21688:TCP"= 21688:TCP:BitComet 21688 TCP

"21688:UDP"= 21688:UDP:BitComet 21688 UDP

"27766:TCP"= 27766:TCP:BitComet 27766 TCP

"27766:UDP"= 27766:UDP:BitComet 27766 UDP

"8705:TCP"= 8705:TCP:BitComet 8705 TCP

"8705:UDP"= 8705:UDP:BitComet 8705 UDP

"27230:TCP"= 27230:TCP:BitComet 27230 TCP

"27230:UDP"= 27230:UDP:BitComet 27230 UDP



R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 11:29]

R3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-05-21 01:53]

R3 FWAuth;FWAuth Driver;C:\WINDOWS\System32\drivers\FWAuthDriver.sys [2008-07-28 16:44]

R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 16:51]

R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-05-25 17:28]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc



*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Piotrek\Dane aplikacji\Mozilla\Firefox\Profiles\2xjk5aj9.default\

.



**************************************************************************



catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]

Rootkit scan 2008-08-28 16:00:58

Windows 5.1.2600 Dodatek Service Pack 3 FAT NTAPI



scanning hidden processes ... 



scanning hidden autostart entries ...



scanning hidden files ... 



scan completed successfully

hidden files: 0



**************************************************************************

.

Completion time: 2008-08-28 16:01:37

ComboFix-quarantined-files.txt  2008-08-28 14:01:36



Pre-Run: 6,121,373,696 bajtów wolnych

Post-Run: 6,105,923,584 bajtów wolnych



262	--- E O F ---	2008-08-17 21:40:40

0

Do góry

#2 wncvirus

Leń !

851 postów

Napisano 28 08 2008 - 21:53

Wklej do notatnika:

C:\FOUND.001
C:\FOUND.000
C:\Recycled

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku --> Dołączona grafika

(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.

Po wykonaniu tego daj nowego loga.

0

Do góry

Wróć do Bezpieczeństwo (wirusy i trojany)

Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych

Logi - Duże zużycie procesora

#1 Piotrek20

#2 wncvirus

Użytkownicy przeglądający ten temat: 0

Zaloguj się