Skocz do zawartości


Zdjęcie

Logi - Uzycie procesora 100%

Rozpoczęty przez zylka_PL , 06 12 2008 15:15

  • Zamknięty Temat jest zamknięty
8 odpowiedzi w tym temacie

#1 zylka_PL

zylka_PL

    Początkujący

  • 25 postów

Napisano 06 12 2008 - 15:15

Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49:41, on 2008-12-06
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\autoclk.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Gadu-Gadu\gg.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Wyszukiwarka na pasku narzędzi AOL - C:\ProgramData\AOL\ieToolbar\resources\pl-PL\local\search.html
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix: 
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 10358 bytes

combofix

ComboFix 08-12-05.06 - żyłka 2008-12-06 14:00:16.1 - NTFSx86
Microsoft? Windows Vista? Home Premium   6.0.6001.1.1250.1.1045.18.1925 [GMT 1:00]
Uruchomiony z: c:\users\żyłka\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-11-06 do 2008-12-06  )))))))))))))))))))))))))))))))
.

2008-12-06 13:51 . 2008-12-06 13:51	6,736	--a------	c:\windows\System32\drivers\PROCEXP90.SYS
2008-12-06 13:48 . 2008-12-06 13:48	<DIR>	d--------	c:\program files\Trend Micro
2008-12-05 18:04 . 2008-12-05 20:13	<DIR>	d--------	c:\users\żyłka\.housecall6.6
2008-12-05 18:04 . 2008-12-05 20:13	<DIR>	d--------	c:\users\żyłka\.housecall6.6
2008-12-02 17:16 . 2008-12-02 18:01	<DIR>	d--------	c:\users\All Users\Spybot - Search & Destroy
2008-12-02 17:16 . 2008-12-02 18:01	<DIR>	d--------	c:\programdata\Spybot - Search & Destroy
2008-12-02 17:16 . 2008-12-02 17:17	<DIR>	d--------	c:\program files\Spybot - Search & Destroy
2008-11-30 10:03 . 2008-11-30 10:03	<DIR>	d--------	c:\users\żyłka\AppData\Roaming\PeerNetworking
2008-11-29 19:06 . 2008-11-29 19:06	<DIR>	d--------	c:\users\żyłka\AppData\Roaming\skypePM
2008-11-29 19:06 . 2008-11-29 19:06	56	--ah-----	c:\users\All Users\ezsidmv.dat
2008-11-29 19:06 . 2008-11-29 19:06	56	--ah-----	c:\programdata\ezsidmv.dat
2008-11-29 19:04 . 2008-11-29 20:11	<DIR>	d--------	c:\users\żyłka\AppData\Roaming\Skype
2008-11-29 19:03 . 2008-11-29 19:03	<DIR>	d--------	c:\users\All Users\Skype
2008-11-29 19:03 . 2008-11-29 19:03	<DIR>	d--------	c:\programdata\Skype
2008-11-29 19:03 . 2008-11-29 19:03	<DIR>	d--------	c:\program files\Skype
2008-11-29 19:03 . 2008-11-29 19:03	<DIR>	d--------	c:\program files\Common Files\Skype
2008-11-26 11:37 . 2008-10-22 04:57	241,152	--a------	c:\windows\System32\PortableDeviceApi.dll
2008-11-26 11:36 . 2008-10-21 06:25	1,645,568	--a------	c:\windows\System32\connect.dll
2008-11-26 11:36 . 2008-08-28 04:40	712,704	--a------	c:\windows\System32\WindowsCodecs.dll
2008-11-26 11:36 . 2008-08-28 04:40	425,472	--a------	c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 11:36 . 2008-08-28 04:40	347,136	--a------	c:\windows\System32\WindowsCodecsExt.dll
2008-11-24 18:02 . 2008-11-24 18:02	<DIR>	d--------	c:\program files\Bethesda Softworks
2008-11-24 17:59 . 2008-11-24 17:59	<DIR>	d--------	c:\windows\System32\xlive
2008-11-24 17:59 . 2007-03-12 16:42	3,495,784	--a------	c:\windows\System32\d3dx9_33.dll
2008-11-24 17:59 . 2007-03-12 16:42	1,123,696	--a------	c:\windows\System32\D3DCompiler_33.dll
2008-11-24 17:59 . 2007-03-15 16:57	443,752	--a------	c:\windows\System32\d3dx10_33.dll
2008-11-24 17:59 . 2007-04-04 18:53	81,768	--a------	c:\windows\System32\xinput1_3.dll
2008-11-21 10:14 . 2008-10-16 22:13	1,809,944	--a------	c:\windows\System32\wuaueng.dll
2008-11-21 10:14 . 2008-10-16 21:56	1,524,736	--a------	c:\windows\System32\wucltux.dll
2008-11-21 10:14 . 2008-10-16 22:12	561,688	--a------	c:\windows\System32\wuapi.dll
2008-11-21 10:14 . 2008-10-16 14:08	162,064	--a------	c:\windows\System32\wuwebv.dll
2008-11-21 10:14 . 2008-10-16 21:55	83,456	--a------	c:\windows\System32\wudriver.dll
2008-11-21 10:14 . 2008-10-16 22:09	51,224	--a------	c:\windows\System32\wuauclt.exe
2008-11-21 10:14 . 2008-10-16 22:09	43,544	--a------	c:\windows\System32\wups2.dll
2008-11-21 10:14 . 2008-10-16 22:08	34,328	--a------	c:\windows\System32\wups.dll
2008-11-21 10:14 . 2008-10-16 13:56	31,232	--a------	c:\windows\System32\wuapp.exe
2008-11-14 20:21 . 2008-11-14 20:24	<DIR>	d--------	c:\program files\bwin
2008-11-12 17:14 . 2008-09-10 04:40	1,334,272	--a------	c:\windows\System32\msxml6.dll
2008-11-12 17:14 . 2008-09-05 06:14	1,191,936	--a------	c:\windows\System32\msxml3.dll
2008-11-12 17:14 . 2008-08-27 02:05	212,480	--a------	c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 11:02 . 2008-11-11 11:02	<DIR>	d----c---	c:\windows\System32\DRVSTORE
2008-11-11 11:02 . 2008-11-11 11:02	<DIR>	d--------	c:\users\żyłka\AppData\Roaming\Apple Computer
2008-11-11 11:02 . 2008-04-17 13:12	107,368	--a------	c:\windows\System32\GEARAspi.dll
2008-11-11 11:02 . 2008-04-17 13:12	15,464	--a------	c:\windows\System32\drivers\GEARAspiWDM.sys
2008-11-11 11:01 . 2008-11-11 11:02	<DIR>	d--------	c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-11 11:01 . 2008-11-11 11:02	<DIR>	d--------	c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-11 11:01 . 2008-11-11 11:02	<DIR>	d--------	c:\program files\iTunes
2008-11-11 11:01 . 2008-11-11 11:01	<DIR>	d--------	c:\program files\iPod
2008-11-11 11:01 . 2008-11-11 11:01	<DIR>	d--------	c:\program files\Bonjour
2008-11-11 10:57 . 2008-11-11 11:01	<DIR>	d--------	c:\users\All Users\Apple Computer
2008-11-11 10:57 . 2008-11-11 11:01	<DIR>	d--------	c:\programdata\Apple Computer
2008-11-11 10:57 . 2008-11-11 10:58	<DIR>	d--------	c:\program files\QuickTime
2008-11-11 10:57 . 2008-11-11 11:00	<DIR>	d--------	c:\program files\Common Files\Apple
2008-11-08 19:13 . 2008-11-08 19:13	<DIR>	d--------	c:\users\żyłka\AppData\Roaming\Leadertech

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 13:10	1,835,008	--sha-w	c:\users\żyłka\ntuser.dat
2008-12-06 13:10	1,835,008	--sha-w	c:\users\żyłka\ntuser.dat
2008-12-06 13:07	69,837	----a-w	c:\users\All Users\nvModes.dat
2008-12-06 13:07	69,837	----a-w	c:\programdata\nvModes.dat
2008-12-04 17:01	---------	d-----w	c:\users\żyłka\AppData\Roaming\uTorrent
2008-11-30 09:05	---------	d-s---w	c:\users\żyłka\AppData\Roaming\Microsoft
2008-11-30 09:03	---------	d-----w	c:\users\żyłka\AppData\Roaming\PeerNetworking
2008-11-29 19:11	---------	d-----w	c:\users\żyłka\AppData\Roaming\Skype
2008-11-29 18:06	---------	d-----w	c:\users\żyłka\AppData\Roaming\skypePM
2008-11-27 19:42	---------	d-----w	c:\users\żyłka\AppData\Roaming\GanymedeNet
2008-11-27 19:42	---------	d-----w	c:\program files\Ganymede
2008-11-24 17:02	---------	d--h--w	c:\program files\InstallShield Installation Information
2008-11-22 13:38	---------	d-----w	c:\users\żyłka\AppData\Roaming\Hewlett-Packard
2008-11-15 13:16	---------	d-----w	c:\programdata\Hewlett-Packard
2008-11-11 10:02	---------	d-----w	c:\users\żyłka\AppData\Roaming\Apple Computer
2008-11-08 18:13	---------	d-----w	c:\users\żyłka\AppData\Roaming\Leadertech
2008-11-02 09:12	---------	d-----w	c:\program files\Common Files\Symantec Shared
2008-10-28 20:03	---------	d-----w	c:\program files\SopCast
2008-10-22 14:21	21,248	----a-w	c:\windows\Help\OEM\scripts\HPScript.exe
2008-10-20 14:08	---------	d-----w	c:\users\żyłka\AppData\Roaming\HP
2008-10-20 14:08	---------	d-----w	c:\users\żyłka\AppData\Roaming\CyberLink
2008-10-20 14:08	---------	d-----w	c:\programdata\HP
2008-10-20 14:08	---------	d-----w	c:\programdata\CyberLink
2008-10-19 21:18	---------	d-----w	c:\programdata\Microsoft Help
2008-10-18 17:11	---------	d-----w	c:\users\żyłka\AppData\Roaming\Sony
2008-10-18 17:11	---------	d-----w	c:\programdata\Sony
2008-10-18 09:33	---------	d-----w	c:\program files\Wanadoo
2008-10-17 14:05	---------	d-----w	c:\program files\Windows Mail
2008-10-07 12:35	---------	d-----w	c:\program files\DAEMON Tools Lite
2008-10-07 12:29	717,296	----a-w	c:\windows\system32\drivers\sptd.sys
2008-10-07 12:28	---------	d-----w	c:\users\żyłka\AppData\Roaming\DAEMON Tools
2008-10-06 09:51	20,224	----a-w	c:\windows\Help\OEM\scripts\HC_checkMUI.dll
2008-10-02 03:49	827,392	----a-w	c:\windows\System32\wininet.dll
2008-09-30 15:43	1,286,152	----a-w	c:\windows\System32\msxml4.dll
2008-09-18 05:09	3,601,464	----a-w	c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09	3,549,240	----a-w	c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56	147,456	----a-w	c:\windows\System32\Faultrep.dll
2008-09-18 04:56	125,952	----a-w	c:\windows\System32\wersvc.dll
2008-09-18 02:16	2,032,640	----a-w	c:\windows\System32\win32k.sys
2008-01-21 02:43	174	--sha-w	c:\program files\desktop.ini
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-03-12 699456]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"autoclk"="autoclk.exe" [2006-02-15 c:\windows\autoclk.exe]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-01-16 727592]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-09-04 839680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Users^żyłka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FIFA 09 Registration.lnk]
path=c:\users\żyłka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 09 Registration.lnk
backup=c:\windows\pss\FIFA 09 Registration.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^żyłka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Need for Speed? Undercover Registration.lnk]
path=c:\users\żyłka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Need for Speed? Undercover Registration.lnk
backup=c:\windows\pss\Need for Speed? Undercover Registration.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 10:09 63712 c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-05-11 12:06 40048 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
--a------ 2007-11-01 17:42 554288 c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
--a------ 2008-03-14 07:45 202032 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2008-04-23 22:51 468264 c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--------- 2008-02-20 16:20 360448 c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
--------- 2007-12-24 14:55 222504 c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\<a href="http://www.download.net.pl/1/Winamp/">Winamp</a>Agent]
--a------ 2008-08-04 00:02 36352 c:\program files\<a href="http://www.download.net.pl/1/Winamp/">Winamp</a>\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-21 03:25 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B00963C1-F048-44E8-ACB7-591E236A93E9}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{D70C15CA-F10F-440B-ACAC-2712E92C30EF}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{23F0B9C6-1CD8-41B5-98B8-91AE124A1294}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{84637E1B-79AA-4715-BD9D-3B49CF38BE60}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{F49311FD-8D06-4918-BA7C-ECE422DD0E56}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{44192C5B-6B10-40DB-8FF9-9FED8BDF083B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B53C828A-4A29-4736-B2B9-D42123EE2BAA}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
"{3679E99B-79C2-4DBE-B615-34BC590FD45E}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1
"{F3230630-2E9C-494E-B443-782C7DA3E04C}"= UDP:c:\program files\uTorrent\uTorrent.exe:?Torrent (TCP-In)
"{DA9517DF-01B2-4F70-99A2-B60F5AE08EC3}"= TCP:c:\program files\uTorrent\uTorrent.exe:?Torrent (UDP-In)
"{5415A989-4805-4EC2-BA39-8BC023CE8658}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1A5DA3AA-813B-48B6-957E-4CAE428BC48D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FB965F56-37BE-489F-BAB7-EA377F928074}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6178B050-E8F5-49EA-A4B2-A69B6166F9AB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{AE49037D-0C4D-477F-A64F-93BC470D3BC1}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081029.003\IDSvix86.sys [2008-10-30 270384]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};\??\c:\program files\HP\QuickPlay\[u]0[/u]00.fcl [2008-07-02 23:07:45 39408]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe [2008-08-12 73728]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
R2 LiveUpdate Notice;LiveUpdate Notice;"c:\program files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [2008-02-07 149352]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-07-02 341328]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248]
R3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-24 52736]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-04 99376]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
R3 NETw5v32;Sterownik karty Intel? Wireless WiFi Link dla systemu Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-12 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-23 43552]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys [2008-01-13 23888]
S3 Com4QLBEx;Com4QLBEx;"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" [2008-07-02 193840]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\DRIVERS\s3017bus.sys [2008-09-08 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s3017mdfl.sys [2008-09-08 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s3017mdm.sys [2008-09-08 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s3017mgmt.sys [2008-09-08 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\DRIVERS\s3017nd5.sys [2008-09-08 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s3017obex.sys [2008-09-08 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\DRIVERS\s3017unic.sys [2008-09-08 110120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d59a9680-946b-11dd-a767-00218674df9b}]
\shell\AutoRun\command - F:\Autorun.exe

*Newly Created Service* - COMHOST
.
Zawartość folderu 'Zaplanowane zadania'

2008-11-29 c:\windows\Tasks\HPCeeScheduleForżyłka.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-04-15 14:14]

2008-12-01 c:\windows\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - żyłka.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 13:05]

2008-12-05 c:\windows\Tasks\User_Feed_Synchronization-{27E148ED-BBC9-4113-A407-67A246E5A258}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 03:24]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &Wyszukiwarka na pasku narzędzi AOL - c:\programdata\AOL\ieToolbar\resources\pl-PL\local\search.html
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FireFox -: Profile - c:\users\żyłka\AppData\Roaming\Mozilla\Firefox\Profiles\okghs44q.default\
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2008-12-06 14:09:22
Windows 6.0.6001 Service Pack 1 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 


c:\windows\TEMP\TMP0000004517E1239091C0E038 524288 bytes

skanowanie pomyślnie ukończone
ukryte pliki: 1

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(660)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(5696)
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Czas ukończenia: 2008-12-06 14:14:43 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2008-12-06 13:14:13

Przed: 106 890 739 712 bajtów wolnych
Po: 107,446,226,944 bajtów wolnych

309	--- E O F ---	2008-12-05 10:02:05

dziekuje

  • 0

#2 Macsch15

Macsch15

    Profesjonalista

  • 3 705 postów

Napisano 06 12 2008 - 15:23

w hijacku

C:\Windows\autoclk.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O8 - Extra context menu item: &Wyszukiwarka na pasku narzędzi AOL - C:\ProgramData\AOL\ieToolbar\resources\pl-PL\local\search.html


te powyższe wpisy "sfiksuj"
>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked.

  • 0

#3 zylka_PL

zylka_PL

    Początkujący

  • 25 postów

Napisano 06 12 2008 - 15:41

sfiksowalem, jednakze ten pierwszy wpis nadal pozostaje, po wykonaniu nastepnego skanu
plik w c:\windows\autoclk.exe tez skasowac?
  • 0

#4 Macsch15

Macsch15

    Profesjonalista

  • 3 705 postów

Napisano 06 12 2008 - 16:05

usuń go ręcznie
  • 0

#5 zylka_PL

zylka_PL

    Początkujący

  • 25 postów

Napisano 06 12 2008 - 18:22

mam Viste i pisze mi ze musze miec uprawnienia zeby usunac ten plik...
  • 0

#6 Macsch15

Macsch15

    Profesjonalista

  • 3 705 postów

Napisano 06 12 2008 - 18:46

to go usuń unlockerem
http://dobreprogramy.pl/index.php?dz=2&...;Unlocker+1.8.7
  • 0

#7 zylka_PL

zylka_PL

    Początkujący

  • 25 postów

Napisano 06 12 2008 - 21:36

dalej to samo, zuzycie procesora CPU 100%
  • 0

#8 Macsch15

Macsch15

    Profesjonalista

  • 3 705 postów

Napisano 06 12 2008 - 21:40

powodów może być dużo
poczytaj trochę tematów
http://www.google.pl/search?hl=pl&q=zu...+Google&lr=
  • 0

#9 zylka_PL

zylka_PL

    Początkujący

  • 25 postów

Napisano 06 12 2008 - 21:43

dziekuje bardzo...

  • 0
Wróć do Bezpieczeństwo (wirusy i trojany)


Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych

  1. Forum Komputerowe Tweaks.pl
  2. Oprogramowanie
  3. Bezpieczeństwo (wirusy i trojany)
  4. Polityka prywatności
  5. Szukaj
  6. Regulamin Forum ·