usuwanie rootkita bagle (flec006. exe) - prośba o spr. loga
Uprzejma prośba o sprawdzenie Loga z HJT
Prośba o przeanalizowanie loga z otl
Prośba o sprawdzenie konfiguracji komputera
Prośba o wycenę zestawu PC
Prośba o ocenę stanu silnika...
Prosba o pomoc z odpalaniem puga
prosba do posiadaczy turbo diesli
Log HiJackThis 28.11.09
Co powiecie o budowie w OZORKOWIE toru do uprawiania 4 cross
chomiki
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:25:53, on 2010-02-25
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\SysOp\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Usługa bramy warstwy aplikacji (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 7432 bytes
Czysto. Dla pewności podaj log z OTL.
Otwórz menedżer zadań - CTRL+SHIFT+ESC. Przejdź do zakładki PROCESY. Które zajmują najwięcej mocy procesora lub pamięci? Masz dużo aplikacji w autostarcie.
najwiecej pozera mi svchost cmdagent
a poniżej skan z otl
OTL logfile created on: 2010-02-25 15:01:16 - Run 1
OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\SysOp\Moje dokumenty\Downloads
Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
502,00 Mb Total Physical Memory | 108,00 Mb Available Physical Memory | 22,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 10,74 Gb Total Space | 1,24 Gb Free Space | 11,56% Space Free | Partition Type: NTFS
Drive D: | 26,51 Gb Total Space | 13,82 Gb Free Space | 52,11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: COA12
Current User Name: SysOp
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010-02-25 15:01:06 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SysOp\Moje dokumenty\Downloads\OTL.exe
PRC - [2010-02-25 14:17:27 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
PRC - [2010-02-05 19:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
PRC - [2010-02-02 12:08:31 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010-02-02 12:08:23 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009-10-11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-10-11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-09-12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2009-09-12 00:34:00 | 002,524,416 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodtray.exe
PRC - [2009-08-31 17:07:34 | 011,391,592 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe
PRC - [2009-08-31 15:56:26 | 000,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
PRC - [2008-12-31 18:03:17 | 001,553,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-01-05 20:35:36 | 000,618,557 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006-01-05 20:27:12 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2005-11-17 10:27:56 | 015,600,128 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2005-09-27 11:41:56 | 000,569,413 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2005-09-27 11:37:48 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005-09-27 11:37:20 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005-09-27 11:34:42 | 000,389,189 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005-09-27 11:30:00 | 000,536,649 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005-09-27 11:28:12 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005-09-27 11:27:34 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005-07-19 10:10:06 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2005-07-19 10:06:12 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2005-01-08 06:17:16 | 000,102,491 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005-01-08 06:16:04 | 000,692,315 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
========== Modules (SafeList) ==========
MOD - [2010-02-25 15:01:06 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SysOp\Moje dokumenty\Downloads\OTL.exe
MOD - [2010-02-02 12:08:54 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2005-01-08 06:17:08 | 000,069,723 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (ALG)
SRV - [2010-02-02 12:08:23 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009-10-11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-09-12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2006-01-05 20:27:12 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005-09-27 11:30:00 | 000,536,649 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2005-09-27 11:28:12 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2005-09-27 11:27:34 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
========== Driver Services (SafeList) ==========
DRV - [2010-02-02 12:08:54 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010-02-02 12:08:53 | 000,134,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010-02-02 12:08:53 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009-10-19 13:25:17 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-10-19 12:12:42 | 000,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2009-04-28 21:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009-01-18 16:19:10 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\porttalk.sys -- (PortTalk)
DRV - [2008-12-31 17:40:38 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)
DRV - [2008-12-31 17:40:28 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2008-04-13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
DRV - [2008-04-13 20:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008-04-13 20:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006-01-05 20:11:24 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006-01-05 20:09:38 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006-01-05 20:08:20 | 000,850,282 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006-01-05 20:05:48 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006-01-05 20:02:08 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005-11-17 14:45:40 | 004,069,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005-09-30 10:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005-09-27 12:01:12 | 000,013,440 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005-09-12 09:49:44 | 003,298,432 | ---- | M] (Intelź Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Sterownik karty Intel(R)
DRV - [2005-07-19 10:34:22 | 001,049,180 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005-01-08 06:03:42 | 000,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2001-08-17 23:49:56 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\SysOp\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (cr1t1cal)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-10-19 11:17:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010-02-25 14:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-02-25 13:57:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\SysOp\Recent
[2010-02-24 21:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Pulpit\cs config
[2010-02-24 20:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Pulpit\scripts
[2010-02-24 20:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Pulpit\resource
[2010-02-24 15:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010-02-24 13:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\GMABooster
[2010-01-28 15:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2009-10-19 11:19:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[2009-10-19 11:19:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-10-19 11:17:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-10-19 11:17:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[3 C:\WINDOWS\*.tmp files C:\WINDOWS\*.tmp ]
[1 C:\WINDOWS\System32\*.tmp files C:\WINDOWS\System32\*.tmp ]
========== Files - Modified Within 30 Days ==========
[2010-02-25 15:02:04 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1965331169-1177238915-1001UA.job
[2010-02-25 14:17:28 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\HijackThis.lnk
[2010-02-25 13:50:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-02-25 13:49:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-02-25 13:49:43 | 000,127,705 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010-02-25 13:48:52 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\SysOp\NTUSER.DAT
[2010-02-25 13:48:52 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\SysOp\ntuser.ini
[2010-02-25 13:48:25 | 005,004,800 | -H-- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-02-25 13:40:52 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010-02-24 20:26:20 | 000,003,184 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\config.cfg
[2010-02-24 20:08:23 | 000,000,555 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\userconfig.cfg
[2010-02-24 15:24:34 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Game Booster.lnk
[2010-02-24 13:07:58 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\GMABooster.lnk
[2010-02-23 21:52:38 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Counter-Strike Source.lnk
[2010-02-23 17:42:00 | 1362,167,406 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\CSS_FULL_Oct-15-07_DiGiTALZonE_2FINISH.exe
[2010-02-23 12:24:25 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-02-22 19:02:23 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1965331169-1177238915-1001Core.job
[2010-02-22 14:28:07 | 000,057,856 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\CV-Grzegorz Pazik.doc
[2010-02-12 22:36:08 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\CS.lnk
[2010-02-12 17:02:58 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Google Chrome.lnk
[2010-02-02 12:08:54 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2010-02-02 12:08:54 | 000,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2010-02-02 12:08:53 | 000,134,344 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2010-02-02 12:08:53 | 000,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2010-01-30 21:30:41 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\*.tmp files C:\WINDOWS\*.tmp ]
[1 C:\WINDOWS\System32\*.tmp files C:\WINDOWS\System32\*.tmp ]
========== Files Created - No Company Name ==========
[2010-02-25 14:17:28 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\HijackThis.lnk
[2010-02-24 20:26:50 | 000,003,184 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\config.cfg
[2010-02-24 20:26:48 | 000,000,555 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\userconfig.cfg
[2010-02-24 15:24:34 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Game Booster.lnk
[2010-02-24 13:07:58 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\GMABooster.lnk
[2010-02-23 21:17:55 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\Counter-Strike Source.lnk
[2010-02-23 21:06:05 | 1362,167,406 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\CSS_FULL_Oct-15-07_DiGiTALZonE_2FINISH.exe
[2010-02-12 22:21:00 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\CS.lnk
[2010-01-28 15:17:29 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2009-10-23 00:05:01 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-10-19 21:56:05 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2009-10-19 13:25:17 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-10-19 12:53:57 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009-10-19 12:07:51 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006-01-05 20:21:18 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005-10-14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005-10-14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005-10-14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005-10-14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005-10-14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005-10-14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005-10-14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005-10-14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005-02-17 10:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005-02-17 10:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001-11-14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
< End of report >
[ Dodano: 2010-02-25, 15:06 ]
najwiecej pozera mi svchost cmdagent
Ten drugi to proces od Comodo, przeinstaluj go i sprawdź, czy dalej muli.
Przeskanuj plik: C:\WINDOWS\System32\sysdm.cpl na http://www.virustotal.com/pl/ i podaj wyniki
Usuniemy trochę zbędników z autostartu.
Wklej do notatnika:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"Adobe Reader Speed Launcher"=-
"Alcmtr"=-
"igfxhkcmd"=-
"igfxpers"=-
"igfxtray"=-
"RTHDCPL"=-
"SunJavaUpdateSched"=-
Plik Zapisz jako Ustaw rozszerzenie z TXT na Wszystkie pliki zapisz pod nazwą FIX.REG uruchom utworzony plik i potwierdź
co do COMODO to już załatwilem problem cmdagent ciagle jest jednak jednak prawie wcale nie obciąza kompa,
wpisałem w rejestr
reszta bez zmian:/
skan z C:\WINDOWS\System32\sysdm.cpl na http://www.virustotal.com/pl/
Antywirus Wersja Ostatnia aktualizacja Wynik
AhnLab-V3 5.0.0.2 2009.05.09 -
AntiVir 7.9.0.166 2009.05.08 -
Antiy-AVL 2.0.3.1 2009.05.08 -
Authentium 5.1.2.4 2009.05.09 -
Avast 4.8.1335.0 2009.05.09 -
AVG 8.5.0.327 2009.05.10 -
BitDefender 7.2 2009.05.10 -
CAT-QuickHeal 10.00 2009.05.09 -
ClamAV 0.94.1 2009.05.10 -
Comodo 1156 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.10 -
eSafe 7.0.17.0 2009.05.07 -
eTrust-Vet 31.6.6497 2009.05.08 -
F-Prot 4.4.4.56 2009.05.09 -
F-Secure 8.0.14470.0 2009.05.09 -
Fortinet 3.117.0.0 2009.05.10 -
GData 19 2009.05.10 -
Ikarus T3.1.1.49.0 2009.05.10 -
K7AntiVirus 7.10.729 2009.05.08 -
Kaspersky 7.0.0.125 2009.05.10 -
McAfee 5610 2009.05.09 -
McAfee+Artemis 5610 2009.05.09 -
McAfee-GW-Edition 6.7.6 2009.05.10 -
Microsoft 1.4602 2009.05.10 -
NOD32 4063 2009.05.08 -
Norman 2009.05.08 -
nProtect 2009.1.8.0 2009.05.10 -
Panda 10.0.0.14 2009.05.10 -
PCTools 4.4.2.0 2009.05.07 -
Rising 21.28.62.00 2009.05.10 -
Sophos 4.41.0 2009.05.10 -
Sunbelt 3.2.1858.2 2009.05.09 -
Symantec 1.4.4.12 2009.05.10 -
TheHacker 6.3.4.1.324 2009.05.09 -
TrendMicro 8.950.0.1092 2009.05.08 -
VBA32 3.12.10.4 2009.05.09 -
ViRobot 2009.5.9.1727 2009.05.09 -
VirusBuster 4.6.5.0 2009.05.09 -
Dodatkowe informacje
File size: 609280 bytes
MD5 : 95851342bb7e29e7d7ee438a651dae8b
SHA1 : 4aa61f400e9494f58e9e548e3bfcb530e6fd52f4
SHA256: c48a05a820f340b5f8b66ba0be0d0296b98eb358480a98a018a80e9e30c52641
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x38B6
timedatestamp.....: 0x41109767 (Wed Aug 4 09:59:35 2004)
machinetype.......: 0x14C (Intel I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1C6EB 0x1C800 6.42 701d35c55a484d2eddb8357d2fff6050
.data 0x1E000 0x6F10 0x1400 3.06 bec9fe0369810a58ab3f54392256ed15
.rsrc 0x25000 0x749E4 0x74A00 6.95 1a1d6a3452ddfa77613b256826c27dc6
.reloc 0x9A000 0x1FF4 0x2000 6.15 2843324fd6a3fb9224729968bc53fda1
( 19 imports )
> advapi32.dll: OpenProcessToken, RegSaveKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegLoadKeyW, RegUnLoadKeyW, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, RegOpenKeyExW, RegCloseKey, RegSetKeySecurity, RegCreateKeyW, RegOpenKeyW, RegEnumKeyW, RegGetKeySecurity, RegSetValueExW, RegEnumValueW, RegEnumKeyExW, RegDeleteKeyW, RegQueryValueExW, RegQueryInfoKeyW, RegDeleteValueW, RegCreateKeyExW, InitializeAcl, AddAccessAllowedAce, GetAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, GetLengthSid, CopySid, LookupAccountSidW, OpenSCManagerW, OpenServiceW, QueryServiceStatus, CloseServiceHandle, ChangeServiceConfigW, StartServiceW, GetUserNameW, RegFlushKey
> comctl32.dll: CreatePropertySheetPageW, -, -, PropertySheetW, -, -, -, -, InitCommonControlsEx, -
> comdlg32.dll: GetOpenFileNameW
> gdi32.dll: GetDeviceCaps, SelectObject, DeleteObject, CreateFontIndirectW, GetTextExtentPointW, GetObjectW
> imagehlp.dll: UnMapAndLoad, MapAndLoad
> imm32.dll: ImmAssociateContext
> kernel32.dll: SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetTempPathW, GetTempFileNameW, CopyFileW, FileTimeToLocalFileTime, FileTimeToSystemTime, GetDateFormatW, GetFileAttributesExW, GlobalUnlock, SetLastError, LoadLibraryExW, GetACP, GetSystemDefaultLangID, _lopen, _llseek, _lread, _lclose, SetFileAttributesA, _lcreat, _lwrite, GetFullPathNameW, GetWindowsDirectoryW, lstrcpynW, WritePrivateProfileStringW, WideCharToMultiByte, WritePrivateProfileSectionA, GetSystemDirectoryW, GetPrivateProfileStringW, GetPrivateProfileIntW, GetPrivateProfileSectionA, DeleteCriticalSection, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapFree, GetProcessHeap, HeapAlloc, GlobalLock, LoadLibraryExA, FreeLibrary, LoadLibraryW, lstrcmpW, CloseHandle, LocalFree, LocalReAlloc, LocalAlloc, GetCurrentProcess, lstrlenW, FindClose, FindNextFileW, DeleteFileW, RemoveDirectoryW, lstrcmpiW, SetFileAttributesW, GetLastError, FindFirstFileW, SetCurrentDirectoryW, GetCurrentDirectoryW, GlobalFree, GlobalReAlloc, GlobalAlloc, lstrcpyW, CreateDirectoryW, GetVolumeInformationW, GetProcAddress, lstrcatW, FormatMessageW, LocalLock, LocalUnlock, LocalHandle, CreateMutexW, GetVersionExW, DeviceIoControl, CreateFileW, GetDriveTypeW, QueryDosDeviceW, GetDiskFreeSpaceW, GetSystemInfo, GetFileAttributesW, GlobalMemoryStatusEx, GetLogicalDrives, GetEnvironmentVariableW, ExpandEnvironmentStringsW, lstrlenA, lstrcatA, MultiByteToWideChar
> msvcrt.dll: toupper, isalpha, wcstoul, wcscpy, _ultow, wcslen, iswctype, wcspbrk, _ftol, _vsnwprintf, ceil, wcsncpy, _vsnprintf, _wcsicmp, strchr, _snwprintf, wcsncmp, _wtoi, wcsstr, wcscat, __3@YAXPAX@Z, __CxxFrameHandler, tolower, _except_handler3, _wcsnicmp, __2@YAPAXI@Z
> ntdll.dll: RtlFreeUnicodeString, RtlInitUnicodeString, RtlCopySid, NtQueryInformationToken, RtlConvertSidToUnicodeString, RtlAdjustPrivilege, RtlGetNtProductType, NtQuerySystemInformation, NtCreatePagingFile, RtlGetSetBootStatusData, RtlLockBootStatusData, RtlUnlockBootStatusData, NtSetSystemInformation, NtClose, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, RtlLengthSid
> ole32.dll: CoInitialize, CoCreateInstance, ReleaseStgMedium, CoInitializeSecurity, CoUninitialize
> oleaut32.dll: -, -, -
> rpcrt4.dll: UuidToStringW, RpcStringFreeW, UuidCreate
> setupapi.dll: pSetupDoesUserHavePrivilege, pSetupIsUserAdmin
> shell32.dll: SHBrowseForFolderW, SHGetPathFromIDListW, -, ShellExecuteExW, -, ExtractIconW, -, -, -, -, -, -, -
> shlwapi.dll: StrCmpIW, StrFormatByteSizeW, PathFileExistsW, -, StrCatBuffW, SHRegGetUSValueW, SHRegSetUSValueW, -, StrToIntExW, AssocQueryStringW, SHGetValueW, wnsprintfW, StrCpyNW, SHRegGetBoolUSValueW
> user32.dll: GetDlgItemTextW, SetWindowLongW, SetDlgItemTextW, GetFocus, SetFocus, EnableWindow, wsprintfW, GetWindowLongW, WinHelpW, DialogBoxParamW, SendDlgItemMessageW, DestroyIcon, EndDialog, GetSystemMetrics, ShowCursor, LoadCursorW, SetCursor, GetDlgItem, GetDC, ReleaseDC, wvsprintfW, SendMessageW, MessageBoxW, RegisterWindowMessageW, LoadStringW, CheckDlgButton, CheckRadioButton, IsDlgButtonChecked, PostMessageW, GetParent, GetDlgItemInt, SetDlgItemInt, CharUpperW, MapDialogRect, SendMessageTimeoutW, GetClientRect, MessageBeep, IsWindowEnabled, SetWindowTextW, GetKeyboardType, SendMessageA, CharLowerW, SetTimer, SetWindowPos, MapWindowPoints, GetWindowRect, ShowWindow, LoadImageW, RegisterClipboardFormatW, ScreenToClient, GetWindowTextLengthW, LoadIconW, GetMessagePos
> userenv.dll: -, DeleteProfileW
> usp10.dll: ScriptIsComplex
> version.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
( 1 exports )
> CPlApplet, EnableExecuteProtectionSupportW, ModifyExecuteProtectionSupportW, NoExecuteAddFileOptOutList, NoExecuteAddFileOptOutListW, NoExecuteProcessExceptionW, NoExecuteRemoveFileOptOutList, NoExecuteRemoveFileOptOutListW
TrID : File type identification
Win 9x/ME Control Panel applet (43.5%)
Win32 Executable Generic (23.9%)
Win32 Dynamic Link Library (generic) (21.2%)
Generic Win/DOS Executable (5.6%)
DOS Executable Generic (5.6%)
ssdeep: 12288:UDi59ecky9QjNriYsz0Pwo8/14agyAWu3n439NelO:UD2Aby9QBGYsz0Pwo8/14agyAW
PEiD : -
RDS : NSRL Reference Data Set
-
[ Dodano: 2010-02-25, 16:14 ]
Hmm, dorzuć jeszcze log z GMER
Otwórz msconfig, wejdź do zakładki USŁUGI, ukryj wszystkie Microsoftu i napisz, co się wyświetla. Ewentualnie przejdź do services.msc i sprawdź, czy widzisz jakieś nieznane usługi (to też nie jest takie proste do wykrycia, gdy usługa działa jako składnik innej).
Spróbuj wyłączyć na chwilę Comodo, także usługi powiązane z tym programem. Jeśli svchost dalej będzie pokazywał 100%, może to wskazywać na ukrytą infekcję.
z msconfiga:
usługa udostępniania w sieci programu windows media player
3 procesy z intela
O&O defrag
java Quick starter
windows card space
usługa bramy warstwy aplikacji
no i ciągle comodo choc zamknąłem go na 30 sposobów:/
a teraz najbardziej zamula mi chyba GMER nawet raz mi sie niebieski ekran ukazał na lapku:/
[ Dodano: 2010-02-25, 18:09 ]
a teraz najbardziej zamula mi chyba GMER
Pracuje, więc to normalne. Czekamy na log.
a co do svchost to ciagle wystepuje i to na 5pozycjach
Taka ilość procesów svchost.exe jest normalna.
no i ciągle comodo choc zamknąłem go na 30 sposobów:/
Skoro nadal zamula to go całkiem odinstaluj.
z GMER'a
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-25 18:10:14
Windows 5.1.2600 Dodatek Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\SysOp\USTAWI~1\Temp\kgtdqpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xAAADDBDA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xAAADD1B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xAAADD840]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xAAADE35A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xAAADD09A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xAAADF06A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xAAADF302]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xAAADCC60]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xAAADDFC4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xAAADE174]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xAAADCA92]
SSDT splm.sys ZwEnumerateKey [0xF8292CA4]
SSDT splm.sys ZwEnumerateValueKey [0xF8293032]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xAAADECEC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xAAADD43C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xAAADDA1C]
SSDT splm.sys ZwOpenKey [0xF82740C0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xAAADC7C2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xAAADD6CC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xAAADC93A]
SSDT splm.sys ZwQueryKey [0xF829310A]
SSDT splm.sys ZwQueryValueKey [0xF8292F8A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xAAADE720]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xAAADF648]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xAAADEA88]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xAAADDDC0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xAAADEE9A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)
[ Dodano: 2010-02-25, 18:14 ]
Wrzuć to na stronę http://wklej.to/, a w poście podaj tylko link.
sory ale już drugi raz wywalilo mi błąd, niebieskie tlo i komunikat ze mam przejsc na tryb awaryjny ,
jak zrobiilem to
Usuniemy trochę zbędników z autostartu.
Wklej do notatnika:
Kod:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=-
"Adobe Reader Speed Launcher"=-
"Alcmtr"=-
"igfxhkcmd"=-
"igfxpers"=-
"igfxtray"=-
"RTHDCPL"=-
"SunJavaUpdateSched"=-
Plik Zapisz jako Ustaw rozszerzenie z TXT na Wszystkie pliki zapisz pod nazwą FIX.REG uruchom utworzony plik i potwierdź
no i od tamtej pory wyskakuje mi problem
[ Dodano: 2010-02-25, 19:09 ]
To pewnie wina Gmera. Zastosuj się do tego http://www.searchengines....unce&f=99&id=20 i spróbuj wtedy zrobić log z Gmer.
