ďťż
chomiki usuwanie rootkita bagle (flec006. exe) - prośba o spr. loga Uprzejma prośba o sprawdzenie Loga z HJT Prośba o przeanalizowanie loga z otl Prośba o sprawdzenie konfiguracji komputera Prośba o wycenę zestawu PC Prośba o ocenę stanu silnika... Prosba o pomoc z odpalaniem puga prosba do posiadaczy turbo diesli Log HiJackThis 28.11.09 Co powiecie o budowie w OZORKOWIE toru do uprawiania 4 cross |
chomikiLogfile of Trend Micro HijackThis v2.0.2Scan saved at 14:25:53, on 2010-02-25 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\OO Software\Defrag\oodag.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\OO Software\Defrag\oodtray.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\SysOp\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O23 - Service: Usługa bramy warstwy aplikacji (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 7432 bytes Czysto. Dla pewności podaj log z OTL. Otwórz menedżer zadań - CTRL+SHIFT+ESC. Przejdź do zakładki PROCESY. Które zajmują najwięcej mocy procesora lub pamięci? Masz dużo aplikacji w autostarcie. najwiecej pozera mi svchost cmdagent a poniżej skan z otl OTL logfile created on: 2010-02-25 15:01:16 - Run 1 OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\SysOp\Moje dokumenty\Downloads Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 502,00 Mb Total Physical Memory | 108,00 Mb Available Physical Memory | 22,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 48,00% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 10,74 Gb Total Space | 1,24 Gb Free Space | 11,56% Space Free | Partition Type: NTFS Drive D: | 26,51 Gb Total Space | 13,82 Gb Free Space | 52,11% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: COA12 Current User Name: SysOp Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010-02-25 15:01:06 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SysOp\Moje dokumenty\Downloads\OTL.exe PRC - [2010-02-25 14:17:27 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe PRC - [2010-02-05 19:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2010-02-02 12:08:31 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe PRC - [2010-02-02 12:08:23 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2009-10-11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009-10-11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009-09-12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe PRC - [2009-09-12 00:34:00 | 002,524,416 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodtray.exe PRC - [2009-08-31 17:07:34 | 011,391,592 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe PRC - [2009-08-31 15:56:26 | 000,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe PRC - [2008-12-31 18:03:17 | 001,553,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006-01-05 20:35:36 | 000,618,557 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2006-01-05 20:27:12 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe PRC - [2005-11-17 10:27:56 | 015,600,128 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe PRC - [2005-09-27 11:41:56 | 000,569,413 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe PRC - [2005-09-27 11:37:48 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2005-09-27 11:37:20 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2005-09-27 11:34:42 | 000,389,189 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2005-09-27 11:30:00 | 000,536,649 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe PRC - [2005-09-27 11:28:12 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe PRC - [2005-09-27 11:27:34 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe PRC - [2005-07-19 10:10:06 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe PRC - [2005-07-19 10:06:12 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2005-01-08 06:17:16 | 000,102,491 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe PRC - [2005-01-08 06:16:04 | 000,692,315 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ========== Modules (SafeList) ========== MOD - [2010-02-25 15:01:06 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SysOp\Moje dokumenty\Downloads\OTL.exe MOD - [2010-02-02 12:08:54 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll MOD - [2005-01-08 06:17:08 | 000,069,723 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (ALG) SRV - [2010-02-02 12:08:23 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2009-10-11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009-09-12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag) SRV - [2006-01-05 20:27:12 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins) SRV - [2005-09-27 11:30:00 | 000,536,649 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R) SRV - [2005-09-27 11:28:12 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2005-09-27 11:27:34 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R) ========== Driver Services (SafeList) ========== DRV - [2010-02-02 12:08:54 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect) DRV - [2010-02-02 12:08:53 | 000,134,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard) DRV - [2010-02-02 12:08:53 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp) DRV - [2009-10-19 13:25:17 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2009-10-19 12:12:42 | 000,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x) DRV - [2009-04-28 21:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20) DRV - [2009-01-18 16:19:10 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\porttalk.sys -- (PortTalk) DRV - [2008-12-31 17:40:38 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112) DRV - [2008-12-31 17:40:28 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HdAudio.sys -- (HdAudAddService) DRV - [2008-04-13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C) DRV - [2008-04-13 20:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv) DRV - [2008-04-13 20:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2006-01-05 20:11:24 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2006-01-05 20:09:38 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL) DRV - [2006-01-05 20:08:20 | 000,850,282 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2006-01-05 20:05:48 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2006-01-05 20:02:08 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2005-11-17 14:45:40 | 004,069,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005-09-30 10:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2005-09-27 12:01:12 | 000,013,440 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2005-09-12 09:49:44 | 003,298,432 | ---- | M] (Intelź Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Sterownik karty Intel(R) DRV - [2005-07-19 10:34:22 | 001,049,180 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm) DRV - [2005-01-08 06:03:42 | 000,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP) DRV - [2001-08-17 23:49:56 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\SysOp\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation) O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAShCut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1 O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (cr1t1cal) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009-10-19 11:17:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH) O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010-02-25 14:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2010-02-25 13:57:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\SysOp\Recent [2010-02-24 21:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Pulpit\cs config [2010-02-24 20:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Pulpit\scripts [2010-02-24 20:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Pulpit\resource [2010-02-24 15:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\IObit [2010-02-24 13:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\GMABooster [2010-01-28 15:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF [2009-10-19 11:19:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft [2009-10-19 11:19:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft [2009-10-19 11:17:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft [2009-10-19 11:17:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft [3 C:\WINDOWS\*.tmp files C:\WINDOWS\*.tmp ] [1 C:\WINDOWS\System32\*.tmp files C:\WINDOWS\System32\*.tmp ] ========== Files - Modified Within 30 Days ========== [2010-02-25 15:02:04 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1965331169-1177238915-1001UA.job [2010-02-25 14:17:28 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\HijackThis.lnk [2010-02-25 13:50:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010-02-25 13:49:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010-02-25 13:49:43 | 000,127,705 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor [2010-02-25 13:48:52 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\SysOp\NTUSER.DAT [2010-02-25 13:48:52 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\SysOp\ntuser.ini [2010-02-25 13:48:25 | 005,004,800 | -H-- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\IconCache.db [2010-02-25 13:40:52 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat [2010-02-24 20:26:20 | 000,003,184 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\config.cfg [2010-02-24 20:08:23 | 000,000,555 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\userconfig.cfg [2010-02-24 15:24:34 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Game Booster.lnk [2010-02-24 13:07:58 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\GMABooster.lnk [2010-02-23 21:52:38 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Counter-Strike Source.lnk [2010-02-23 17:42:00 | 1362,167,406 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\CSS_FULL_Oct-15-07_DiGiTALZonE_2FINISH.exe [2010-02-23 12:24:25 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010-02-22 19:02:23 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1965331169-1177238915-1001Core.job [2010-02-22 14:28:07 | 000,057,856 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\CV-Grzegorz Pazik.doc [2010-02-12 22:36:08 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\CS.lnk [2010-02-12 17:02:58 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Google Chrome.lnk [2010-02-02 12:08:54 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll [2010-02-02 12:08:54 | 000,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys [2010-02-02 12:08:53 | 000,134,344 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys [2010-02-02 12:08:53 | 000,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys [2010-01-30 21:30:41 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [3 C:\WINDOWS\*.tmp files C:\WINDOWS\*.tmp ] [1 C:\WINDOWS\System32\*.tmp files C:\WINDOWS\System32\*.tmp ] ========== Files Created - No Company Name ========== [2010-02-25 14:17:28 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\HijackThis.lnk [2010-02-24 20:26:50 | 000,003,184 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\config.cfg [2010-02-24 20:26:48 | 000,000,555 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\userconfig.cfg [2010-02-24 15:24:34 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Game Booster.lnk [2010-02-24 13:07:58 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\GMABooster.lnk [2010-02-23 21:17:55 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\Counter-Strike Source.lnk [2010-02-23 21:06:05 | 1362,167,406 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\CSS_FULL_Oct-15-07_DiGiTALZonE_2FINISH.exe [2010-02-12 22:21:00 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\CS.lnk [2010-01-28 15:17:29 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll [2009-10-23 00:05:01 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009-10-19 21:56:05 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2009-10-19 13:25:17 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2009-10-19 12:53:57 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009-10-19 12:07:51 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2006-01-05 20:21:18 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2005-10-14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll [2005-10-14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2005-10-14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2005-10-14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2005-10-14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2005-10-14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2005-10-14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [2005-10-14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll [2005-02-17 10:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest [2005-02-17 10:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest [2001-11-14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll < End of report > [ Dodano: 2010-02-25, 15:06 ] najwiecej pozera mi svchost cmdagent Ten drugi to proces od Comodo, przeinstaluj go i sprawdź, czy dalej muli. Przeskanuj plik: C:\WINDOWS\System32\sysdm.cpl na http://www.virustotal.com/pl/ i podaj wyniki Usuniemy trochę zbędników z autostartu. Wklej do notatnika: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"=- "Adobe Reader Speed Launcher"=- "Alcmtr"=- "igfxhkcmd"=- "igfxpers"=- "igfxtray"=- "RTHDCPL"=- "SunJavaUpdateSched"=- Plik Zapisz jako Ustaw rozszerzenie z TXT na Wszystkie pliki zapisz pod nazwą FIX.REG uruchom utworzony plik i potwierdź co do COMODO to już załatwilem problem cmdagent ciagle jest jednak jednak prawie wcale nie obciąza kompa, wpisałem w rejestr reszta bez zmian:/ skan z C:\WINDOWS\System32\sysdm.cpl na http://www.virustotal.com/pl/ Antywirus Wersja Ostatnia aktualizacja Wynik AhnLab-V3 5.0.0.2 2009.05.09 - AntiVir 7.9.0.166 2009.05.08 - Antiy-AVL 2.0.3.1 2009.05.08 - Authentium 5.1.2.4 2009.05.09 - Avast 4.8.1335.0 2009.05.09 - AVG 8.5.0.327 2009.05.10 - BitDefender 7.2 2009.05.10 - CAT-QuickHeal 10.00 2009.05.09 - ClamAV 0.94.1 2009.05.10 - Comodo 1156 2009.05.08 - DrWeb 5.0.0.12182 2009.05.10 - eSafe 7.0.17.0 2009.05.07 - eTrust-Vet 31.6.6497 2009.05.08 - F-Prot 4.4.4.56 2009.05.09 - F-Secure 8.0.14470.0 2009.05.09 - Fortinet 3.117.0.0 2009.05.10 - GData 19 2009.05.10 - Ikarus T3.1.1.49.0 2009.05.10 - K7AntiVirus 7.10.729 2009.05.08 - Kaspersky 7.0.0.125 2009.05.10 - McAfee 5610 2009.05.09 - McAfee+Artemis 5610 2009.05.09 - McAfee-GW-Edition 6.7.6 2009.05.10 - Microsoft 1.4602 2009.05.10 - NOD32 4063 2009.05.08 - Norman 2009.05.08 - nProtect 2009.1.8.0 2009.05.10 - Panda 10.0.0.14 2009.05.10 - PCTools 4.4.2.0 2009.05.07 - Rising 21.28.62.00 2009.05.10 - Sophos 4.41.0 2009.05.10 - Sunbelt 3.2.1858.2 2009.05.09 - Symantec 1.4.4.12 2009.05.10 - TheHacker 6.3.4.1.324 2009.05.09 - TrendMicro 8.950.0.1092 2009.05.08 - VBA32 3.12.10.4 2009.05.09 - ViRobot 2009.5.9.1727 2009.05.09 - VirusBuster 4.6.5.0 2009.05.09 - Dodatkowe informacje File size: 609280 bytes MD5 : 95851342bb7e29e7d7ee438a651dae8b SHA1 : 4aa61f400e9494f58e9e548e3bfcb530e6fd52f4 SHA256: c48a05a820f340b5f8b66ba0be0d0296b98eb358480a98a018a80e9e30c52641 PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x38B6 timedatestamp.....: 0x41109767 (Wed Aug 4 09:59:35 2004) machinetype.......: 0x14C (Intel I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x1C6EB 0x1C800 6.42 701d35c55a484d2eddb8357d2fff6050 .data 0x1E000 0x6F10 0x1400 3.06 bec9fe0369810a58ab3f54392256ed15 .rsrc 0x25000 0x749E4 0x74A00 6.95 1a1d6a3452ddfa77613b256826c27dc6 .reloc 0x9A000 0x1FF4 0x2000 6.15 2843324fd6a3fb9224729968bc53fda1 ( 19 imports ) > advapi32.dll: OpenProcessToken, RegSaveKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegLoadKeyW, RegUnLoadKeyW, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, RegOpenKeyExW, RegCloseKey, RegSetKeySecurity, RegCreateKeyW, RegOpenKeyW, RegEnumKeyW, RegGetKeySecurity, RegSetValueExW, RegEnumValueW, RegEnumKeyExW, RegDeleteKeyW, RegQueryValueExW, RegQueryInfoKeyW, RegDeleteValueW, RegCreateKeyExW, InitializeAcl, AddAccessAllowedAce, GetAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, GetLengthSid, CopySid, LookupAccountSidW, OpenSCManagerW, OpenServiceW, QueryServiceStatus, CloseServiceHandle, ChangeServiceConfigW, StartServiceW, GetUserNameW, RegFlushKey > comctl32.dll: CreatePropertySheetPageW, -, -, PropertySheetW, -, -, -, -, InitCommonControlsEx, - > comdlg32.dll: GetOpenFileNameW > gdi32.dll: GetDeviceCaps, SelectObject, DeleteObject, CreateFontIndirectW, GetTextExtentPointW, GetObjectW > imagehlp.dll: UnMapAndLoad, MapAndLoad > imm32.dll: ImmAssociateContext > kernel32.dll: SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetTempPathW, GetTempFileNameW, CopyFileW, FileTimeToLocalFileTime, FileTimeToSystemTime, GetDateFormatW, GetFileAttributesExW, GlobalUnlock, SetLastError, LoadLibraryExW, GetACP, GetSystemDefaultLangID, _lopen, _llseek, _lread, _lclose, SetFileAttributesA, _lcreat, _lwrite, GetFullPathNameW, GetWindowsDirectoryW, lstrcpynW, WritePrivateProfileStringW, WideCharToMultiByte, WritePrivateProfileSectionA, GetSystemDirectoryW, GetPrivateProfileStringW, GetPrivateProfileIntW, GetPrivateProfileSectionA, DeleteCriticalSection, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapFree, GetProcessHeap, HeapAlloc, GlobalLock, LoadLibraryExA, FreeLibrary, LoadLibraryW, lstrcmpW, CloseHandle, LocalFree, LocalReAlloc, LocalAlloc, GetCurrentProcess, lstrlenW, FindClose, FindNextFileW, DeleteFileW, RemoveDirectoryW, lstrcmpiW, SetFileAttributesW, GetLastError, FindFirstFileW, SetCurrentDirectoryW, GetCurrentDirectoryW, GlobalFree, GlobalReAlloc, GlobalAlloc, lstrcpyW, CreateDirectoryW, GetVolumeInformationW, GetProcAddress, lstrcatW, FormatMessageW, LocalLock, LocalUnlock, LocalHandle, CreateMutexW, GetVersionExW, DeviceIoControl, CreateFileW, GetDriveTypeW, QueryDosDeviceW, GetDiskFreeSpaceW, GetSystemInfo, GetFileAttributesW, GlobalMemoryStatusEx, GetLogicalDrives, GetEnvironmentVariableW, ExpandEnvironmentStringsW, lstrlenA, lstrcatA, MultiByteToWideChar > msvcrt.dll: toupper, isalpha, wcstoul, wcscpy, _ultow, wcslen, iswctype, wcspbrk, _ftol, _vsnwprintf, ceil, wcsncpy, _vsnprintf, _wcsicmp, strchr, _snwprintf, wcsncmp, _wtoi, wcsstr, wcscat, __3@YAXPAX@Z, __CxxFrameHandler, tolower, _except_handler3, _wcsnicmp, __2@YAPAXI@Z > ntdll.dll: RtlFreeUnicodeString, RtlInitUnicodeString, RtlCopySid, NtQueryInformationToken, RtlConvertSidToUnicodeString, RtlAdjustPrivilege, RtlGetNtProductType, NtQuerySystemInformation, NtCreatePagingFile, RtlGetSetBootStatusData, RtlLockBootStatusData, RtlUnlockBootStatusData, NtSetSystemInformation, NtClose, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, RtlLengthSid > ole32.dll: CoInitialize, CoCreateInstance, ReleaseStgMedium, CoInitializeSecurity, CoUninitialize > oleaut32.dll: -, -, - > rpcrt4.dll: UuidToStringW, RpcStringFreeW, UuidCreate > setupapi.dll: pSetupDoesUserHavePrivilege, pSetupIsUserAdmin > shell32.dll: SHBrowseForFolderW, SHGetPathFromIDListW, -, ShellExecuteExW, -, ExtractIconW, -, -, -, -, -, -, - > shlwapi.dll: StrCmpIW, StrFormatByteSizeW, PathFileExistsW, -, StrCatBuffW, SHRegGetUSValueW, SHRegSetUSValueW, -, StrToIntExW, AssocQueryStringW, SHGetValueW, wnsprintfW, StrCpyNW, SHRegGetBoolUSValueW > user32.dll: GetDlgItemTextW, SetWindowLongW, SetDlgItemTextW, GetFocus, SetFocus, EnableWindow, wsprintfW, GetWindowLongW, WinHelpW, DialogBoxParamW, SendDlgItemMessageW, DestroyIcon, EndDialog, GetSystemMetrics, ShowCursor, LoadCursorW, SetCursor, GetDlgItem, GetDC, ReleaseDC, wvsprintfW, SendMessageW, MessageBoxW, RegisterWindowMessageW, LoadStringW, CheckDlgButton, CheckRadioButton, IsDlgButtonChecked, PostMessageW, GetParent, GetDlgItemInt, SetDlgItemInt, CharUpperW, MapDialogRect, SendMessageTimeoutW, GetClientRect, MessageBeep, IsWindowEnabled, SetWindowTextW, GetKeyboardType, SendMessageA, CharLowerW, SetTimer, SetWindowPos, MapWindowPoints, GetWindowRect, ShowWindow, LoadImageW, RegisterClipboardFormatW, ScreenToClient, GetWindowTextLengthW, LoadIconW, GetMessagePos > userenv.dll: -, DeleteProfileW > usp10.dll: ScriptIsComplex > version.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW ( 1 exports ) > CPlApplet, EnableExecuteProtectionSupportW, ModifyExecuteProtectionSupportW, NoExecuteAddFileOptOutList, NoExecuteAddFileOptOutListW, NoExecuteProcessExceptionW, NoExecuteRemoveFileOptOutList, NoExecuteRemoveFileOptOutListW TrID : File type identification Win 9x/ME Control Panel applet (43.5%) Win32 Executable Generic (23.9%) Win32 Dynamic Link Library (generic) (21.2%) Generic Win/DOS Executable (5.6%) DOS Executable Generic (5.6%) ssdeep: 12288:UDi59ecky9QjNriYsz0Pwo8/14agyAWu3n439NelO:UD2Aby9QBGYsz0Pwo8/14agyAW PEiD : - RDS : NSRL Reference Data Set - [ Dodano: 2010-02-25, 16:14 ] Hmm, dorzuć jeszcze log z GMER Otwórz msconfig, wejdź do zakładki USŁUGI, ukryj wszystkie Microsoftu i napisz, co się wyświetla. Ewentualnie przejdź do services.msc i sprawdź, czy widzisz jakieś nieznane usługi (to też nie jest takie proste do wykrycia, gdy usługa działa jako składnik innej). Spróbuj wyłączyć na chwilę Comodo, także usługi powiązane z tym programem. Jeśli svchost dalej będzie pokazywał 100%, może to wskazywać na ukrytą infekcję. z msconfiga: usługa udostępniania w sieci programu windows media player 3 procesy z intela O&O defrag java Quick starter windows card space usługa bramy warstwy aplikacji no i ciągle comodo choc zamknąłem go na 30 sposobów:/ a teraz najbardziej zamula mi chyba GMER nawet raz mi sie niebieski ekran ukazał na lapku:/ [ Dodano: 2010-02-25, 18:09 ] a teraz najbardziej zamula mi chyba GMER Pracuje, więc to normalne. Czekamy na log. a co do svchost to ciagle wystepuje i to na 5pozycjach Taka ilość procesów svchost.exe jest normalna. no i ciągle comodo choc zamknąłem go na 30 sposobów:/ Skoro nadal zamula to go całkiem odinstaluj. z GMER'a GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-02-25 18:10:14 Windows 5.1.2600 Dodatek Service Pack 3 Running: gmer.exe; Driver: C:\DOCUME~1\SysOp\USTAWI~1\Temp\kgtdqpog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xAAADDBDA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xAAADD1B8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xAAADD840] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xAAADE35A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xAAADD09A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xAAADF06A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xAAADF302] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xAAADCC60] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xAAADDFC4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xAAADE174] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xAAADCA92] SSDT splm.sys ZwEnumerateKey [0xF8292CA4] SSDT splm.sys ZwEnumerateValueKey [0xF8293032] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xAAADECEC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xAAADD43C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xAAADDA1C] SSDT splm.sys ZwOpenKey [0xF82740C0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xAAADC7C2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xAAADD6CC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xAAADC93A] SSDT splm.sys ZwQueryKey [0xF829310A] SSDT splm.sys ZwQueryValueKey [0xF8292F8A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xAAADE720] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xAAADF648] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xAAADEA88] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xAAADDDC0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xAAADEE9A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) [ Dodano: 2010-02-25, 18:14 ] Wrzuć to na stronę http://wklej.to/, a w poście podaj tylko link. sory ale już drugi raz wywalilo mi błąd, niebieskie tlo i komunikat ze mam przejsc na tryb awaryjny , jak zrobiilem to Usuniemy trochę zbędników z autostartu. Wklej do notatnika: Kod: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"=- "Adobe Reader Speed Launcher"=- "Alcmtr"=- "igfxhkcmd"=- "igfxpers"=- "igfxtray"=- "RTHDCPL"=- "SunJavaUpdateSched"=- Plik Zapisz jako Ustaw rozszerzenie z TXT na Wszystkie pliki zapisz pod nazwą FIX.REG uruchom utworzony plik i potwierdź no i od tamtej pory wyskakuje mi problem [ Dodano: 2010-02-25, 19:09 ] To pewnie wina Gmera. Zastosuj się do tego http://www.searchengines....unce&f=99&id=20 i spróbuj wtedy zrobić log z Gmer. |
||||
Wszelkie Prawa ZastrzeĹźone! chomiki Design by SZABLONY.maniak.pl. | |||||