ďťż
chomiki
usuwanie rootkita bagle (flec006. exe) - prośba o spr. loga
Uprzejma prośba o sprawdzenie Loga z HJT
Prośba o przeanalizowanie loga z otl
Prośba o sprawdzenie konfiguracji komputera
Prośba o wycenę zestawu PC
Prośba o ocenę stanu silnika...
Prosba o pomoc z odpalaniem puga
prosba do posiadaczy turbo diesli
Log HiJackThis 28.11.09
Co powiecie o budowie w OZORKOWIE toru do uprawiania 4 cross
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • apv88.opx.pl

  • chomiki

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:25:53, on 2010-02-25
    Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\OO Software\Defrag\oodag.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\OO Software\Defrag\oodtray.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\SysOp\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
    O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA')
    O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
    O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O23 - Service: Usługa bramy warstwy aplikacji (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

    --
    End of file - 7432 bytes


    Czysto. Dla pewności podaj log z OTL.

    Otwórz menedżer zadań - CTRL+SHIFT+ESC. Przejdź do zakładki PROCESY. Które zajmują najwięcej mocy procesora lub pamięci? Masz dużo aplikacji w autostarcie.
    najwiecej pozera mi svchost cmdagent

    a poniżej skan z otl

    OTL logfile created on: 2010-02-25 15:01:16 - Run 1
    OTL by OldTimer - Version 3.1.30.2 Folder = C:\Documents and Settings\SysOp\Moje dokumenty\Downloads
    Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

    502,00 Mb Total Physical Memory | 108,00 Mb Available Physical Memory | 22,00% Memory free
    1,00 Gb Paging File | 1,00 Gb Available in Paging File | 48,00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 10,74 Gb Total Space | 1,24 Gb Free Space | 11,56% Space Free | Partition Type: NTFS
    Drive D: | 26,51 Gb Total Space | 13,82 Gb Free Space | 52,11% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: COA12
    Current User Name: SysOp
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard

    ========== Processes (SafeList) ==========

    PRC - [2010-02-25 15:01:06 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SysOp\Moje dokumenty\Downloads\OTL.exe
    PRC - [2010-02-25 14:17:27 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    PRC - [2010-02-05 19:36:00 | 000,527,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe
    PRC - [2010-02-02 12:08:31 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    PRC - [2010-02-02 12:08:23 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    PRC - [2009-10-11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
    PRC - [2009-10-11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
    PRC - [2009-09-12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe
    PRC - [2009-09-12 00:34:00 | 002,524,416 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodtray.exe
    PRC - [2009-08-31 17:07:34 | 011,391,592 | ---- | M] (GG Network S.A.) -- C:\Program Files\Nowe Gadu-Gadu\gg.exe
    PRC - [2009-08-31 15:56:26 | 000,077,824 | ---- | M] () -- C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
    PRC - [2008-12-31 18:03:17 | 001,553,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006-01-05 20:35:36 | 000,618,557 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2006-01-05 20:27:12 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    PRC - [2005-11-17 10:27:56 | 015,600,128 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
    PRC - [2005-09-27 11:41:56 | 000,569,413 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    PRC - [2005-09-27 11:37:48 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    PRC - [2005-09-27 11:37:20 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    PRC - [2005-09-27 11:34:42 | 000,389,189 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    PRC - [2005-09-27 11:30:00 | 000,536,649 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    PRC - [2005-09-27 11:28:12 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2005-09-27 11:27:34 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2005-07-19 10:10:06 | 000,114,688 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
    PRC - [2005-07-19 10:06:12 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
    PRC - [2005-01-08 06:17:16 | 000,102,491 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    PRC - [2005-01-08 06:16:04 | 000,692,315 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ========== Modules (SafeList) ==========

    MOD - [2010-02-25 15:01:06 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\SysOp\Moje dokumenty\Downloads\OTL.exe
    MOD - [2010-02-02 12:08:54 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
    MOD - [2005-01-08 06:17:08 | 000,069,723 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (ALG)
    SRV - [2010-02-02 12:08:23 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2009-10-11 04:17:35 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
    SRV - [2009-09-12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
    SRV - [2006-01-05 20:27:12 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
    SRV - [2005-09-27 11:30:00 | 000,536,649 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2005-09-27 11:28:12 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2005-09-27 11:27:34 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)

    ========== Driver Services (SafeList) ==========

    DRV - [2010-02-02 12:08:54 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
    DRV - [2010-02-02 12:08:53 | 000,134,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
    DRV - [2010-02-02 12:08:53 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
    DRV - [2009-10-19 13:25:17 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009-10-19 12:12:42 | 000,021,035 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
    DRV - [2009-04-28 21:20:06 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
    DRV - [2009-01-18 16:19:10 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\porttalk.sys -- (PortTalk)
    DRV - [2008-12-31 17:40:38 | 000,062,208 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\si3112.sys -- (Si3112)
    DRV - [2008-12-31 17:40:28 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HdAudio.sys -- (HdAudAddService)
    DRV - [2008-04-13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)
    DRV - [2008-04-13 20:09:18 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
    DRV - [2008-04-13 20:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2006-01-05 20:11:24 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
    DRV - [2006-01-05 20:09:38 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
    DRV - [2006-01-05 20:08:20 | 000,850,282 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
    DRV - [2006-01-05 20:05:48 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
    DRV - [2006-01-05 20:02:08 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
    DRV - [2005-11-17 14:45:40 | 004,069,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2005-09-30 10:11:42 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2005-09-27 12:01:12 | 000,013,440 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2005-09-12 09:49:44 | 003,298,432 | ---- | M] (Intelź Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Sterownik karty Intel(R)
    DRV - [2005-07-19 10:34:22 | 001,049,180 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
    DRV - [2005-01-08 06:03:42 | 000,191,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2001-08-17 23:49:56 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = http://www.google.com/search?q=%s
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\SysOp\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HDAShCut.exe (Windows (R) Server 2003 DDK provider)
    O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
    O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
    O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
    O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
    O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/updat...indows-i586.cab (Java Plug-in 1.6.0_17)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.63 62.179.1.62
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (cr1t1cal)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009-10-19 11:17:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010-02-25 14:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2010-02-25 13:57:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\SysOp\Recent
    [2010-02-24 21:03:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Pulpit\cs config
    [2010-02-24 20:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Pulpit\scripts
    [2010-02-24 20:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\SysOp\Pulpit\resource
    [2010-02-24 15:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2010-02-24 13:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\GMABooster
    [2010-01-28 15:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
    [2009-10-19 11:19:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
    [2009-10-19 11:19:51 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
    [2009-10-19 11:17:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
    [2009-10-19 11:17:29 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
    [3 C:\WINDOWS\*.tmp files C:\WINDOWS\*.tmp ]
    [1 C:\WINDOWS\System32\*.tmp files C:\WINDOWS\System32\*.tmp ]

    ========== Files - Modified Within 30 Days ==========

    [2010-02-25 15:02:04 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1965331169-1177238915-1001UA.job
    [2010-02-25 14:17:28 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\HijackThis.lnk
    [2010-02-25 13:50:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010-02-25 13:49:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010-02-25 13:49:43 | 000,127,705 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
    [2010-02-25 13:48:52 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\SysOp\NTUSER.DAT
    [2010-02-25 13:48:52 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\SysOp\ntuser.ini
    [2010-02-25 13:48:25 | 005,004,800 | -H-- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\IconCache.db
    [2010-02-25 13:40:52 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2010-02-24 20:26:20 | 000,003,184 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\config.cfg
    [2010-02-24 20:08:23 | 000,000,555 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\userconfig.cfg
    [2010-02-24 15:24:34 | 000,000,743 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Game Booster.lnk
    [2010-02-24 13:07:58 | 000,000,752 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\GMABooster.lnk
    [2010-02-23 21:52:38 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Counter-Strike Source.lnk
    [2010-02-23 17:42:00 | 1362,167,406 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\CSS_FULL_Oct-15-07_DiGiTALZonE_2FINISH.exe
    [2010-02-23 12:24:25 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010-02-22 19:02:23 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1965331169-1177238915-1001Core.job
    [2010-02-22 14:28:07 | 000,057,856 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\CV-Grzegorz Pazik.doc
    [2010-02-12 22:36:08 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\CS.lnk
    [2010-02-12 17:02:58 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\SysOp\Pulpit\Google Chrome.lnk
    [2010-02-02 12:08:54 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
    [2010-02-02 12:08:54 | 000,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
    [2010-02-02 12:08:53 | 000,134,344 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
    [2010-02-02 12:08:53 | 000,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
    [2010-01-30 21:30:41 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [3 C:\WINDOWS\*.tmp files C:\WINDOWS\*.tmp ]
    [1 C:\WINDOWS\System32\*.tmp files C:\WINDOWS\System32\*.tmp ]

    ========== Files Created - No Company Name ==========

    [2010-02-25 14:17:28 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\HijackThis.lnk
    [2010-02-24 20:26:50 | 000,003,184 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\config.cfg
    [2010-02-24 20:26:48 | 000,000,555 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\userconfig.cfg
    [2010-02-24 15:24:34 | 000,000,743 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Game Booster.lnk
    [2010-02-24 13:07:58 | 000,000,752 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\GMABooster.lnk
    [2010-02-23 21:17:55 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\Counter-Strike Source.lnk
    [2010-02-23 21:06:05 | 1362,167,406 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\CSS_FULL_Oct-15-07_DiGiTALZonE_2FINISH.exe
    [2010-02-12 22:21:00 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\SysOp\Pulpit\CS.lnk
    [2010-01-28 15:17:29 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
    [2009-10-23 00:05:01 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\SysOp\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009-10-19 21:56:05 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
    [2009-10-19 13:25:17 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
    [2009-10-19 12:53:57 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009-10-19 12:07:51 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
    [2008-10-07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2008-10-07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2008-10-07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2006-01-05 20:21:18 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2005-10-14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
    [2005-10-14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2005-10-14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
    [2005-10-14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
    [2005-10-14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2005-10-14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2005-10-14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
    [2005-10-14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
    [2005-02-17 10:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
    [2005-02-17 10:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
    [2001-11-14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
    < End of report >

    [ Dodano: 2010-02-25, 15:06 ]

    najwiecej pozera mi svchost cmdagent
    Ten drugi to proces od Comodo, przeinstaluj go i sprawdź, czy dalej muli.

    Przeskanuj plik: C:\WINDOWS\System32\sysdm.cpl na http://www.virustotal.com/pl/ i podaj wyniki

    Usuniemy trochę zbędników z autostartu.
    Wklej do notatnika:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"=-
    "Adobe Reader Speed Launcher"=-
    "Alcmtr"=-
    "igfxhkcmd"=-
    "igfxpers"=-
    "igfxtray"=-
    "RTHDCPL"=-
    "SunJavaUpdateSched"=-

    Plik Zapisz jako Ustaw rozszerzenie z TXT na Wszystkie pliki zapisz pod nazwą FIX.REG uruchom utworzony plik i potwierdź


    co do COMODO to już załatwilem problem cmdagent ciagle jest jednak jednak prawie wcale nie obciąza kompa,

    wpisałem w rejestr
    reszta bez zmian:/

    skan z C:\WINDOWS\System32\sysdm.cpl na http://www.virustotal.com/pl/

    Antywirus Wersja Ostatnia aktualizacja Wynik
    AhnLab-V3 5.0.0.2 2009.05.09 -
    AntiVir 7.9.0.166 2009.05.08 -
    Antiy-AVL 2.0.3.1 2009.05.08 -
    Authentium 5.1.2.4 2009.05.09 -
    Avast 4.8.1335.0 2009.05.09 -
    AVG 8.5.0.327 2009.05.10 -
    BitDefender 7.2 2009.05.10 -
    CAT-QuickHeal 10.00 2009.05.09 -
    ClamAV 0.94.1 2009.05.10 -
    Comodo 1156 2009.05.08 -
    DrWeb 5.0.0.12182 2009.05.10 -
    eSafe 7.0.17.0 2009.05.07 -
    eTrust-Vet 31.6.6497 2009.05.08 -
    F-Prot 4.4.4.56 2009.05.09 -
    F-Secure 8.0.14470.0 2009.05.09 -
    Fortinet 3.117.0.0 2009.05.10 -
    GData 19 2009.05.10 -
    Ikarus T3.1.1.49.0 2009.05.10 -
    K7AntiVirus 7.10.729 2009.05.08 -
    Kaspersky 7.0.0.125 2009.05.10 -
    McAfee 5610 2009.05.09 -
    McAfee+Artemis 5610 2009.05.09 -
    McAfee-GW-Edition 6.7.6 2009.05.10 -
    Microsoft 1.4602 2009.05.10 -
    NOD32 4063 2009.05.08 -
    Norman 2009.05.08 -
    nProtect 2009.1.8.0 2009.05.10 -
    Panda 10.0.0.14 2009.05.10 -
    PCTools 4.4.2.0 2009.05.07 -
    Rising 21.28.62.00 2009.05.10 -
    Sophos 4.41.0 2009.05.10 -
    Sunbelt 3.2.1858.2 2009.05.09 -
    Symantec 1.4.4.12 2009.05.10 -
    TheHacker 6.3.4.1.324 2009.05.09 -
    TrendMicro 8.950.0.1092 2009.05.08 -
    VBA32 3.12.10.4 2009.05.09 -
    ViRobot 2009.5.9.1727 2009.05.09 -
    VirusBuster 4.6.5.0 2009.05.09 -
    Dodatkowe informacje
    File size: 609280 bytes
    MD5 : 95851342bb7e29e7d7ee438a651dae8b
    SHA1 : 4aa61f400e9494f58e9e548e3bfcb530e6fd52f4
    SHA256: c48a05a820f340b5f8b66ba0be0d0296b98eb358480a98a018a80e9e30c52641
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x38B6
    timedatestamp.....: 0x41109767 (Wed Aug 4 09:59:35 2004)
    machinetype.......: 0x14C (Intel I386)

    ( 4 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x1C6EB 0x1C800 6.42 701d35c55a484d2eddb8357d2fff6050
    .data 0x1E000 0x6F10 0x1400 3.06 bec9fe0369810a58ab3f54392256ed15
    .rsrc 0x25000 0x749E4 0x74A00 6.95 1a1d6a3452ddfa77613b256826c27dc6
    .reloc 0x9A000 0x1FF4 0x2000 6.15 2843324fd6a3fb9224729968bc53fda1

    ( 19 imports )

    > advapi32.dll: OpenProcessToken, RegSaveKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, RegLoadKeyW, RegUnLoadKeyW, FreeSid, CheckTokenMembership, AllocateAndInitializeSid, RegOpenKeyExW, RegCloseKey, RegSetKeySecurity, RegCreateKeyW, RegOpenKeyW, RegEnumKeyW, RegGetKeySecurity, RegSetValueExW, RegEnumValueW, RegEnumKeyExW, RegDeleteKeyW, RegQueryValueExW, RegQueryInfoKeyW, RegDeleteValueW, RegCreateKeyExW, InitializeAcl, AddAccessAllowedAce, GetAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, GetLengthSid, CopySid, LookupAccountSidW, OpenSCManagerW, OpenServiceW, QueryServiceStatus, CloseServiceHandle, ChangeServiceConfigW, StartServiceW, GetUserNameW, RegFlushKey
    > comctl32.dll: CreatePropertySheetPageW, -, -, PropertySheetW, -, -, -, -, InitCommonControlsEx, -
    > comdlg32.dll: GetOpenFileNameW
    > gdi32.dll: GetDeviceCaps, SelectObject, DeleteObject, CreateFontIndirectW, GetTextExtentPointW, GetObjectW
    > imagehlp.dll: UnMapAndLoad, MapAndLoad
    > imm32.dll: ImmAssociateContext
    > kernel32.dll: SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetTempPathW, GetTempFileNameW, CopyFileW, FileTimeToLocalFileTime, FileTimeToSystemTime, GetDateFormatW, GetFileAttributesExW, GlobalUnlock, SetLastError, LoadLibraryExW, GetACP, GetSystemDefaultLangID, _lopen, _llseek, _lread, _lclose, SetFileAttributesA, _lcreat, _lwrite, GetFullPathNameW, GetWindowsDirectoryW, lstrcpynW, WritePrivateProfileStringW, WideCharToMultiByte, WritePrivateProfileSectionA, GetSystemDirectoryW, GetPrivateProfileStringW, GetPrivateProfileIntW, GetPrivateProfileSectionA, DeleteCriticalSection, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, HeapFree, GetProcessHeap, HeapAlloc, GlobalLock, LoadLibraryExA, FreeLibrary, LoadLibraryW, lstrcmpW, CloseHandle, LocalFree, LocalReAlloc, LocalAlloc, GetCurrentProcess, lstrlenW, FindClose, FindNextFileW, DeleteFileW, RemoveDirectoryW, lstrcmpiW, SetFileAttributesW, GetLastError, FindFirstFileW, SetCurrentDirectoryW, GetCurrentDirectoryW, GlobalFree, GlobalReAlloc, GlobalAlloc, lstrcpyW, CreateDirectoryW, GetVolumeInformationW, GetProcAddress, lstrcatW, FormatMessageW, LocalLock, LocalUnlock, LocalHandle, CreateMutexW, GetVersionExW, DeviceIoControl, CreateFileW, GetDriveTypeW, QueryDosDeviceW, GetDiskFreeSpaceW, GetSystemInfo, GetFileAttributesW, GlobalMemoryStatusEx, GetLogicalDrives, GetEnvironmentVariableW, ExpandEnvironmentStringsW, lstrlenA, lstrcatA, MultiByteToWideChar
    > msvcrt.dll: toupper, isalpha, wcstoul, wcscpy, _ultow, wcslen, iswctype, wcspbrk, _ftol, _vsnwprintf, ceil, wcsncpy, _vsnprintf, _wcsicmp, strchr, _snwprintf, wcsncmp, _wtoi, wcsstr, wcscat, __3@YAXPAX@Z, __CxxFrameHandler, tolower, _except_handler3, _wcsnicmp, __2@YAPAXI@Z
    > ntdll.dll: RtlFreeUnicodeString, RtlInitUnicodeString, RtlCopySid, NtQueryInformationToken, RtlConvertSidToUnicodeString, RtlAdjustPrivilege, RtlGetNtProductType, NtQuerySystemInformation, NtCreatePagingFile, RtlGetSetBootStatusData, RtlLockBootStatusData, RtlUnlockBootStatusData, NtSetSystemInformation, NtClose, NtQuerySymbolicLinkObject, NtOpenSymbolicLinkObject, RtlLengthSid
    > ole32.dll: CoInitialize, CoCreateInstance, ReleaseStgMedium, CoInitializeSecurity, CoUninitialize
    > oleaut32.dll: -, -, -
    > rpcrt4.dll: UuidToStringW, RpcStringFreeW, UuidCreate
    > setupapi.dll: pSetupDoesUserHavePrivilege, pSetupIsUserAdmin
    > shell32.dll: SHBrowseForFolderW, SHGetPathFromIDListW, -, ShellExecuteExW, -, ExtractIconW, -, -, -, -, -, -, -
    > shlwapi.dll: StrCmpIW, StrFormatByteSizeW, PathFileExistsW, -, StrCatBuffW, SHRegGetUSValueW, SHRegSetUSValueW, -, StrToIntExW, AssocQueryStringW, SHGetValueW, wnsprintfW, StrCpyNW, SHRegGetBoolUSValueW
    > user32.dll: GetDlgItemTextW, SetWindowLongW, SetDlgItemTextW, GetFocus, SetFocus, EnableWindow, wsprintfW, GetWindowLongW, WinHelpW, DialogBoxParamW, SendDlgItemMessageW, DestroyIcon, EndDialog, GetSystemMetrics, ShowCursor, LoadCursorW, SetCursor, GetDlgItem, GetDC, ReleaseDC, wvsprintfW, SendMessageW, MessageBoxW, RegisterWindowMessageW, LoadStringW, CheckDlgButton, CheckRadioButton, IsDlgButtonChecked, PostMessageW, GetParent, GetDlgItemInt, SetDlgItemInt, CharUpperW, MapDialogRect, SendMessageTimeoutW, GetClientRect, MessageBeep, IsWindowEnabled, SetWindowTextW, GetKeyboardType, SendMessageA, CharLowerW, SetTimer, SetWindowPos, MapWindowPoints, GetWindowRect, ShowWindow, LoadImageW, RegisterClipboardFormatW, ScreenToClient, GetWindowTextLengthW, LoadIconW, GetMessagePos
    > userenv.dll: -, DeleteProfileW
    > usp10.dll: ScriptIsComplex
    > version.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW

    ( 1 exports )

    > CPlApplet, EnableExecuteProtectionSupportW, ModifyExecuteProtectionSupportW, NoExecuteAddFileOptOutList, NoExecuteAddFileOptOutListW, NoExecuteProcessExceptionW, NoExecuteRemoveFileOptOutList, NoExecuteRemoveFileOptOutListW
    TrID : File type identification
    Win 9x/ME Control Panel applet (43.5%)
    Win32 Executable Generic (23.9%)
    Win32 Dynamic Link Library (generic) (21.2%)
    Generic Win/DOS Executable (5.6%)
    DOS Executable Generic (5.6%)
    ssdeep: 12288:UDi59ecky9QjNriYsz0Pwo8/14agyAWu3n439NelO:UD2Aby9QBGYsz0Pwo8/14agyAW
    PEiD : -
    RDS : NSRL Reference Data Set
    -

    [ Dodano: 2010-02-25, 16:14 ]
    Hmm, dorzuć jeszcze log z GMER
    Otwórz msconfig, wejdź do zakładki USŁUGI, ukryj wszystkie Microsoftu i napisz, co się wyświetla. Ewentualnie przejdź do services.msc i sprawdź, czy widzisz jakieś nieznane usługi (to też nie jest takie proste do wykrycia, gdy usługa działa jako składnik innej).

    Spróbuj wyłączyć na chwilę Comodo, także usługi powiązane z tym programem. Jeśli svchost dalej będzie pokazywał 100%, może to wskazywać na ukrytą infekcję.
    z msconfiga:

    usługa udostępniania w sieci programu windows media player

    3 procesy z intela

    O&O defrag

    java Quick starter

    windows card space

    usługa bramy warstwy aplikacji

    no i ciągle comodo choc zamknąłem go na 30 sposobów:/

    a teraz najbardziej zamula mi chyba GMER nawet raz mi sie niebieski ekran ukazał na lapku:/

    [ Dodano: 2010-02-25, 18:09 ]

    a teraz najbardziej zamula mi chyba GMER
    Pracuje, więc to normalne. Czekamy na log.


    a co do svchost to ciagle wystepuje i to na 5pozycjach
    Taka ilość procesów svchost.exe jest normalna.


    no i ciągle comodo choc zamknąłem go na 30 sposobów:/
    Skoro nadal zamula to go całkiem odinstaluj.
    z GMER'a

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-02-25 18:10:14
    Windows 5.1.2600 Dodatek Service Pack 3
    Running: gmer.exe; Driver: C:\DOCUME~1\SysOp\USTAWI~1\Temp\kgtdqpog.sys

    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xAAADDBDA]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xAAADD1B8]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xAAADD840]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xAAADE35A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xAAADD09A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xAAADF06A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xAAADF302]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xAAADCC60]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xAAADDFC4]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xAAADE174]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xAAADCA92]
    SSDT splm.sys ZwEnumerateKey [0xF8292CA4]
    SSDT splm.sys ZwEnumerateValueKey [0xF8293032]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xAAADECEC]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xAAADD43C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xAAADDA1C]
    SSDT splm.sys ZwOpenKey [0xF82740C0]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xAAADC7C2]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xAAADD6CC]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xAAADC93A]
    SSDT splm.sys ZwQueryKey [0xF829310A]
    SSDT splm.sys ZwQueryValueKey [0xF8292F8A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xAAADE720]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xAAADF648]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xAAADEA88]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xAAADDDC0]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xAAADEE9A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)

    [ Dodano: 2010-02-25, 18:14 ]
    Wrzuć to na stronę http://wklej.to/, a w poście podaj tylko link.
    sory ale już drugi raz wywalilo mi błąd, niebieskie tlo i komunikat ze mam przejsc na tryb awaryjny ,

    jak zrobiilem to

    Usuniemy trochę zbędników z autostartu.
    Wklej do notatnika:
    Kod:
    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"=-
    "Adobe Reader Speed Launcher"=-
    "Alcmtr"=-
    "igfxhkcmd"=-
    "igfxpers"=-
    "igfxtray"=-
    "RTHDCPL"=-
    "SunJavaUpdateSched"=-

    Plik Zapisz jako Ustaw rozszerzenie z TXT na Wszystkie pliki zapisz pod nazwą FIX.REG uruchom utworzony plik i potwierdź

    no i od tamtej pory wyskakuje mi problem

    [ Dodano: 2010-02-25, 19:09 ]
    To pewnie wina Gmera. Zastosuj się do tego http://www.searchengines....unce&f=99&id=20 i spróbuj wtedy zrobić log z Gmer.
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • mandragora32.opx.pl
  • ďťż
    Wszelkie Prawa ZastrzeĹźone! chomiki Design by SZABLONY.maniak.pl.