kapi13 Napisano 22 Września 2007 Zgłoś Napisano 22 Września 2007 (edytowane) Witam! Prosze o spraedzenie loga ,nie wiem co sie dzieje czasami procesor w stanie bezczynności szaleje . Oto log z sillenta: "Silent Runners.vbs", revision 49, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "IncrediMail" = "C:\Program Files\IncrediMail\bin\IncMail.exe /c" ["IncrediMail, Ltd."] "Komunikator" = ""C:\Program Files\Tlen.pl\tlen.exe" --confdir=home" ["o2.pl Sp. z o.o."] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "WooCnxMon" = "C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [empty string] "SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"] "WOOWATCH" = "C:\PROGRA~1\NEOSTR~1\Watch.exe" ["France Télécom R&D"] "WOOTASKBARICON" = "C:\Program Files\Neostrada TP\taskbaricon.exe" ["France Télécom R&D"] "Easy-PrintToolBox" = "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" ["CANON INC."] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"" ["Sun Microsystems, Inc."] "sunasDtServ" = "C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe" ["Sunbelt Software Inc."] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "kis" = ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"" ["Kaspersky Lab"] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "ppmate" = "C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay" ["www.ppmate.com"] "(Default)" = "(empty string)" [file not found] "Sony Ericsson PC Suite" = ""C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions" ["Sony Ericsson Mobile Communications AB"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx" -> {HKLM...CLSID} = "AlcoholShellEx" \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" = "jetAudio" -> {HKLM...CLSID} = "JetFlExt" \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["JetAudio, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS] "{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Ochrona WWW" -> {HKLM...CLSID} = "Ochrona WWW" \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"] "{AD392E40-428C-459F-961E-9B147782D099}" = "UltraISO" -> {HKLM...CLSID} = "UIContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS] "{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager" -> {HKLM...CLSID} = "Sony Ericsson File Manager" \InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "AppInit_DLLs" = "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" ["Kaspersky Lab"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ <<!>> "Userinit" = "c:\windows\system32\userinit.exe,rundll32.exe start" [MS], [MS], [file not found] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> klogon\DLLName = "C:\WINDOWS\System32\klogon.dll" ["Kaspersky Lab"] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" -> {HKLM...CLSID} = "JetFlExt" \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["JetAudio, Inc."] UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}" -> {HKLM...CLSID} = "UIContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ jetAudio\(Default) = "{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}" -> {HKLM...CLSID} = "JetFlExt" \InProcServer32\(Default) = "C:\Program Files\JetAudio\JetFlExt.dll" ["JetAudio, Inc."] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll" ["Kaspersky Lab"] UltraISO\(Default) = "{AD392E40-428C-459F-961E-9B147782D099}" -> {HKLM...CLSID} = "UIContextMenu Class" \InProcServer32\(Default) = "C:\Program Files\UltraISO\isoshell.dll" ["EZB Systems, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {User Configuration|Administrative Templates|System| Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\Documents and Settings\Kapi\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\Kapi.bmp" Startup items in "Kapi" & "All Users" startup folders: ------------------------------------------------------ C:\Documents and Settings\Kapi\Menu Start\Programy\Autostart "HDDlife" -> shortcut to: "C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe" ["BinarySense, Ltd."] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart "Kalendarz XP" -> shortcut to: "C:\Program Files\Kalendarz XP\Kalendarz.exe" [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{3BB63FD4-3C00-44D7-94A9-5DE211900DEF}" -> {HKLM...CLSID} = "AOL Security Toolbar" \InProcServer32\(Default) = "C:\Program Files\AOL Security Toolbar\tbu3B6\AOL_security_toolbar.dll" [file not found] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint" -> {HKLM...CLSID} = "Easy-WebPrint" \InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string] HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data] HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string] HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\audience\audience.dll" [empty string] HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Ochrona WWW" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll" ["Kaspersky Lab"] HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Badanie" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_02" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_02" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll" ["Sun Microsystems, Inc."] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\ "ButtonText" = "Ochrona WWW" Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" \InProcServer32\(Default) = "C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL" [empty string] HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <<H>> "TuneUp" = "file://C|/Documents and Settings/All Users/Dane aplikacji/TuneUp Software/Common/base.css" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Kaspersky Internet Security 6.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r" ["Kaspersky Lab"] Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS] ---------- <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 392 seconds. ---------- (total run time: 2812 seconds) Oraz z hj: Logfile of HijackThis v1.99.1 Scan saved at 15:31:34, on 2007-09-22 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Neostrada TP\taskbaricon.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Kalendarz XP\Kalendarz.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Kapi\Moje dokumenty\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,rundll32.exe start O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [Komunikator] "C:\Program Files\Tlen.pl\tlen.exe" --confdir=home O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B3183AA3-71A3-4298-8817-BCD6FE3BF380}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Edytowane 22 Września 2007 przez kapi13 Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
Kolobos Napisano 22 Września 2007 Zgłoś Napisano 22 Września 2007 Jaki proces obciaza procesor? Daj log z combofix. W hjt usun: F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,rundll32.exe start Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
kapi13 Napisano 22 Września 2007 Zgłoś Napisano 22 Września 2007 Jaki proces obciaza procesor? Daj log z combofix. W hjt usun: F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,rundll32.exe start Te swiństo usunołem,oto log z combo: ComboFix 07-09-21.2 - "Kapi" 2007-09-22 23:29:12.1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.181 [GMT 2:00] * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\uusee C:\Program Files\uusee\AD\1\000\index_new.html C:\Program Files\uusee\AD\1\000\uue_new.jpg C:\Program Files\uusee\AD\1\001\index_new.html C:\Program Files\uusee\AD\1\001\uue_new.jpg C:\Program Files\uusee\AD\1\cy\cy.html C:\Program Files\uusee\AD\1\dsj\dsj.html C:\Program Files\uusee\AD\1\dy\dy.html C:\Program Files\uusee\AD\1\jk\jk.html C:\Program Files\uusee\AD\1\ty\ty.html C:\Program Files\uusee\AD\1\yl\yl.html C:\Program Files\uusee\AD\1\yx\yx1.html C:\Program Files\uusee\AD\2\100\index.html C:\Program Files\uusee\AD\2\200\index.html C:\Program Files\uusee\AD\2\300\index.html C:\Program Files\uusee\AD\UUAD_Banner_1.html C:\Program Files\uusee\AD\UUAD_Banner_3.html C:\Program Files\uusee\AD\UUAD_Buffering.html C:\Program Files\uusee\AD\UUAD_Buffering.jpg C:\Program Files\uusee\AD\UUAD_TextLink_0.xml C:\Program Files\uusee\ARMP.ocx C:\Program Files\uusee\ARMPD.dll C:\Program Files\uusee\check_cmd.exe C:\Program Files\uusee\flvplayer.swf C:\Program Files\uusee\in_psp.dll C:\Program Files\uusee\MultiVMR9.dll C:\Program Files\uusee\out_mmshttp.dll C:\Program Files\uusee\rmsp011.ax C:\Program Files\uusee\skins\UUPlayer\About.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_1.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_2.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_3.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_4.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_1.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_2.bmp C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_3.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_1.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_2.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_3.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_4.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C1.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C2.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C3.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C4.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_1.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_2.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_3.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_4.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_1.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_4.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_1.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_2.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_3.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_4.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_1.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_2.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_3.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_4.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C1.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C2.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C3.bmp C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C4.bmp C:\Program Files\uusee\skins\UUPlayer\Dlg_Back.bmp C:\Program Files\uusee\skins\UUPlayer\Dlg_Detect.bmp C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_1.bmp C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_2.bmp C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_3.bmp C:\Program Files\uusee\skins\UUPlayer\Dlg_Record_Task_1.bmp C:\Program Files\uusee\skins\UUPlayer\Icon_Information.bmp C:\Program Files\uusee\skins\UUPlayer\Icon_Question.bmp C:\Program Files\uusee\skins\UUPlayer\Icon_Stop.bmp C:\Program Files\uusee\skins\UUPlayer\ListHeader_1.bmp C:\Program Files\uusee\skins\UUPlayer\ListHeader_2.bmp C:\Program Files\uusee\skins\UUPlayer\ListHeader_3.bmp C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowD.bmp C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowU.bmp C:\Program Files\uusee\skins\UUPlayer\ListHeader_SP.bmp C:\Program Files\uusee\skins\UUPlayer\Play_Window_Rec_icon.bmp C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_1.bmp C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_2.bmp C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_3.bmp C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_4.bmp C:\Program Files\uusee\skins\UUPlayer\Resource.h C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_1.bmp C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_2.bmp C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_3.bmp C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_1.bmp C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_2.bmp C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_3.bmp C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_1.bmp C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_2.bmp C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_3.bmp C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_1.bmp C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_2.bmp C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_3.bmp C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_1.bmp C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_2.bmp C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_3.bmp C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x1.bmp C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x2.bmp C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x3.bmp C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_1.bmp C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_2.bmp C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_3.bmp C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_1.bmp C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_2.bmp C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_3.bmp C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_1.bmp C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_2.bmp C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_3.bmp C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_1.bmp C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_2.bmp C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_3.bmp C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse.bmp C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse1.bmp C:\Program Files\uusee\skins\UUPlayer\TopTab_Play.bmp C:\Program Files\uusee\skins\UUPlayer\TopTab_Play1.bmp C:\Program Files\uusee\skins\UUPlayer\TopTab_Record.bmp C:\Program Files\uusee\skins\UUPlayer\TopTab_Record1.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_Arrow.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_Collapse.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_Expand.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_Header.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_D.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_H.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_N.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_S.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_D.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_H.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_N.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_S.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconDown.bmp C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconUp.bmp C:\Program Files\uusee\skins\UUPlayer\UUSEE.ui C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_1.bmp C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_2.bmp C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_3.bmp C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_1.bmp C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_2.bmp C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_3.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_1.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_2.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_3.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo_5.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_1.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_2.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_3.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_4.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_1.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_2.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_3.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_5.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_1.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_1.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_2.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_3.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_4.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_1.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_2.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_3.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_1.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_2.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_3.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_1.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_2.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_3.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_4.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_1.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_2.bmp C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_3.bmp C:\Program Files\uusee\u264Dec.ax C:\Program Files\uusee\UFDeMux.ax C:\Program Files\uusee\uninst.exe C:\Program Files\uusee\updateC2.ocx C:\Program Files\uusee\UUPlayer.dll C:\Program Files\uusee\UUPlayer.ocx C:\Program Files\uusee\UUPlayer_update.ini C:\Program Files\uusee\UUSee.url C:\Program Files\uusee\uusee_video.dll C:\Program Files\uusee\UUSEEAudioDec.ax C:\Program Files\uusee\UUSeePlayer.exe C:\Program Files\uusee\UUTV.xml C:\Program Files\uusee\UUTV_MY.xml C:\Program Files\uusee\UUUpgrade.exe C:\Program Files\uusee\UUUpgrade.ini C:\Program Files\uusee\UUUpgrade.ocx C:\Program Files\uusee\vermini.ini C:\Program Files\uusee\vermini_x.ini C:\Program Files\uusee\vermini_x1.ini C:\Program Files\uusee\What's new.txt C:\WINDOWS\mywinsys.ini C:\WINDOWS\system32\mywebhit.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_WINDOWS_LOG ((((((((((((((((((((((((( Files Created from 2007-08-22 to 2007-09-22 ))))))))))))))))))))))))))))))) . 2007-09-22 23:27 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-09-15 15:39 <DIR> d-------- C:\Program Files\TVAnts 2007-08-29 10:56 159,744 --a------ C:\WINDOWS\system32\PcastUpdate.dll 2007-08-28 10:02 <DIR> d-------- C:\Program Files\BankBrowser 2007-08-26 20:47 <DIR> d--hs---- C:\FOUND.013 2007-08-25 02:18 <DIR> d-------- C:\WINDOWS\LogFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-22 23:33 55436 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2007-09-22 23:33 26780 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-09-22 23:33 23072 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-09-22 23:33 2097152 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "@"="" [] "WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07] "WOOTASKBARICON"="C:\Program Files\Neostrada TP\taskbaricon.exe" [2003-10-16 19:07] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 13:10] "nwiz"="nwiz.exe" [2006-06-01 17:22 C:\WINDOWS\system32\nwiz.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-10 17:27] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "sunasDtServ"="C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe" [2005-03-18 14:04] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 19:09] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 17:22] "SoundMan"="SOUNDMAN.EXE" [2003-08-15 09:34 C:\WINDOWS\SOUNDMAN.EXE] "ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" [2006-10-27 10:43] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2006-10-31 14:06] "Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2006-05-12 14:13] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MS Config"=msdconfig.exe C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\ Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2006-07-05 20:24:48] C:\DOCUME~1\KAPI\MENUST~1\PROGRAMY\AUTOST~1\ HDDlife.lnk - C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe [2006-10-03 12:34:28] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll R1 ISODrive;ISO CD-ROM Device Driver;\??\C:\Program Files\UltraISO\drivers\ISODrive.sys R2 SVKP;SVKP;\??\C:\WINDOWS\System32\SVKP.sys S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\System32\DRIVERS\k510bus.sys S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\k510mdfl.sys S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\k510mdm.sys S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\k510mgmt.sys S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\k510obex.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-22 23:34:44 Windows 5.1.2600 Dodatek Service Pack. 1 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-22 23:37:02 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-09-22 23:37 . --- E O F --- Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
Kolobos Napisano 23 Września 2007 Zgłoś Napisano 23 Września 2007 TVAnts instaluje rootkity/spyware, poczytaj: http://www.searchengines.pl/index.php?showtopic=86584 Jezeli masz mozliwosc to zmien system plikow na NTFS. Odinstaluj TVAnts i na przyszlosc patrz co instalujesz zamiast instalowac wszystko jak leci. Wklej do notatnika to: Folder:: C:\FOUND.013 File:: C:\WINDOWS\system32\PcastUpdate.dll Registry:: [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MS Config"=- Plik zapisz w katalogu z combofix pod nazwa CFScript.txt, nastepnie przeciagnij plik CFScript.txt na ikone combofix.exe (tak jak to masz pokazane tutaj i12.tinypic.com/4l761r5.gif ). Po wszystkim daj, ktory sie utworzy. Do tego zrob skan przy pomocy SuperAntiSpyware. Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
kapi13 Napisano 23 Września 2007 Zgłoś Napisano 23 Września 2007 Super anti spaywera nie moge zainstalować ,wyskakuje błąd przy instalce. A poniżej log z combo: ComboFix 07-09-21.2 - "Kapi" 2007-09-23 11:01:46.2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.159 [GMT 2:00] * Created a new restore point FILE:: C:\WINDOWS\system32\PcastUpdate.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\FOUND.013 C:\FOUND.013\FILE0000.CHK C:\FOUND.013\FILE0001.CHK C:\WINDOWS\system32\PcastUpdate.dll . ((((((((((((((((((((((((( Files Created from 2007-08-23 to 2007-09-23 ))))))))))))))))))))))))))))))) . 2007-09-22 23:27 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-08-28 10:02 <DIR> d-------- C:\Program Files\BankBrowser 2007-08-25 02:18 <DIR> d-------- C:\WINDOWS\LogFiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-09-23 11:05 55436 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2007-09-23 11:05 26828 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2007-09-23 11:05 23072 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2007-09-23 11:05 2097152 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat . ((((((((((((((((((((((((((((( snapshot_2007-09-22_233606.62 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 266,240 2007-09-23 08:59:10 C:\WINDOWS\system32\config\systemprofile\ntuser.dat . ----a-w 266,240 2007-09-22 21:27:40 C:\WINDOWS\system32\config\systemprofile\ntuser.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "@"="" [] "WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 19:07] "SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38] "WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 19:07] "WOOTASKBARICON"="C:\Program Files\Neostrada TP\taskbaricon.exe" [2003-10-16 19:07] "Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 13:10] "nwiz"="nwiz.exe" [2006-06-01 17:22 C:\WINDOWS\system32\nwiz.exe] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-10 17:27] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "sunasDtServ"="C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe" [2005-03-18 14:04] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50] "kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 19:09] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-06-01 17:22] "SoundMan"="SOUNDMAN.EXE" [2003-08-15 09:34 C:\WINDOWS\SOUNDMAN.EXE] "ppmate"="C:\Program Files\PPMate\PPMate\ppmate.exe" [2006-10-27 10:43] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2006-10-31 14:06] "Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2006-05-12 14:13] C:\DOCUME~1\ALLUSE~1\MENUST~1\Programy\AUTOST~1\ Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2006-07-05 20:24:48] C:\DOCUME~1\KAPI\MENUST~1\PROGRAMY\AUTOST~1\ HDDlife.lnk - C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe [2006-10-03 12:34:28] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll R1 ISODrive;ISO CD-ROM Device Driver;\??\C:\Program Files\UltraISO\drivers\ISODrive.sys R2 SVKP;SVKP;\??\C:\WINDOWS\System32\SVKP.sys S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\System32\DRIVERS\k510bus.sys S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\System32\DRIVERS\k510mdfl.sys S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\System32\DRIVERS\k510mdm.sys S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\System32\DRIVERS\k510mgmt.sys S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\System32\DRIVERS\k510obex.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS . ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-23 11:06:31 Windows 5.1.2600 Dodatek Service Pack. 1 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-09-23 11:08:45 - machine was rebooted C:\ComboFix2.txt ... 2007-09-22 23:37 C:\ComboFix-quarantined-files.txt ... 2007-09-23 11:08 . --- E O F --- Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
Kolobos Napisano 23 Września 2007 Zgłoś Napisano 23 Września 2007 Napiszesz jaki to blad czy to jakas tajemnica? Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
kapi13 Napisano 24 Września 2007 Zgłoś Napisano 24 Września 2007 Napiszesz jaki to blad czy to jakas tajemnica? Prosze bardzo: Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
Kolobos Napisano 25 Września 2007 Zgłoś Napisano 25 Września 2007 Masz katalog: X:\Documents and Settings\[twoja_nazwa_uzytkownika]\Recent Jezeli nie to utworz. Zobacz tez: http://windowsxp.mvps.org/msi1606.htm Jak nie pomoze to: http://www.google.pl/search?hl=pl&q=er...=Szukaj&lr= Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
kapi13 Napisano 25 Września 2007 Zgłoś Napisano 25 Września 2007 Nic nie ma 8O Udostępnij tę odpowiedź Odnośnik do odpowiedzi Udostępnij na innych stronach More sharing options...
