1cichy
(Czaty)
18 Listopad 2008 14:36
#1
Witam
Zaraz po stracie systemu(Win XP) wykorzystanie procesora zazwyczaj waha się miedzy 20% - 70%. Nic nie robię na komputerze, a użycie procesora ciągle “skacze”.
Programy które uruchamiają się przy starcie systemu ograniczyłem do minimum, ale nic nie pomogło i nie wiem co jest powodem tych dziwnych zachowań.
Zamieszczam logi z HijackThis i ComboFix jeśli ktoś by miał jakiś pomysł co jest tak prosiłbym o podpowiedź. Z góry dzięki.
HijackThis:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:11:28, on 2008-11-18 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe C:\Windows\system32\Taskmgr.exe C:\Windows\system32\Dwm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM…\Run: [MSConfig] “C:\WINDOWS\System32\msconfig.exe” /auto O4 - HKLM…\Run: [AVP] “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe” O4 - HKUS\S-1-5-19…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA SIECIOWA’) O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~4.0_0\bin\ssv.dll O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: @C :\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra ‘Tools’ menuitem: @C :\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll ,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra ‘Tools’ menuitem: @btrez.dll ,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra ‘Tools’ menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: ##Id_String1 .6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe – End of file - 8069 bytes
ComboFix:
ComboFix 08-11-17.01 - Rafal 2008-11-18 14:29:22.2 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.1.1045.18.923 [GMT 1:00] Uruchomiony z: c:\users\Rafal\Downloads\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\Cfx32.lic c:\windows\system32\cfx32.ocx c:\windows\system32\x64 D:\Autorun.inf . ((((((((((((((((((((((((( Pliki utworzone od 2008-10-18 do 2008-11-18 ))))))))))))))))))))))))))))))) . 2008-11-18 13:10 . 2008-11-18 13:10 2008-11-16 18:08 . 2008-11-16 18:08 2008-11-14 11:04 . 2006-09-18 22:43 2,577 --a------ c:\windows\System32\CONFIG.NT.ORGIPS 2008-11-14 11:04 . 2006-09-18 22:43 1,688 --a------ c:\windows\System32\AUTOEXEC.NT.ORGIPS 2008-11-14 10:56 . 2008-11-14 11:05 2008-11-09 21:51 . 2005-10-28 04:38 402,432 --a------ c:\windows\System32\drivers\ZD1211BU.sys 2008-11-09 21:48 . 2008-11-09 21:48 2008-11-09 21:48 . 2004-01-14 11:25 81,920 --a------ c:\windows\System32\ZDPN50.DLL 2008-11-09 21:48 . 2004-03-23 16:38 28,672 --a------ c:\windows\System32\InsDrvZD.dll 2008-11-09 21:48 . 2003-03-14 12:24 24,576 --a------ c:\windows\System32\ZyDelReg.exe 2008-11-09 21:48 . 2005-07-12 14:44 15,872 --a------ c:\windows\System32\InsDrvZD64.DLL 2008-11-01 20:59 . 2008-11-01 20:59 2008-10-30 20:43 . 2008-10-30 20:43 2008-10-30 20:43 . 2008-10-30 20:43 45 --a------ c:\windows\System32\initdebug.nfo 2008-10-30 12:46 . 2007-11-09 21:08 281,088 --a------ C:\qt-moc.exe 2008-10-30 12:39 . 2008-10-30 12:39 2008-10-30 12:03 . 2008-10-30 12:16 2008-10-29 20:31 . 2008-11-03 10:26 2008-10-29 17:39 . 2008-02-19 20:31 844,800 --a------ c:\windows\System32\QtNetwork4.dll 2008-10-29 17:38 . 2008-02-19 20:29 9,148,928 --a------ c:\windows\System32\QtGui4.dll 2008-10-29 17:38 . 2008-10-29 12:50 2,079,744 --a------ c:\windows\System32\QtCore4.dll 2008-10-29 17:38 . 2005-01-29 23:35 15,960 --a------ c:\windows\System32\mingwm10.dll 2008-10-29 12:46 . 2008-10-29 12:46 2008-10-29 12:43 . 2008-10-30 13:56 2008-10-29 12:37 . 2008-11-16 17:50 2008-10-29 12:31 . 2007-05-01 22:51 437,040 --a------ c:\windows\System32\vnetlib.dll 2008-10-29 12:31 . 2007-05-01 22:52 150,320 --a------ c:\windows\System32\vmnat.exe 2008-10-29 12:31 . 2007-05-01 22:51 121,648 --a------ c:\windows\System32\vmnetdhcp.exe 2008-10-29 12:31 . 2007-05-01 22:51 50,992 -ra------ c:\windows\System32\vmnetbridge.dll 2008-10-29 12:31 . 2007-05-01 22:51 28,592 -ra------ c:\windows\System32\drivers\vmnetbridge.sys 2008-10-29 12:31 . 2007-05-01 22:52 25,264 --a------ c:\windows\System32\drivers\vmnetuserif.sys 2008-10-29 12:31 . 2007-05-01 22:51 17,712 -ra------ c:\windows\System32\drivers\vmnet.sys 2008-10-29 12:31 . 2007-05-01 22:51 16,816 --a------ c:\windows\System32\drivers\vmnetadapter.sys 2008-10-29 12:31 . 2007-05-01 22:51 13,104 --a------ c:\windows\System32\vnetinst.dll 2008-10-29 12:30 . 2007-05-01 22:51 30,768 --a------ c:\windows\System32\drivers\vmusb.sys 2008-10-29 12:30 . 2007-05-01 22:52 21,040 --a------ c:\windows\System32\drivers\VMkbd.sys 2008-10-29 12:30 . 2008-10-29 12:30 1,024 --a------ C:.rnd 2008-10-29 12:28 . 2008-11-18 13:25 2008-10-29 12:28 . 2008-11-18 13:25 2008-10-29 12:27 . 2008-10-29 12:27 2008-10-29 12:27 . 2008-10-29 12:27 2008-10-27 12:59 . 2008-10-27 13:00 2008-10-23 15:27 . 2008-10-23 15:27 96,976 --a------ c:\windows\System32\drivers\klin.dat 2008-10-23 15:27 . 2008-10-23 15:27 87,855 --a------ c:\windows\System32\drivers\klick.dat 2008-10-23 15:26 . 2008-11-18 13:25 2008-10-23 15:26 . 2008-11-18 13:25 2008-10-23 15:26 . 2008-10-23 15:26 2008-10-23 15:26 . 2008-11-18 13:24 8,927,776 --ahs---- c:\windows\System32\drivers\fidbox.dat 2008-10-23 15:26 . 2008-11-18 13:24 892,960 --ahs---- c:\windows\System32\drivers\fidbox2.dat 2008-10-23 15:26 . 2008-11-18 13:24 72,924 --ahs---- c:\windows\System32\drivers\fidbox.idx 2008-10-23 15:26 . 2008-11-18 13:24 4,132 --ahs---- c:\windows\System32\drivers\fidbox2.idx 2008-10-19 11:15 . 2008-10-27 12:45 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2060-08-18 17:02 1,496,064 ------w c:\windows\System32\CC3250MT.DLL 2060-08-18 16:40 909,824 ------w c:\windows\System32\cp3245mt.dll 2060-08-18 16:40 24,064 ------w c:\windows\System32\borlndmm.dll 2008-11-13 14:14 --------- d-----w c:\users\Rafal\AppData\Roaming\Autodesk 2008-11-13 14:14 --------- d-----w c:\programdata\Autodesk 2008-11-13 12:44 --------- d-----w c:\users\Rafal\AppData\Roaming\uTorrent 2008-11-11 02:08 --------- d-----w c:\users\Rafal\AppData\Roaming\FileZilla 2008-11-10 20:46 --------- d-----w c:\users\Rafal\AppData\Roaming\Tlen.pl 2008-11-09 20:48 --------- d–h--w c:\program files\InstallShield Installation Information 2008-11-03 21:17 --------- d-----w c:\users\Rafal\AppData\Roaming\Skype 2008-11-03 17:48 --------- d-----w c:\users\Rafal\AppData\Roaming\skypePM 2008-10-31 13:41 --------- d-----w c:\program files\Hp 2008-10-30 13:28 --------- d-----w c:\users\Rafal\AppData\Roaming\Dev-Cpp 2008-10-28 20:56 --------- d-----w c:\program files\OpenOfficeT7 2.4.0 2008-10-16 10:54 --------- d-----w c:\program files\Microsoft SQL Server 2008-10-16 10:52 --------- d-----w c:\program files\Microsoft.NET 2008-10-16 10:02 --------- d-----w c:\programdata\Microsoft Help 2008-10-16 10:02 --------- d-----w c:\program files\Microsoft Silverlight 2008-10-16 10:00 --------- d-----w c:\program files\Microsoft Visual Studio 9.0 2008-10-16 09:59 --------- d-----w c:\program files\Common Files\Merge Modules 2008-10-16 09:57 --------- d-----w c:\program files\Microsoft SDKs 2008-10-15 22:20 86,556 ----a-w c:\windows\System32\SDL_gfx.dll 2008-10-15 22:20 320,512 ----a-w c:\windows\System32\SDL.dll 2008-10-11 19:59 --------- d-----w c:\program files\turbo squid tentacles 2008-10-11 19:55 --------- d-----w c:\program files\Autodesk 2008-10-11 19:54 --------- d-----w c:\program files\Common Files\Autodesk Shared 2008-10-07 12:53 573,440 ----a-w c:\windows\System32\alleg42.dll 2008-09-29 13:50 --------- d-----w c:\program files\ICQ6 2008-09-18 20:44 --------- d-----w c:\users\Rafal\AppData\Roaming\BESTplayer 2008-06-14 21:56 174 --sha-w c:\program files\desktop.ini 2008-02-03 15:09 32 ----a-w c:\users\All Users\ezsid.dat 2008-02-03 15:09 32 ----a-w c:\programdata\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “MSConfig”=“c:\windows\System32\msconfig.exe” [2008-01-19 227840] “AVP”=“c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe” [2008-07-29 206088] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “EnableUIADesktopToggle”= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 2007-06-08 08:04 49152 c:\windows\System32\DeviceNP.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll,c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll,c:\progra~1\KASPER~1\KASPER~1\adialhk.dll,c:\progra~1\KASPER~1\KASPER~1\kloehk.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “msacm.l3codec”= l3codecp.acm [HKLM~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup [HKLM~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ZDWLan Utility.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ZDWLan Utility.lnk backup=c:\windows\pss\ZDWLan Utility.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2007-06-13 10:01 154392 c:\windows\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler] --a------ 2007-06-05 08:12 71176 c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2007-05-08 16:24 54840 c:\program files\Hp\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] --a------ 2007-05-11 12:21 472632 c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2007-06-13 10:01 138008 c:\windows\System32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-12-13 19:10 1688872 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] --a------ 2006-09-11 03:40 218032 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-12-03 14:21 2213160 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete] --a------ 2007-05-08 07:38 331552 c:\program files\PDF Complete\pdfsty.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2007-06-13 10:01 133912 c:\windows\System32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR] --a------ 2007-01-09 14:52 145184 c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] --a------ 2007-06-11 07:55 163840 c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2007-02-21 14:14 1183744 c:\program files\Analog Devices\Core\smax4pnp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2007-06-07 19:14 833072 c:\program files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage] --a------ 2007-01-10 15:12 317128 c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-01-15 23:54 37376 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center] --a------ 2007-05-31 09:21 648072 c:\windows\WindowsMobile\wmdc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2008-01-19 08:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] “UacDisableNotify”=dword:00000001 “InternetSettingsDisableNotify”=dword:00000001 “AutoUpdateDisableNotify”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] “DisableMonitoring”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] “DisableMonitoring”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] “DisableMonitoring”=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] “DisableMonitoring”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] “EnableFirewall”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] “TCP Query User{EF272EE0-AB1F-4E32-80A3-2EEB1E529F87}c:\program files\tlen.pl\tlen.exe”= UDP:c:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl “UDP Query User{743B1531-A0F4-41D0-8F68-ECFD951DD9A8}c:\program files\tlen.pl\tlen.exe”= TCP:c:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl “TCP Query User{08065CD9-84E9-4CAE-BC7F-6455D65397E7}c:\program files\tlen.pl\tlen.exe”= UDP:c:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl “UDP Query User{DF8D8A58-2F04-453D-9C48-284F1465BC4E}c:\program files\tlen.pl\tlen.exe”= TCP:c:\program files\tlen.pl\tlen.exe:Komunikator Tlen.pl “TCP Query User{DE03DC8A-4A21-47FA-8F88-62DE80B8B3D9}c:\program files\ipla\ipla.exe”= UDP:c:\program files\ipla\ipla.exe:ipla “UDP Query User{6CE3F1A9-FB74-43ED-AD75-05EAEB5B59E4}c:\program files\ipla\ipla.exe”= TCP:c:\program files\ipla\ipla.exe:ipla “TCP Query User{1796B177-3A33-4DAE-805F-66F75BA3A9AF}c:\program files\ipla\ipla.exe”= UDP:c:\program files\ipla\ipla.exe:ipla “UDP Query User{DEDDCB27-3396-45BD-AD3F-CBBD674F93D3}c:\program files\ipla\ipla.exe”= TCP:c:\program files\ipla\ipla.exe:ipla “TCP Query User{CED9EA87-E6E0-4FCF-B028-51ACE637A642}c:\program files\nonoh.net \nonoh\nonoh.exe”= UDP:c:\program files\nonoh.net \nonoh\nonoh.exe:Client to make VoIP calls. “UDP Query User{D2DAFD3C-A70D-4E16-AF73-90BA3C5AE45B}c:\program files\nonoh.net \nonoh\nonoh.exe”= TCP:c:\program files\nonoh.net \nonoh\nonoh.exe:Client to make VoIP calls. “TCP Query User{8C3DDDE1-D598-44EE-BB80-3B4E5B805562}c:\users\rafal\program files\utorrent\utorrent.exe”= UDP:c:\users\rafal\program files\utorrent\utorrent.exe:utorrent.exe “UDP Query User{C5C89DD4-B79C-4BBD-9EFC-C4B314311385}c:\users\rafal\program files\utorrent\utorrent.exe”= TCP:c:\users\rafal\program files\utorrent\utorrent.exe:utorrent.exe “{7219664A-117A-473A-91B9-33B907D74DE4}”= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger “{D2F8C88E-8031-4D15-A6B6-2977D6B54152}”= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger “{5257AB1E-1ED7-40B3-B718-4DCF33A83999}”= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server “{F19B8C8B-E8CE-47AD-85DE-C6B4F52D3302}”= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server “{C53ADD41-EEF4-4F51-9FAC-8027EFD93EA2}”= UDP:c:\users\Rafal\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) “{E80A51F0-9492-4805-9DE7-09F5724A4162}”= TCP:c:\users\Rafal\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) “{6644C503-BBDF-4CE6-969D-75B3BC07F42F}”= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor “{57FFCD50-CD85-436C-A4CE-41C8409A7CAD}”= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor “{CB678BF3-BC73-40B7-9CB8-DD3550E8ED5C}”= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager “{208B8960-430D-42DC-8EC3-9719E2BFFE5E}”= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager “{E43B9E02-2AAB-41FD-8FDD-32F525BE7F65}”= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server “{AC78DD64-79D7-4754-BBD2-51384DF53EAB}”= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server “{0BE646D6-C15E-4982-92F6-BE9653C8516B}”= UDP:c:\program files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit “{7E837D79-5D73-4666-A749-910CEA51B11B}”= TCP:c:\program files\Autodesk\3ds Max 2008\3dsmax.exe:Autodesk 3ds Max 2008 32-bit [HKLM~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] “EnableFirewall”= 0 (0x0) [HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] “EnableFirewall”= 0 (0x0) R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496] R2 AEADIFilters;Andrea ADI Filters Service;c:\windows\system32\AEADISRV.EXE [2007-02-06 69632] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936] S3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2007-07-27 30008] S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-06-08 172131] S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);c:\windows\system32\DRIVERS\zd1211Bu.sys [2008-11-09 402432] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;“c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE” [2008-07-11 47128] S4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [2007-07-27 540448] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);“c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE” -i SQLEXPRESS [2008-07-11 369688] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \shell\AutoRun\command - G:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{91d0ea3c-9b6b-11dd-b703-001a4b827525}] \shell\AutoRun\command - I:\autorun.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b9799f24-ceb5-11dc-b3f4-001e3761bac1}] \shell\AutoRun\command - G:\INSTALL.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{fa34cecf-9c2e-11dd-90e0-001a4b827525}] \shell\AutoRun\command - I:\Menu.exe *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}] “c:\program files\Common Files\LightScribe\LSRunOnce.exe” . - - - - USUNIĘTO PUSTE WPISY - - - - MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\uniblue\registrybooster\StartRegistryBooster.exe . ------- Skan uzupełniający ------- . FireFox -: Profile - c:\users\Rafal\AppData\Roaming\Mozilla\Firefox\Profiles\10hwesrw.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll FF -: plugin - c:\windows\Microsoft.NET \Framework\v3.5\Windows Presentation Foundation\NPWPF.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-18 14:35:38 Windows 6.0.6001 Service Pack 1 NTFS skanowanie ukrytych procesów … skanowanie ukrytych wpisów autostartu … skanowanie ukrytych plików … skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2008-11-18 14:38:22 ComboFix-quarantined-files.txt 2008-11-18 13:38:17 Przed: 54,767,996,928 bajtów wolnych Po: 54,720,753,664 bajtów wolnych 264 — E O F — 2008-09-06 15:19:04
Leon1
(Leon$)
18 Listopad 2008 14:51
#2
Logi wyglądają na czyste
Pobierz CCleaner http://www.filehippo.com/download_ccleaner/
przeskanuj nim i wyczyść rejestr.
zrób optymalizacje uruchamiania
http://cybertrash.netarteria.pl/cyber/i … 378.0.html
usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.
Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl
przeskanuj Dr.WEB CureIt! http://dobreprogramy.pl/index.php?dz=2& … It!+4.44.5
przy jakich procesach jest ten pobór ja myślę że spowodowane to jest uruchamianiem się Kasperskiego pewnie skanuje obszary krytyczne podczas uruchamiania