Wolny komputer

pioter4583 · 10 Listopad 2007 17:28

strasznie wolna praca komputera, strony internetowe otwieraja sie po kilu minutach przy wylanczaniu komputera wyskakuje mi informacja ze zamyka sie iexplore.exe juz raz to wyczyscilem ale sie znowu pojawilo czy jest jakis program ktory potrafi blokowac te dziadostwo ja mam nod 32 znalazl mi wczesnej trojana TROJAN WIN .32 OBFUSCATED .EN??? NIE WIEM CO TO JESTwysylam log

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18.19.13, on 10/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Wireless Desktop\LgWDskTp.exe C:\Programmi\Sony\HotKey Utility\HKserv.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Programmi\drag’n drop cd+dvd\BinFiles\DragDrop.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Programmi\ScanSoft\OmniPageSE\opware32.exe C:\Programmi\Winamp\winampa.exe C:\Programmi\DAEMON Tools\daemon.exe C:\WINDOWS\vsnpstd.exe C:\PROGRA~1\sony\SONICS~1\SsAAD.exe C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe C:\Programmi\Common Files\Onet.pl\AutoUpdate.exe C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\Eset\nod32kui.exe C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programmi\Sony\HotKey Utility\HKWnd.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\Sony\usbsircs\USBsircs.exe C:\Programmi\Sony\giga pocket\ReserveModule.exe C:\Programmi\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Programmi\a-squared Free\a2service.exe C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe C:\Programmi\sony\giga pocket\shwserv.exe C:\Programmi\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe C:\Programmi\sony\giga pocket\gps.exe C:\Programmi\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Sony\vaio media music server\SSSvr.exe C:\Programmi\sony\photo server\appsrv\PhotoAppSrv.exe C:\Programmi\Sony\giga pocket\GPVSvr.exe C:\Programmi\File comuni\sony shared\vaio media platform\SV_Httpd.exe C:\Programmi\File comuni\sony shared\vaio media platform\UPnPFramework.exe C:\Programmi\File comuni\sony shared\vaio media platform\SV_Httpd.exe C:\Programmi\File comuni\sony shared\vaio media platform\UPnPFramework.exe C:\Programmi\File comuni\Sony Shared\vaio media platform\sv_httpd.exe C:\Programmi\File comuni\Sony Shared\vaio media platform\UPnPFramework.exe C:\WINDOWS\system32\ntvdm.exe C:\Programmi\PC Connectivity Solution\ServiceLayer.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\Sony\giga pocket\RM_SV.exe C:\Programmi\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\pioter\Documenti\anti mortacci loro\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Encarta Web Companion Oggetto helper - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll O4 - HKLM…\Run: [LgWDskTp] C:\Programmi\Wireless Desktop\LgWDskTp.exe O4 - HKLM…\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM…\Run: [HKSERV.EXE] C:\Programmi\Sony\HotKey Utility\HKserv.exe O4 - HKLM…\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Programmi\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [Drag’n Drop CD+DVD] C:\Programmi\drag’n drop cd+dvd\BinFiles\DragDrop.exe /StartUp O4 - HKLM…\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,BluetoothAuthenticationAgent O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” O4 - HKLM…\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM…\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe O4 - HKLM…\Run: [DAEMON Tools] “C:\Programmi\DAEMON Tools\daemon.exe” -lang 1033 O4 - HKLM…\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [ssAAD.exe] C:\PROGRA~1\sony\SONICS~1\SsAAD.exe O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe” O4 - HKLM…\Run: [siS KHooker] C:\WINDOWS\system32\khooker.exe O4 - HKLM…\Run: [Onet.pl AutoUpdate] “C:\Programmi\Common Files\Onet.pl\AutoUpdate.exe” /tsr O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM…\Run: [iTunesHelper] “C:\Programmi\iTunes\iTunesHelper.exe” O4 - HKLM…\Run: [nod32kui] “C:\Programmi\Eset\nod32kui.exe” /WAITSERVICE O4 - HKLM…\Run: [bend logo clock film] C:\Documents and Settings\All Users\Dati applicazioni\Frag great bend logo\atom support.exe O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe” O4 - HKCU…\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - HKCU…\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU…\Run: [bitTorrent] “C:\Programmi\BitTorrent\bittorrent.exe” --force_start_minimized O4 - HKCU…\Run: [4 UPLOAD] C:\DOCUME~1\pioter\DATIAP~1\INSIDE~1\16 third help.exe O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVIZIO LOCALE’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SERVIZIO DI RETE’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS\S-1-5-18…\RunOnce: [iETI] C:\Programmi\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - HKUS.DEFAULT…\RunOnce: [iETI] C:\Programmi\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User ‘Default user’) O4 - Startup: Utilita controllo supporti di Cyber-shot Viewer.lnk O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Remocon Driver.lnk = C:\Programmi\Sony\usbsircs\USBsircs.exe O4 - Global Startup: Timer Recording Manager.lnk = C:\Programmi\Sony\giga pocket\ReserveModule.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/ O15 - Trusted Zone: *.rossoalice.it O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O15 - Trusted Zone: *.rossoalice.virgilio.it O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms … b31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms … b56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi … b31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://piccolajessa.spaces.live.com//Ph … nPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U … E_UNO1.cab O16 - DPF: {631FF594-EC25-4CFF-B869-402DF294E1D6} (Instalator oprogramowania Onet.pl) - http://slimak.onet.pl/_m/kamerzysta/One … or012s.ocx O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://84.40.149.238:8080//activex/AMC.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://piccolajessa.spaces.live.com/Pho … nPUpld.cab O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - http://www.nanoscan.com/cabs/nanoinst.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me … b31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe … loader.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me … b56907.cab O17 - HKLM\System\CCS\Services\Tcpip…{F5D3BE5D-5BAA-4382-A328-C13B07C38816}: NameServer = 85.37.17.16 85.38.28.68 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Programmi\sony\giga pocket\shwserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Programmi\Sony\giga pocket\halsv.exe O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Programmi\Sony\giga pocket\RM_SV.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Programmi\Sony\vaio media music server\SSSvr.exe O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\vaio media platform\sv_httpd.exe O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Programmi\sony\photo server\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Programmi\File comuni\sony shared\vaio media platform\SV_Httpd.exe O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Programmi\File comuni\sony shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Programmi\Sony\giga pocket\GPVSvr.exe O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Programmi\File comuni\sony shared\vaio media platform\SV_Httpd.exe O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Programmi\File comuni\sony shared\vaio media platform\UPnPFramework.exe – End of file - 15267 bytes

Gutek · 11 Listopad 2007 00:11

Użyj narzędzia NoLop

Daj log z ComboFix