x-kom hosting

prośba o interpretację logów (kobieta Ładnie prosi)

markizzella
utworzono
utworzono (edytowane)

Witam Fachowców!!!

NIE mam zupełnie pojęcia co tak naprawdę robiłam tymi dwoma programami, wiedza moja opiera się tylko na tym co przeczytałam w sieci. Stąd moja ogromna prośba o opinię czy z tymi Logami jest wszystko ok!? Oczywiście prośba związana jest ze spowolnionym działaniem systemu oraz ogólnie problemami z netem.

Podam parametry kompa Procesor: Intel Core2 Duo 1.83GHz, 2GB Ram, Windows Vista 32-bit. Poza tym żadnych udziwnień.

Wiem, że czeka mnie defragmentacja ale to na noc wrzucę.

Skanowanie Kasperskim (KIS 2007) nie wykryło żadnego problemu.

Następnie uruchomiłam ComboFix (na czas skanowania Combofixem wyłączyłam Kaspeskiego) i oto log:

ComboFix 09-05-18.04 - Anna 2009-05-19 10:31.1 - NTFSx86Microsoft? Windows Vista? Business   6.0.6001.1.1250.48.1033.18.2038.881 [GMT 2:00]Uruchomiony z: c:\users\Anna\Downloads\ComboFix.exeAV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\myglobalsearchc:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JARc:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFESTc:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JARc:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFESTc:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL.(((((((((((((((((((((((((   Pliki utworzone od 2009-04-19 do 2009-05-19  ))))))))))))))))))))))))))))))).2009-05-19 07:43 . 2009-05-19 07:43	 --------		d-----w c:\program files\Trend Micro2009-05-14 07:46 . 2009-05-14 07:47	 --------		d-----w c:\users\Anna\AppData\Roaming\Media Player Classic2009-05-14 07:22 . 2009-05-14 07:22	 --------		d-----w c:\program files\NAPI-PROJEKT2009-05-14 07:22 . 2009-05-14 07:22	 --------		d-----w c:\program files\ALLPlayer2009-05-13 20:27 . 2009-05-13 20:27	 --------		d--h--r c:\users\Anna\AppData\Roaming\SecuROM2009-05-07 20:49 . 2009-05-10 08:57	 --------		d-----w c:\users\Anna\dwhelper2009-05-07 07:51 . 2009-05-07 07:51	 --------		d-----w c:\programdata\AOL Downloads2009-05-07 07:51 . 2009-05-07 07:51	 --------		d-----w c:\users\All Users\AOL Downloads2009-04-20 06:52 . 2009-04-20 06:58	 --------		d-----w c:\program files\IPSPI.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-19 08:32 . 2008-06-28 05:58	 22283552		--sha-w c:\windows\system32\drivers\fidbox.dat2009-05-19 07:51 . 2008-02-22 18:15	 --------		d-----w c:\program files\Google2009-05-19 07:50 . 2008-06-28 05:58	 299936  --sha-w c:\windows\system32\drivers\fidbox.idx2009-05-19 07:49 . 2008-12-20 08:50	 --------		d-----w c:\program files\Mozilla Thunderbird2009-05-14 12:47 . 2008-06-29 03:41	 --------		d-----w c:\program files\CCleaner2009-05-14 12:45 . 2009-04-15 09:14	 --------		d-----w c:\program files\Alawar2009-05-14 07:44 . 2009-05-14 07:41	 --------		d-----w c:\program files\K-Lite Codec Pack2009-04-20 06:50 . 2008-02-22 18:41	 --------		d-----w c:\program files\Java2009-04-16 08:56 . 2008-12-21 12:49	 680	 ----a-w c:\users\Anna\AppData\Local\d3d9caps.dat2009-04-14 08:20 . 2008-12-19 22:04	 158908  ----a-w c:\windows\hpoins19.dat2009-04-02 13:21 . 2009-05-14 07:41	 84480   ----a-w c:\windows\system32\ff_vfw.dll2009-03-28 07:12 . 2009-03-28 07:12	 --------		d-----w c:\program files\Nowe Gadu-Gadu2009-03-18 12:11 . 2008-06-21 05:35	 116968  ----a-w c:\users\Anna\AppData\Local\GDIPFONTCACHEV1.DAT2009-03-17 03:38 . 2009-04-16 21:43	 13824   ----a-w c:\windows\system32\apilogen.dll2009-03-17 03:38 . 2009-04-16 21:43	 24064   ----a-w c:\windows\system32\amxread.dll2009-03-09 03:19 . 2008-12-07 18:51	 410984  ----a-w c:\windows\system32\deploytk.dll2009-03-03 04:46 . 2009-04-16 21:44	 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe2009-03-03 04:46 . 2009-04-16 21:44	 3547632 ----a-w c:\windows\system32\ntoskrnl.exe2009-03-03 04:40 . 2009-04-16 21:43	 827392  ----a-w c:\windows\system32\wininet.dll2009-03-03 04:39 . 2009-04-16 21:43	 183296  ----a-w c:\windows\system32\sdohlp.dll2009-03-03 04:39 . 2009-04-16 21:44	 551424  ----a-w c:\windows\system32\rpcss.dll2009-03-03 04:39 . 2009-04-16 21:43	 26112   ----a-w c:\windows\system32\printfilterpipelineprxy.dll2009-03-03 04:37 . 2009-04-16 21:43	 78336   ----a-w c:\windows\system32\ieencode.dll2009-03-03 04:37 . 2009-04-16 21:43	 98304   ----a-w c:\windows\system32\iasrecst.dll2009-03-03 04:37 . 2009-04-16 21:43	 44032   ----a-w c:\windows\system32\iasdatastore.dll2009-03-03 04:37 . 2009-04-16 21:43	 54784   ----a-w c:\windows\system32\iasads.dll2009-03-03 03:04 . 2009-04-16 21:44	 666624  ----a-w c:\windows\system32\printfilterpipelinesvc.exe2009-03-03 02:38 . 2009-04-16 21:43	 17408   ----a-w c:\windows\system32\iashost.exe2009-03-03 02:28 . 2009-04-16 21:43	 26624   ----a-w c:\windows\system32\ieUnatt.exe2008-01-21 02:43 . 2006-11-02 12:50	 174	 --sha-w c:\program files\desktop.ini2008-06-21 05:34 . 2008-06-21 05:34	 13	  --sh--r c:\windows\System32\drivers\fbd.sys2008-06-21 05:34 . 2008-06-21 05:34	 4	   --sh--r c:\windows\System32\drivers\taishop.sys.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]2008-07-25 14:41		118784  ----a-w c:\program files\TrueSuite Access Manager\IconOvrly.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RunSpySweeperScheduleAtStartup"="c:\windows\system32\msfeedssync.exe" [2008-01-21 12800]"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-25 141848]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-25 154136]"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-25 129560]"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-26 413696]"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-09-28 704512]"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2008-07-25 94208]"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2008-09-03 3152384]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-30 1029416]"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-18 431456]"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]"PCMAgent"="c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]"CLMLServer"="c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-02-14 184320]"PC Suite for Smartphones"="c:\program files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-11-08 528384]"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]"NDSTray.exe"="NDSTray.exe" [bU]c:\users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Monitor.lnk - c:\program files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2008-11-25 92280]HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0)"DisableCAD"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll c:\progra~1\KASPER~1\KASPER~1.0\adialhk.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]"AntiVirusOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"{5A9359C8-18E4-4538-89EA-FDADDECA9B63}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe:CyberLink PowerCinema"{80EC21A3-6916-4CB4-B6E0-86D4AC8C0A99}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\PCMService.exe:CyberLink PowerCinema Resident Program"{438D7BC9-29DF-4BCE-ADB8-74A7746C4868}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine"{87D13045-273E-48C6-B73F-1D9FC02BC755}"= c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMS\CLMSService.exe:CyberLink Media Server"{2F25F0A8-3BF4-49F4-B982-F5ED7FA55A0E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook"{BC8C6805-724D-4392-BC30-4AEBFC04E815}"= c:\program files\Skype\Phone\Skype.exe:Skype"TCP Query User{3E1DAD6C-D022-4E9F-9067-9DB0AAB47DDF}c:\\program files\\bearshare\\bearshare.exe"= UDP:c:\program files\bearshare\bearshare.exe:BearShare"UDP Query User{C7CB1DCB-38A7-411C-9E5D-A48A2A67EA59}c:\\program files\\bearshare\\bearshare.exe"= TCP:c:\program files\bearshare\bearshare.exe:BearShare"{83DC371A-CF6F-472D-9ED3-164E24942E62}"= UDP:d:\modem_speedtouch_330\SpeedTouch330_for_Vista\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard"{EB9A0BE2-260F-419D-8F3D-B47B8C381099}"= TCP:d:\modem_speedtouch_330\SpeedTouch330_for_Vista\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard"{5A775A82-3288-4CBE-A1FA-2CE0B1C13025}"= UDP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service"{CA83D347-464C-4598-A9FF-81A866E7202A}"= TCP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service"{02046089-CA51-4598-B00D-5CA50771E272}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{EBB8DB77-FE4D-4DAC-824F-8792E5D7E7EE}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{6E922260-452D-43C9-AFFF-AD76C6B2D8C7}"= UDP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1"{F6734509-525F-4137-9B42-43EB3C83F932}"= TCP:c:\program files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]"DoNotAllowExceptions"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades PingerR0 AlfaFF;AlfaFF mini-filter driver;c:\windows\System32\drivers\AlfaFF.sys [2008-05-10 42608]R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2007-04-04 20760]R2 Authentec memory manager;Authentec memory manager service;c:\windows\System32\TAMSvr.exe [2008-05-10 49152]R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [2007-12-25 40960]R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\System32\drivers\CHDART.sys [2008-02-01 187904]R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [2008-01-15 48472]R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [2007-04-10 8192]S3 ST330;ST330;c:\windows\System32\drivers\st330.sys [2008-07-28 30464]S3 STBUS;STBUS;c:\windows\System32\drivers\stbus.sys [2008-07-28 12672]S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\System32\drivers\stppp.sys [2008-07-28 32000][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalServiceNoNetwork   REG_MULTI_SZ	PLA DPS BFE mpssvcHPZ12   REG_MULTI_SZ	Pml Driver HPZ12 Net Driver HPZ12hpdevmgmt	   REG_MULTI_SZ	hpqcxs08 hpqddsvc.Zawartość folderu 'Zaplanowane zadania'2009-05-19 c:\windows\Tasks\User_Feed_Synchronization-{C2722616-A90A-4A54-9F27-6A3B596C62A9}.job- c:\windows\system32\msfeedssync.exe [2008-01-21 02:25].- - - - USUNIĘTO PUSTE WPISY - - - -HKCU-Run-TOSCDSPD - TOSCDSPD.EXE.------- Skan uzupełniający -------.uStart Page = about:blankIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000FF - ProfilePath - c:\users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\r7s0d058.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dllFF - plugin: c:\program files\Google\Picasa3\npPicasa3.dllFF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dllFF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll.**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-19 10:38Windows 6.0.6001 Service Pack 1 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1969100454-2431007854-986030810-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:c7,d9,79,57,f8,b3,3d,af,f5,f7,2c,70,f9,30,8a,75,3f,a0,bf,a0,cc,95,c1,   3a,07,9f,27,e6,20,ff,5b,4c,8d,1e,c4,c0,09,32,48,d4,24,bb,bf,ea,5b,71,b8,de,\"??"=hex:de,a3,c6,b7,ca,0e,36,93,f2,a4,8e,7c,a2,8c,2c,e8[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\[u]0[/u]001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(856)c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dll- - - - - - - > 'lsass.exe'(736)c:\progra~1\KASPER~1\KASPER~1.0\r3hook.dllc:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll.Czas ukończenia: 2009-05-19 10:41ComboFix-quarantined-files.txt  2009-05-19 08:41Przed: 186 839 793 664 bytes freePo: 186 727 661 568 bytes freeCurrent=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6,27217	 --- E O F ---   2009-05-19 05:50

Po tym jeszcze raz zrobiłam skan HijackThis:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 09:43:58, on 2009-05-19Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18226)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\Camera Assistant Software for Toshiba\traybar.exeC:\Program Files\TrueSuite Access Manager\FpNotifier.exeC:\Program Files\TrueSuite Access Manager\usbnotify.exeC:\Program Files\TrueSuite Access Manager\PwdBank.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files\Toshiba\ConfigFree\NDSTray.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Toshiba\Power Saver\TPwrMain.exeC:\Program Files\Toshiba\SmoothView\SmoothView.exeC:\Program Files\Toshiba\FlashCards\TCrdMain.exeC:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exeC:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exeC:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exeC:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\TrueSuite Access Manager\CssSvr.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Toshiba\ConfigFree\CFSwMgr.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\CCleaner\CCleaner.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\SearchFilterHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstartR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstartR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://eproxy.pl.ingnnlife.intranet/config/oddzial.jsR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /startO4 - HKLM\..\Run: [FingerPrintNotifer] "C:\Program Files\TrueSuite Access Manager\FpNotifier.exe"O4 - HKLM\..\Run: [usbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe"O4 - HKLM\..\Run: [PwdBank] "C:\Program Files\TrueSuite Access Manager\PwdBank.exe"O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"O4 - HKLM\..\Run: [HSON] "C:\Program Files\TOSHIBA\TBS\HSON.exe"O4 - HKLM\..\Run: [smoothView] "C:\Program Files\Toshiba\SmoothView\SmoothView.exe"O4 - HKLM\..\Run: [00TCrdMain] "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXEO4 - HKCU\..\Run: [RunSpySweeperScheduleAtStartup] "C:\Windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{C2722616-A90A-4A54-9F27-6A3B596C62A9}O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXEO4 - Global Startup: Bluetooth Monitor.lnk = ?O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dllO23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\Windows\system32\TAMSvr.exeO23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exeO23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exeO23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exeO23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exeO23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exeO23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe--End of file - 10207 bytes

Bardzo Was Proszę o Pomoc!

Dzięki icon_oczko.GIF

Gość
komentarz
komentarz

Takie problemy nie koniecznie oznaczają wirusa. Przeskanuj pc programem EASY CLEANER

Gość
komentarz
komentarz

Wstaw do logów ukośniki \. ;)

.

fake91
komentarz
komentarz

moim zdaniem log z hijacka jest czysty

Wstaw do logów ukośniki \. ;)

.

jak zapiszesz plik to masz go z ukośnikami // No niestety, nie da się, nic się nie dodaje. ;) // djdresik

markizzella
komentarz
komentarz

Logi są poprawione, już z ukośnikami. Może teraz będzie coś lepiej widać.

Jak można przyspieszyć jeszcze działanie komputera, największy problem jest przy starcie, strasznie długo się ładuje. No i czasem jak kliknę dwukrotnie na daną ikonkę to też czekam i czekam.....

ra-v
komentarz
komentarz

No jeśli przy starcie to kłania się Msconfig ;) . Na pewno masz tam dużo zbędnych programów

Gość
komentarz
komentarz

Logi są czyste.

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /startO4 - HKLM\..\Run: [FingerPrintNotifer] "C:\Program Files\TrueSuite Access Manager\FpNotifier.exe"O4 - HKLM\..\Run: [usbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe"O4 - HKLM\..\Run: [PwdBank] "C:\Program Files\TrueSuite Access Manager\PwdBank.exe"O4 - HKLM\..\Run: [synTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [TPwrMain] "C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE"O4 - HKLM\..\Run: [HSON] "C:\Program Files\TOSHIBA\TBS\HSON.exe"O4 - HKLM\..\Run: [smoothView] "C:\Program Files\Toshiba\SmoothView\SmoothView.exe"O4 - HKLM\..\Run: [00TCrdMain] "C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program Files\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXEO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

Te w/w wpisy sfiksuj w Hijacku:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked.

.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.