mmkk22 utworzono 11 stycznia 2009 utworzono 11 stycznia 2009 Witam . mam problem z laptopem Sony Vaio VGN-FW11E , a dokładnie z systemem Windows Vista SP1 . Włącza i wyłącza się po 3 min (na początku śmigał) nie działają różne aplikacje np. internet w Orange Free, W kaspersky internet security pokazuje że jest jakiś trojan , jakieś luki ale .wklejam log z hijack this , może tam coś jest ukryte , a sam się na tym nie znam więc proszę o pomoc. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:25:00, on 2009-01-10Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\Explorer.EXEC:\Windows\system32\Dwm.exeC:\Program Files\Sony\VAIO Power Management\SPMgr.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exeC:\Program Files\CardDetector\HUAWEI170\CardDetector.exeC:\Program Files\Sony\Network Utility\LANUtil.exeC:\Program Files\OrangeBS\BEWInternet-PL-IEW\Launcher\Launcher.exeC:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exeC:\Program Files\OrangeBS\BEWInternet-PL-IEW\systray\systrayapp.exeC:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\connectivitymanager.exeC:\Program Files\OrangeBS\BEWInternet-PL-IEW\PhoneTools\TextMessaging.exeC:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exeC:\Program Files\OrangeBS\BEWInternet-PL-IEW\connectivity\CoreCom\OraConfigRecover.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [iSBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"O4 - HKLM\..\Run: [CardDetectorHUAWEI170] C:\Program Files\CardDetector\HUAWEI170\CardDetector.exeO4 - HKLM\..\Run: [bEWINTERNET-PL-IEWSessionManager] C:\Program Files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exeO4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dllO9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dllO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO10 - Broken Internet access because of LSP chain gap (#1 in chain of 39 missing)O13 - Gopher Prefix: O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dllO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exeO23 - Service: Intel? PROSet/Wireless Event Log (EvtEng) - Intel? Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exeO23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeO23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exeO23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exeO23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exeO23 - Service: Intel? PROSet/Wireless Registry Service (RegSrvc) - Intel? Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeO23 - Service: RtkHDMIService - Realtek Semiconductor - C:\Windows\RtkAudioService.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exeO23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exeO23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exeO23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exeO23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exeO23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exeO23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeO23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeO23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exeO23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe--End of file - 10344 bytes Dodaję jeszcze log z combo fix. Proszę o pomoc w analizie . ComboFix 09-01-10.03 - Tomek 2009-01-11 14:08:51.1 - NTFSx86Microsoft? Windows Vista? Home Premium 6.0.6001.1.1250.1.1045.18.3069.1765 [GMT 1:00]Uruchomiony z: H:\ComboFix.exe * Utworzono nowy punkt przywracania.((((((((((((((((((((((((( Pliki utworzone od 2008-12-11 do 2009-01-11 ))))))))))))))))))))))))))))))).2009-01-11 11:06 . 2009-01-11 13:51 <DIR> d-------- c:\users\Tomek\DoctorWeb2009-01-10 21:01 . 2009-01-10 21:01 <DIR> d-------- c:\program files\Common Files\France Telecom2009-01-10 20:57 . 2009-01-10 20:57 <DIR> d-------- c:\program files\CardDetector2009-01-10 10:41 . 2009-01-10 10:41 <DIR> d-------- c:\users\Tomek\AppData\Roaming\Malwarebytes2009-01-10 10:40 . 2009-01-10 10:40 <DIR> d-------- c:\users\All Users\Malwarebytes2009-01-10 10:40 . 2009-01-10 10:40 <DIR> d-------- c:\programdata\Malwarebytes2009-01-10 10:40 . 2009-01-10 10:41 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware2009-01-10 10:40 . 2009-01-04 18:38 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys2009-01-10 10:40 . 2009-01-04 18:38 15,504 --a------ c:\windows\System32\drivers\mbam.sys2009-01-10 10:00 . 2009-01-10 10:00 <DIR> d-------- c:\users\All Users\SecTaskMan2009-01-10 10:00 . 2009-01-10 10:00 <DIR> d-------- c:\programdata\SecTaskMan2009-01-10 10:00 . 2009-01-10 10:00 <DIR> d-------- c:\program files\Security Task Manager2009-01-10 09:34 . 2009-01-10 09:35 <DIR> d-------- c:\users\Tomek\AppData\Roaming\Simply Super Software2009-01-10 09:34 . 2009-01-10 09:34 <DIR> d-------- c:\users\All Users\Simply Super Software2009-01-10 09:34 . 2009-01-10 09:34 <DIR> d-------- c:\programdata\Simply Super Software2009-01-10 09:34 . 2006-05-25 15:52 162,304 --a------ c:\windows\System32\ztvunrar36.dll2009-01-10 09:34 . 2003-02-02 20:06 153,088 --a------ c:\windows\System32\unrar3.dll2009-01-10 09:34 . 2005-08-26 01:50 77,312 --a------ c:\windows\System32\ztvunace26.dll2009-01-10 09:34 . 2002-03-06 01:00 75,264 --a------ c:\windows\System32\unacev2.dll2009-01-10 09:34 . 2006-06-19 13:01 69,632 --a------ c:\windows\System32\ztvcabinet.dll2009-01-10 09:26 . 2009-01-10 09:26 <DIR> d-------- c:\program files\Trend Micro2009-01-10 09:25 . 2009-01-10 09:36 <DIR> d-a------ c:\users\All Users\TEMP2009-01-10 09:25 . 2009-01-10 09:36 <DIR> d-a------ c:\programdata\TEMP2009-01-10 09:25 . 2009-01-10 09:25 <DIR> d-------- c:\program files\SpywareBlaster2009-01-09 20:42 . 2009-01-09 20:55 <DIR> d-------- C:\xp2009-01-09 20:25 . 2009-01-09 20:57 <DIR> d-------- c:\program files\nLite2009-01-09 18:02 . 2009-01-09 20:24 <DIR> d-------- c:\program files\Lavalys2009-01-05 20:06 . 2009-01-05 20:06 <DIR> d-------- C:\Programme2009-01-04 20:15 . 2009-01-04 20:15 <DIR> d-------- c:\users\All Users\Apple Computer2009-01-04 20:15 . 2009-01-04 20:15 <DIR> d-------- c:\programdata\Apple Computer2008-12-24 18:30 . 2008-07-15 15:27 446,464 --a------ c:\windows\System32\nvudisp.exe2008-12-24 18:21 . 2008-12-24 18:21 <DIR> d-------- C:\NVIDIA2008-12-24 18:21 . 2008-07-15 15:27 446,464 --a------ c:\windows\System32\NVUNINST.EXE2008-12-21 22:54 . 2008-12-22 00:07 <DIR> d-------- c:\program files\mIRC2008-12-20 13:26 . 2009-01-05 20:05 <DIR> d-------- c:\users\Tomek\AppData\Roaming\mIRC.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-11 11:25 4,680,736 --sha-w c:\windows\system32\drivers\fidbox.dat2009-01-11 11:23 37,648 --sha-w c:\windows\system32\drivers\fidbox.idx2009-01-11 11:01 786,464 --sha-w c:\windows\system32\drivers\fidbox2.dat2009-01-11 11:01 3,768 --sha-w c:\windows\system32\drivers\fidbox2.idx2009-01-11 10:00 --------- d-----w c:\programdata\Kaspersky Lab2009-01-10 20:02 --------- d-----w c:\program files\OrangeBS2009-01-09 20:37 --------- d-----w c:\users\Tomek\AppData\Roaming\OpenOffice.org22009-01-07 16:41 --------- d-----w c:\program files\Gry2009-01-04 18:45 --------- d--h--w c:\program files\InstallShield Installation Information2008-12-11 06:30 --------- d-----w c:\program files\Windows Mail2008-12-10 22:40 --------- d-----w c:\programdata\Microsoft Help2008-11-28 12:20 --------- d-----w c:\program files\Microsoft Silverlight2008-11-22 14:39 --------- d-----w c:\program files\SopCast2008-11-20 13:06 --------- d-----w c:\programdata\Sony Corporation2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll2008-10-22 01:22 2,048 ----a-w c:\windows\System32\tzres.dll2008-10-21 05:25 296,960 ----a-w c:\windows\System32\gdi32.dll2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll2008-10-06 10:34 18,797,672 ----a-w c:\users\Tomek\Xbox360_32Eng.exe2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini2004-01-08 09:38 208,896 ----a-w c:\users\Tomek\lame_enc.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-05-30 262144]"Octoshape Streaming Services"="c:\users\Tomek\AppData\Local\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2006-02-13 214648][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]"CardDetectorHUAWEI170"="c:\program files\CardDetector\HUAWEI170\CardDetector.exe" [2007-11-13 278528]"BEWINTERNET-PL-IEWSessionManager"="c:\program files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe" [2008-01-21 107248]"RtHDVCpl"="RtHDVCpl.exe" [2008-04-29 c:\windows\RtHDVCpl.exe]c:\users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-08-22 625952][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableUIADesktopToggle"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]2008-05-13 07:45 98304 c:\windows\System32\VESWinlogon.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL,c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll,c:\progra~1\KASPER~1\KASPER~1\adialhk.dll,c:\progra~1\KASPER~1\KASPER~1\kloehk.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.dvsd"= c:\program files\Common Files\Sony Shared\VideoLib\sonydv.dll[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnkbackup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartupbackupExtension=.CommonStartup[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnkbackup=c:\windows\pss\Adobe Acrobat Synchronizer.lnk.CommonStartupbackupExtension=.CommonStartup[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkbackup=c:\windows\pss\Bluetooth.lnk.CommonStartupbackupExtension=.CommonStartup[HKLM\~\startupfolder\C:^Users^Tomek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]path=c:\users\Tomek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnkbackup=c:\windows\pss\OpenOffice.org 2.4.lnk.StartupbackupExtension=.Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]--a------ 2008-01-11 19:54 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]--a------ 2007-05-08 19:17 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AML]--a------ 2008-03-26 23:48 1093632 c:\program files\Sony\VAIO Launcher\AML.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]--a------ 2008-02-23 01:38 122880 c:\program files\Apoint\Apoint.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BEWINTERNET-PL-IEWSessionManager]--a------ 2008-01-21 08:56 107248 c:\program files\OrangeBS\BEWInternet-PL-IEW\SessionManager\SessionManager.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]--a------ 2008-06-05 15:09 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]--a----t- 2008-09-07 22:17 133104 c:\users\Tomek\AppData\Local\Google\Update\GoogleUpdate.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]--a------ 2008-06-05 15:12 36864 c:\program files\Sony\Marketing Tools\MarketingTools.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]--a------ 2008-01-21 20:17 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]--a------ 2008-01-21 03:25 202240 c:\program files\Windows Media Player\wmpnscfg.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]--a------ 2007-09-26 17:05 734264 c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"{9E21156E-4750-4078-8FCD-AA5C80D94D51}"= Disabled:UDP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server"{426ACE1E-DC5D-4C89-8185-2E6DEF719DC3}"= Disabled:TCP:c:\program files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server"{079D9E18-B1F3-45F3-BA3C-6F3DA931CDA8}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk"{F28D4BEC-B486-4391-8ACA-D03FCA3FAA13}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk"{CE4887FE-29D3-439E-B713-17F5FC3016EF}"= UDP:c:\program files\Gry\Football Manager 2008\fm.exe:Football Manager 2008"{02112676-EF42-441B-9E38-3668A8C83321}"= TCP:c:\program files\Gry\Football Manager 2008\fm.exe:Football Manager 2008"{C0887A3B-4FEA-4DCB-B0F9-F65CD0F3F156}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{D67A759E-3D33-4604-A7C5-217356F415E2}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{1BB35238-EF03-4988-8202-F83A295F090F}"= UDP:c:\program files\MiniRacingOnline\MiniRacingOnLine.exe:MiniRacingOnLine"{E4E4CAA8-651A-474D-B9D7-3BC2F683C5C5}"= TCP:c:\program files\MiniRacingOnline\MiniRacingOnLine.exe:MiniRacingOnLine"{32A97F67-71A9-474F-BE44-84BD42B6694B}"= UDP:c:\program files\Gry\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game"{A5A6EF61-1A55-49A5-8CAF-75FD93021219}"= TCP:c:\program files\Gry\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game"{DF21329B-15CD-4AE6-91E9-832F7405E578}"= UDP:c:\program files\Gry\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher"{F327B399-6E38-4A45-91C3-B6E6974E0AF2}"= TCP:c:\program files\Gry\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher"{891A4A30-3E6C-4361-BF62-1B72435A9A97}"= UDP:c:\program files\Gry\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo"{BAB36740-AB45-46BA-974E-9D261F038218}"= TCP:c:\program files\Gry\Football Manager 2009 Demo\fm.exe:Football Manager 2009 Demo[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]"c:\\Program Files\\OrangeBS\\BEWInternet-PL-IEW\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeBS\BEWInternet-PL-IEW\Connectivity\ConnectivityManager.exe:*:enabled:CSSR0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [2008-01-29 32784]R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [2008-03-26 20496]R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [2008-06-05 17408]R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [2008-03-13 26640]R3 NETw5v32;Intel? Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2008-04-28 3658752]R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [2007-12-17 9344]R4 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-06-05 229376]R4 regi;regi;c:\windows\System32\drivers\regi.sys [2007-04-18 11032]R4 RtkHDMIService;RtkHDMIService;c:\windows\RTKAUDIOSERVICE.EXE [2008-05-16 98304]R4 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2008-06-05 104960]R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-05-16 411488]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2008-05-16 28464]S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2008-10-24 28224]S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-05 333088]S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-05 87328]S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]S4 ELOADER;General Purpose USB Driver (adildr.sys);c:\windows\System32\drivers\adildr.sys [2008-08-08 56088]S4 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-06-05 104288]S4 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-06-05 350048]S4 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-06-05 63328]--- Other Services/Drivers In Memory ---*Deregistered* - DwShield00001991[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bthsvcs REG_MULTI_SZ BthServ[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09014adc-df50-11dd-8b0c-f132c39b2397}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1098ba1d-de5d-11dd-8723-f1bb1244129f}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1098ba20-de5d-11dd-8723-f1bb1244129f}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{136289ad-be07-11dd-a55d-9de67906b224}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{136289b4-be07-11dd-a55d-ae984b6eb15b}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1deddf6f-de6e-11dd-9851-806e6f6e6963}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22f6c2f8-a7f2-11dd-b6d5-806e6f6e6963}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22f6c320-a7f2-11dd-b6d5-f0b4302f0cab}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35d2440a-a1ba-11dd-9742-92ef25324948}]\shell\AutoRun\command - G:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35d2441e-a1ba-11dd-9742-92ef25324948}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40c1d2b7-a1fe-11dd-af59-806e6f6e6963}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70522524-d1a4-11dd-8d39-b864182e5df6}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70522526-d1a4-11dd-8d39-b864182e5df6}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76050b5a-ab53-11dd-a798-806e6f6e6963}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76050b96-ab53-11dd-a798-b05583b0a1c5}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b14573df-cd71-11dd-9c9f-bc0afe079f9c}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b14573e2-cd71-11dd-9c9f-bc0afe079f9c}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de749736-accb-11dd-b8b8-d2cf396477e4}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de749738-accb-11dd-b8b8-d2cf396477e4}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de74973a-accb-11dd-b8b8-8ecb4b084da0}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7129c42-d84d-11dd-a7e4-da2680beb2af}]\shell\AutoRun\command - F:\AutoRunCardDetector.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7129c44-d84d-11dd-a7e4-da2680beb2af}]\shell\AutoRun\command - H:\AutoRunCardDetector.exe.Zawartość folderu 'Zaplanowane zadania'2009-01-04 c:\windows\Tasks\GoogleUpdateTaskUser.job- c:\users\Tomek\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-07 22:17]2009-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4220322734-3574536203-3968056999-1000.job- c:\users\Tomek\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-07 22:17].- - - - USUNIĘTO PUSTE WPISY - - - -MSConfigStartUp-SiteAdvisor - c:\program files\SiteAdvisor\6261\SiteAdv.exe.------- Skan uzupełniający -------.uStart Page = hxxp://www.interia.pl/IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Dodaj do listy blokowanych banerów - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htmIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO16 -: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cabc:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osdFF - ProfilePath - c:\users\Tomek\AppData\Roaming\Mozilla\Firefox\Profiles\cjj9ys09.default\FF - prefs.js: browser.startup.homepage - hxxp://www.interia.plFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\users\Tomek\AppData\Local\Google\Update\1.2.133.33\npGoogleOneClick7.dllFF - plugin: c:\users\Tomek\AppData\Local\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS0810164_SUA_000\npoctoshape.dllFF - plugin: c:\users\Tomek\AppData\Roaming\Mozilla\plugins\npoctoshape.dll.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-11 14:24:53Windows 6.0.6001 Service Pack 1 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1064)c:\progra~1\KASPER~1\KASPER~1\adialhk.dllc:\progra~1\KASPER~1\KASPER~1\kloehk.dll- - - - - - - > 'lsass.exe'(772)c:\progra~1\KASPER~1\KASPER~1\adialhk.dllc:\progra~1\KASPER~1\KASPER~1\kloehk.dll.Czas ukończenia: 2009-01-11 14:27:54ComboFix-quarantined-files.txt 2009-01-11 13:27:50Przed: 127 569 227 776 bajtów wolnychPo: 125,417,148,416 bajtów wolnych303 --- E O F --- 2009-01-06 06:24:15
snip91 komentarz 11 stycznia 2009 komentarz 11 stycznia 2009 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) FIX w HJT. Do notatnika wklej: Windows Registry Editor Version 5.00[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] W notatniku zakładka Plik -> Zapisz jako --> Zmień rozszerzenie na "Wszystkie pliki" -> Zapisz pod nazwą FIX.REG Uruchom utworzony plik FIX.REG i potwierdź dodanie do Rejestru i zrestartuj komputer. Użyj programu SDFix.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.