Zapodaję log z hijacka:
http://www.wklej.eu/index.php?id=f1a841c21a
Problem jest taki.Avast parę razy(tylko i wyłącznie dziś ogłaszał ostrzeżenia o następujących wirusach:\
1.Win32:Malware-Gen
2.Win32:Mal-Ob-AI[Cryp]
Dałem na usuń, ale tak było kilka razy(i zawsze w tej kolejności najpierw 1 potem 2.
Raczej nie ma to związku bezpośredniego z czymś co ściągnąłem z internetu, gdyż pojawiło się to 1 raz od razu po 1 włączeniu kompa w dniu dzisiejszym.
Prośba o analizę logu Hijack-prawdopodobnie coś złośliwego.
Regulamin forum
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
1. Każdy temat powinien odzwierciedlać treść wątku.
2. W przypadku wklejania logów; należy je wykonać od razu przynajmniej z dwóch narzędzi: FRST oraz z GMER
3. Wszelkie logi proszę publikować na przeznaczonych do tego stronach a w poście wklejać tylko link.
4. Nie wskazane jest skracanie logów, należy wkleić cały - od początku, do końca.
5. Nie wskazane jest podczepianie się do tematów innych użytkowników - proszę założyć nowy temat w dziale Bezpieczeństwo, ułatwi to pomoc sprawdzającemu.
6. Osoby nie posiadające odpowiedniej wiedzy, nie powinny sprawdzać logów, ponieważ grozi to poważnym uszkodzeniem systemu lub aplikacji zainstalowanych na komputerze.
7. Należy dokładnie opisać problem, występujące objawy oraz wszelkie podjęte działania.
8. Każdy skrypt jest unikatowy, napisany dla każdego przypadku z osobna, więc nie może być stosowany przez innych.
9. W przypadku zamieszczenia zrzutu ekranu (screenshot'a) proszę korzystać z zewnętrznego serwisu oferującego hosting zdjęć.
6 posty(ów)
• Strona 1 z 1
Prośba o analizę logu Hijack-prawdopodobnie coś złośliwego.
przez strielok » 23 Sty 2010, 00:18
UA: Opera/9.80 (Windows NT 5.1; U; pl) Presto/2.2.15 Version/10.10
- strielok
- Forumowicz
- Posty: 7
- Dołączenie: 15 Sie 2009, 20:29
Re: Prośba o analizę logu Hijack-prawdopodobnie coś złośliwego.
przez mateo8898 » 23 Sty 2010, 00:40
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7
-
mateo8898 - Moderator
- Posty: 15377
- Dołączenie: 15 Maj 2009, 14:55
- Pochwały: 966
Re: Prośba o analizę logu Hijack-prawdopodobnie coś złośliwego.
przez strielok » 23 Sty 2010, 01:44
UA: Opera/9.80 (Windows NT 5.1; U; pl) Presto/2.2.15 Version/10.10
Na razie z OTL:
- Kod: Zaznacz wszystko
OTL Extras logfile created on: 2010-01-23 00:29:50 - Run 1
OTL by OldTimer - Version 3.1.25.4 Folder = C:\Documents and Settings\Właściciel\Moje dokumenty\Syme52
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13,67 Gb Total Space | 0,40 Gb Free Space | 2,95% Space Free | Partition Type: NTFS
Drive D: | 14,32 Gb Total Space | 4,04 Gb Free Space | 28,19% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PCET
Current User Name: Właściciel
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe" = C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- ()
"C:\Program Files\12Voip.com\12Voip\12Voip.exe" = C:\Program Files\12Voip.com\12Voip\12Voip.exe:*:Enabled:12Voip -- (12Voip)
"C:\Program Files\GIGABYTE\@BIOS\gwflash.exe" = C:\Program Files\GIGABYTE\@BIOS\gwflash.exe:*:Enabled:@BIOS Application -- ()
"C:\Program Files\Common Files\Nokia\Tss\Instrument API\bin\root.exe" = C:\Program Files\Common Files\Nokia\Tss\Instrument API\bin\root.exe:*:Enabled:root -- ()
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"D:\Program Files\Gadu-Gadu 10\gg.exe" = D:\Program Files\Gadu-Gadu 10\gg.exe:*:Enabled:Gadu-Gadu 10 -- (GG Network S.A.)
"C:\Program Files\IceChat7\IceChat7.exe" = C:\Program Files\IceChat7\IceChat7.exe:*:Enabled:Internet Relay Chat Client -- (IceChat Networks)
"G:\psi\Psi.exe" = G:\psi\Psi.exe:*:Enabled:Psi -- File not found
"D:\Games\Half-Life\hl.exe" = D:\Games\Half-Life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00718491-55BF-46C6-83EF-4B3B95AC807A}" = SplitCam
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0.0 (r181)
"{059A00AC-1205-423C-91C7-7E6168D804DA}" = MainConcept DTV Decoder Standard
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series" = Canon MP140 series
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{690BE098-6D0D-493D-B079-BD7E8F81A141}" = Opera 10.10
"{7978920A-27A6-43D4-A441-502FDCBA67D4}" = Nokia Service Tool Drivers
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D6B740F-D9A2-45A6-BDC4-0A453D499FE6}" = PC Connectivity Solution
"{9E35B051-C7EE-47CB-BA43-9A7FFD4E61DE}" = OpenOffice.org 3.1
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{B08B44B5-36E1-4104-B4A7-062D96AD7FB5}" = Phoenix Service Software
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.06
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C28688C8-BD4B-4DCD-9F5E-8BE8DAD5EF2F}" = Nokia Firmware RM-170 emea
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"12Voip_is1" = 12Voip
"504244733D18C8F63FF584AEB290E3904E791693" = Pakiet sterowników systemu Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALLPlayer_is1" = ALLPlayer V4.X
"avast!" = avast! Antivirus
"CLVD" = Cyberlink Mpeg2 Video Decoder - 27.03.2008
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"CoreAVC Pro" = CoreAVC Pro (remove only)
"CZATeriaKam" = CZATeriaKam 2.6.01
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DESkey DK2 Uninstall" = DK2 DESkey Drivers v7.14.0.25
"DVB Dream_is1" = DVB Dream version 1.4i
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Pakiet sterowników systemu Windows - Nokia Modem (06/01/2009 4.1)
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Pakiet sterowników systemu Windows - Nokia Modem (06/01/2009 7.01.0.3)
"FLAC" = FLAC 1.2.1b (remove only)
"FLSINST" = FLS-4 Driver Installation
"Gadu-Gadu 10" = Gadu-Gadu 10
"HaaliMkx" = Haali Media Splitter
"HijackThis" = HijackThis 2.0.2
"HyperCam 2" = HyperCam 2
"IceChat_is1" = IceChat 7.63 (Build 20080417)
"ImgBurn" = ImgBurn
"ipla" = ipla 2.0.2
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator 3.0" = Canon MP Navigator 3.0
"Nokia PC Suite" = Nokia PC Suite
"NSS" = NSS (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PeerGuardian_is1" = PeerGuardian 2.0
"Privoxy" = Privoxy (remove only)
"RealAlt_is1" = Real Alternative 2.0.0
"Revo Uninstaller" = Revo Uninstaller 1.83
"save2pc Pro_is1" = save2pc Pro 3.25
"skypeproxy 0.2" = skypeproxy 0.2
"uTorrent" = µTorrent
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WinRAR archiver" = Archiwizator WinRAR
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"WorldUnlock Codes Calculator" = WorldUnlock Codes Calculator
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Antivirus Events ]
Error - 2009-11-05 03:36:29 | Computer Name = PCET | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://suggestqueries.google.com/complete/search?hl=pl&client=youtube&hjson=t&ds=yt&jsonp=window.yt.www.suggest.handleResponse&q=sadga&cp=5
failed, 0000A413.
Error - 2009-11-05 17:06:31 | Computer Name = PCET | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.pl/complete/search?hl=pl&q=rejestracja%20sami%20swoi&cp=21
failed, 0000A413.
Error - 2009-11-06 11:25:36 | Computer Name = PCET | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.google.pl/complete/search?hl=pl&q=oryginalne%20hs&cp=13 failed,
0000A413.
[ Application Events ]
Error - 2009-11-20 16:51:31 | Computer Name = PCET | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca czatkam.exe, wersja 2.6.0.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2009-11-29 15:22:51 | Computer Name = PCET | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca opera.exe, wersja 10.0.1750.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2009-12-07 18:17:44 | Computer Name = PCET | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd skype.exe, wersja 4.1.0.179, moduł powodujący
błąd skype.exe, wersja 4.1.0.179, adres błędu 0x0075b544.
Error - 2009-12-08 17:30:36 | Computer Name = PCET | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca SplitCam.exe, wersja 4.2.2.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2009-12-08 17:30:36 | Computer Name = PCET | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca SplitCam.exe, wersja 4.2.2.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2009-12-15 16:09:28 | Computer Name = PCET | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca gg.exe, wersja 10.0.0.10273, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2009-12-22 10:03:25 | Computer Name = PCET | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd nokiaoviplayer.exe, wersja 2.0.1106.0, moduł
powodujący błąd kernel32.dll, wersja 5.1.2600.3119, adres błędu 0x00012a7b.
Error - 2009-12-15 07:22:45 | Computer Name = PCET | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca hl.exe, wersja 1.1.1.1, moduł zawieszenia hungapp,
wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2010-01-06 14:34:45 | Computer Name = PCET | Source = Application Hang | ID = 1002
Description = Aplikacja zawieszająca czatkam.exe, wersja 2.6.0.0, moduł zawieszenia
hungapp, wersja 0.0.0.0, adres zawieszenia 0x00000000.
Error - 2010-01-07 13:51:13 | Computer Name = PCET | Source = MsiInstaller | ID = 11605
Description = Product: NVIDIA Control Panel -- Disk full: Out of disk space -- Volume:
C:; required space: 124 192 KB; available space: 89 888 KB. If rollback is disabled,
enough space is available. Click Cancel to quit, Retry to check available disk
space again, or Ignore to continue without rollback.
[ System Events ]
Error - 2010-01-21 16:02:24 | Computer Name = PCET | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą ServiceLayer.
Error - 2010-01-21 16:02:24 | Computer Name = PCET | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi ServiceLayer z powodu następującego błędu:
%%1053
Error - 2010-01-22 09:19:48 | Computer Name = PCET | Source = Service Control Manager | ID = 7011
Description = Limit czasu (30000 milisekund) podczas oczekiwania na odpowiedź transakcji
z usługi nvsvc.
Error - 2010-01-22 09:19:48 | Computer Name = PCET | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą Usługa COM nagrywania dysków CD IMAPI.
Error - 2010-01-22 09:19:48 | Computer Name = PCET | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa COM nagrywania dysków CD IMAPI z
powodu następującego błędu: %%1053
Error - 2010-01-22 09:20:29 | Computer Name = PCET | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą Usługa bramy warstwy aplikacji.
Error - 2010-01-22 09:20:31 | Computer Name = PCET | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi Usługa bramy warstwy aplikacji z powodu
następującego błędu: %%1053
Error - 2010-01-22 13:47:01 | Computer Name = PCET | Source = DCOM | ID = 10005
Description = Model DCOM odebrał błąd „%1053” podczas próby uruchomienia usługi
ServiceLayer z argumentami „” w celu uruchomienia serwera: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error - 2010-01-22 13:47:51 | Computer Name = PCET | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą ServiceLayer.
Error - 2010-01-22 13:47:51 | Computer Name = PCET | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi ServiceLayer z powodu następującego błędu:
%%1053
< End of report >
- strielok
- Forumowicz
- Posty: 7
- Dołączenie: 15 Sie 2009, 20:29
Re: Prośba o analizę logu Hijack-prawdopodobnie coś złośliwego.
przez mateo8898 » 23 Sty 2010, 09:32
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6
Podaj ten drugi log z OTL (OTL.txt)
-
mateo8898 - Moderator
- Posty: 15377
- Dołączenie: 15 Maj 2009, 14:55
- Pochwały: 966
Re: Prośba o analizę logu Hijack-prawdopodobnie coś złośliwego.
przez strielok » 24 Sty 2010, 02:22
UA: Opera/9.80 (Windows NT 5.1; U; pl) Presto/2.2.15 Version/10.10
- Kod: Zaznacz wszystko
OTL logfile created on: 2010-01-23 00:29:50 - Run 1
OTL by OldTimer - Version 3.1.25.4 Folder = C:\Documents and Settings\Właściciel\Moje dokumenty\Syme52
Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13,67 Gb Total Space | 0,40 Gb Free Space | 2,95% Space Free | Partition Type: NTFS
Drive D: | 14,32 Gb Total Space | 4,04 Gb Free Space | 28,19% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PCET
Current User Name: Właściciel
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2010-01-23 00:29:25 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Moje dokumenty\Syme52\OTL.exe
PRC - [2009-12-14 12:42:53 | 09,069,864 | ---- | M] (12Voip) -- C:\Program Files\12Voip.com\12Voip\12voip.exe
PRC - [2009-11-25 00:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009-11-25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009-11-25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009-11-25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009-11-25 00:45:59 | 00,050,184 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashLogV.exe
PRC - [2009-11-25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009-11-20 19:01:18 | 00,832,296 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2009-11-18 15:54:18 | 11,776,616 | ---- | M] (GG Network S.A.) -- D:\Program Files\Gadu-Gadu 10\gg.exe
PRC - [2009-11-18 14:42:28 | 00,077,824 | ---- | M] () -- D:\Program Files\Gadu-Gadu 10\spellchecker_gg.exe
PRC - [2009-10-27 18:36:16 | 01,499,136 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2009-10-13 14:21:12 | 06,039,960 | ---- | M] (Redefine Sp z o.o.) -- C:\Program Files\ipla\ipla.exe
PRC - [2009-10-11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-10-11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-10-09 13:11:12 | 25,623,336 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2009-10-02 18:51:28 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009-10-02 15:09:16 | 00,289,072 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009-09-28 02:02:44 | 01,524,824 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2009-09-17 10:33:26 | 00,651,776 | ---- | M] (Nokia) -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009-09-17 10:31:18 | 00,132,096 | ---- | M] (Nokia) -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009-09-17 10:31:06 | 00,120,832 | ---- | M] (Nokia) -- C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009-08-19 09:53:18 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009-08-19 09:52:16 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009-08-16 23:33:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009-08-14 07:08:20 | 18,702,336 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2009-06-25 15:12:42 | 01,414,144 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009-04-23 14:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008-01-24 10:59:10 | 01,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005-12-07 21:57:00 | 00,030,208 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2005-08-08 12:54:00 | 00,167,936 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
[color=#E56717]========== Modules (SafeList) ==========[/color]
MOD - [2010-01-23 00:29:25 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Właściciel\Moje dokumenty\Syme52\OTL.exe
MOD - [2006-08-25 08:51:14 | 01,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004-08-04 00:44:04 | 00,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2009-11-25 00:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009-11-25 00:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009-11-25 00:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009-11-25 00:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009-10-11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-10-02 18:51:28 | 00,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009-09-17 10:33:26 | 00,651,776 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009-08-16 23:33:00 | 00,168,004 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (nvsvc)
SRV - [2005-08-08 12:54:00 | 00,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - [2009-11-25 00:49:07 | 00,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009-11-25 00:48:57 | 00,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009-11-25 00:47:54 | 00,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009-11-11 17:20:06 | 00,013,824 | ---- | M] (LoteSoft Co.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\splitcam.sys -- (SPLITCAM)
DRV - [2009-10-23 17:40:51 | 00,010,454 | ---- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\parldr2k.sys -- (PARLDR2K)
DRV - [2009-10-23 17:40:38 | 00,034,048 | ---- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\flsvcom.sys -- (FLSVCOM)
DRV - [2009-10-23 17:40:38 | 00,016,314 | ---- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\flspar.sys -- (FLSPAR)
DRV - [2009-10-23 17:40:38 | 00,008,344 | ---- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\flsser.sys -- (FLSSER)
DRV - [2009-10-23 17:40:35 | 00,013,440 | ---- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\flsiface.sys -- (FLSIFACE)
DRV - [2009-10-23 17:40:28 | 00,033,404 | ---- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fle5wnnt.sys -- (FLE5WNNT)
DRV - [2009-10-23 17:40:13 | 00,049,720 | ---- | M] (Data Encryption Systems Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dk2drv.sys -- (dk2drv)
DRV - [2009-10-10 20:59:16 | 00,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009-10-03 18:07:02 | 00,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-09-28 02:02:44 | 00,014,424 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2009-09-15 11:56:14 | 00,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009-09-15 11:55:30 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009-09-15 11:55:19 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-09-11 06:47:24 | 00,507,408 | ---- | M] (TechniSat Digital, S.A.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SkyNET.sys -- (SKYNET)
DRV - [2009-08-18 10:32:00 | 05,884,416 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009-08-16 21:27:00 | 07,729,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009-04-28 21:20:06 | 00,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2009-03-19 13:48:18 | 00,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009-03-19 13:48:12 | 00,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009-02-09 07:37:56 | 00,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009-02-09 07:37:48 | 00,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009-02-09 07:37:46 | 00,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009-02-09 07:37:46 | 00,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008-08-26 10:26:12 | 00,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008-08-05 13:10:12 | 01,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008-01-24 10:52:06 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2006-11-27 09:33:54 | 00,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006-11-27 09:33:50 | 00,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006-10-18 09:31:38 | 00,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006-01-04 08:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005-10-19 04:50:30 | 00,357,792 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (PRISM_A02)
DRV - [2005-01-07 13:37:18 | 00,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004-08-03 22:10:14 | 00,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2004-08-03 22:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2004-06-20 09:28:00 | 00,025,600 | ---- | M] (TwinHan Provide) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DtvVideo.sys -- (DtvVideo)
DRV - [2004-06-20 09:28:00 | 00,010,330 | ---- | M] (TwinHan Provide) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DtvAudio.sys -- (DtvAudio)
DRV - [2001-08-17 22:49:56 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001-08-17 20:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sterownik filtru USB Sony (SONYPVU1)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009-10-31 21:20:21 | 00,000,000 | ---D | M]
[2009-11-11 15:38:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Extensions
O1 HOSTS File: ([2001-10-26 16:45:16 | 00,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe File not found
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [12Voip] C:\Program Files\12Voip.com\12Voip\12Voip.exe (12Voip)
O4 - HKCU..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Gadu-Gadu 10] D:\Program Files\Gadu-Gadu 10\gg.exe (GG Network S.A.)
O4 - HKCU..\Run: [IPLA!] C:\Program Files\ipla\ipla.exe (Redefine Sp z o.o.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.225.36.2 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-7968250689-7870023470-746651853-6473\nissan.exe) - C:\RECYCLER\S-1-5-21-7968250689-7870023470-746651853-6473\nissan.exe ()
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Idylla.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6814e2fa-e6ac-11de-8bf1-0016e6855442}\Shell\AutoRun\command - "" = H:\Launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2010-01-12 17:56:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Właściciel\Pulpit\picture
[2009-09-28 10:33:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-09-28 10:33:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft
[2009-09-28 10:33:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft
[2009-09-28 10:33:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2010-01-22 18:45:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-01-22 18:45:08 | 00,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010-01-22 18:44:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-01-22 14:27:58 | 03,932,160 | -H-- | M] () -- C:\Documents and Settings\Właściciel\NTUSER.DAT
[2010-01-22 14:27:53 | 00,000,188 | -HS- | M] () -- C:\Documents and Settings\Właściciel\ntuser.ini
[2010-01-22 00:04:47 | 02,111,432 | -H-- | M] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\IconCache.db
[2010-01-20 23:41:39 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\sylabus.doc
[2010-01-13 19:48:21 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-01-11 23:51:52 | 19,284,6673 | ---- | M] () -- C:\Documents and Settings\Właściciel\Pulpit\50%2520CENT%2520BULLET%2520PROOF%2520-%2520Reinstater.cso
[2010-01-10 08:02:04 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Opera.lnk
[2010-01-07 18:47:51 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-01-02 16:59:48 | 00,012,288 | ---- | M] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2010-01-20 23:41:36 | 00,018,944 | ---- | C] () -- C:\Documents and Settings\Właściciel\Moje dokumenty\sylabus.doc
[2010-01-12 17:34:30 | 19,284,6673 | ---- | C] () -- C:\Documents and Settings\Właściciel\Pulpit\50%2520CENT%2520BULLET%2520PROOF%2520-%2520Reinstater.cso
[2010-01-07 18:45:46 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009-12-12 00:55:03 | 00,137,736 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat
[2009-10-23 17:40:39 | 00,000,064 | ---- | C] () -- C:\WINDOWS\FLS1.INI
[2009-10-23 17:40:38 | 00,004,263 | ---- | C] () -- C:\WINDOWS\System32\flsinst.ini
[2009-10-23 17:40:21 | 01,859,584 | ---- | C] () -- C:\WINDOWS\System32\FLSINST.DLL
[2009-10-23 17:40:01 | 02,325,304 | ---- | C] () -- C:\WINDOWS\System32\DK2INST.DLL
[2009-10-20 17:12:38 | 00,012,288 | ---- | C] () -- C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-10-20 15:13:56 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-10-20 15:13:56 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-10-20 15:13:51 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-10-20 15:13:51 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-10-20 15:13:48 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-10-20 15:13:48 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-10-17 11:49:18 | 00,316,805 | ---- | C] () -- C:\WINDOWS\System32\msvcr80.dll
[2009-10-16 17:46:08 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009-10-09 22:45:16 | 00,000,215 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2009-10-03 18:07:00 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-10-02 18:52:02 | 00,139,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008-01-24 10:58:57 | 00,056,880 | ---- | C] () -- C:\WINDOWS\System32\scvideo.dll
[2001-08-29 13:11:40 | 00,398,848 | R--- | C] () -- C:\WINDOWS\System32\dk2win32.dll
< End of report >
- strielok
- Forumowicz
- Posty: 7
- Dołączenie: 15 Sie 2009, 20:29
Re: Prośba o analizę logu Hijack-prawdopodobnie coś złośliwego.
przez mateo8898 » 24 Sty 2010, 13:06
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2) Gecko/20100115 Firefox/3.6
Uruchom OTL 
w oknie Custom Scans/Fixes wklej:
Klikasz Run Fix. Dajesz log z usuwania + nowy log z OTL
w oknie Custom Scans/Fixes wklej::OTL
PRC - [2008-01-24 10:59:10 | 01,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-7968250689-7870023470-746651853-6473\nissan.exe) - C:\RECYCLER\S-1-5-21-7968250689-7870023470-746651853-6473\nissan.exe ()
:Files
C:\Program Files\DAEMON Tools Toolbar
C:\Documents and Settings\Właściciel\Menu Start\Programy\Autostart\OpenOffice.org 3.1.lnk
C:\RECYCLER
D:\RECYCLER
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"LanguageShortcut"=-
"NokiaMServer"=-
"NokiaMusic FastStart"=-
"nwiz"=-
"Onet.pl AutoUpdate"=-
"RemoteControl"=-
"RTHDCPL"=-
"SunJavaUpdateSched"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALLUpdate"=-
:Commands
[emptytemp]
[start explorer]
Klikasz Run Fix. Dajesz log z usuwania + nowy log z OTL
-
mateo8898 - Moderator
- Posty: 15377
- Dołączenie: 15 Maj 2009, 14:55
- Pochwały: 966
6 posty(ów)
• Strona 1 z 1
Kto jest na forum
Zarejestrowani użytkownicy: Bing [Bot]