Update.tmp niezidentyfikowany program chce uzyskać dostęp

**Posty:** 20 · przez **kommand** 30 Lis 2008, 13:19

Od jakiegoś czasu (tydzień) pokazuje mi sie taki komunikat: Niezidentyfikowany program chce uzyskać dostęp do tego komputera (update.tmp) Wciskam opcje "zezwalaj" to znika i nic sie nie dzieje. Wyłączyłem instalowanie aktualizacji i jest to samo. Pojawia sie co ok. 20-30 minut Bardzo mnie to drażni. Co to może być?
Windows Vista Home Basic

**Posty:** 8001 · przez **Okocza** 30 Lis 2008, 13:19

kommand, wstaw log z hijack this. możliwe że wkradło się coś.

**Posty:** 20 · przez **kommand** 30 Lis 2008, 13:41

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 12:40:45, on 2008-11-30 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16757) Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Windows\system32\taskeng.exe C:\Users\Tata\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\PC Tools AntiVirus\PCTAV.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe C:\Users\Tata\Contacts\Desktop\Desktop\Desktop\Desktop\Desktop\Narzędzia\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://pl.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: SQL Server (MSSMLBIZ) (MSSQL$MSSMLBIZ) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ (file missing) O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

**Posty:** 8001 · przez **Okocza** 30 Lis 2008, 13:51

kommand, poproszę jeszcze od Ciebie log z Combofixa (jesli będzie chciał się uruchomić u Ciebie) lub z RSIT'a jeśli Combofix nie uruchomi się.

jak-generujemy-logi-z-combofixa-oraz-rsita-vt95026.html

Oraz żebyś przeskanował ten plik na http://www.virustotal.com

Kod: Zaznacz wszystko: C:\Windows\system32\conime.exe

**Posty:** 20 · przez **kommand** 30 Lis 2008, 14:24

Kod: Zaznacz wszystko: ComboFix 08-11-29.03 - Tata 2008-11-30 12:59:40.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1250.1.1045.18.1088 [GMT 1:00] Uruchomiony z: c:\users\Tata\Contacts\Desktop\Desktop\Desktop\Desktop\Desktop\ComboFix.exe * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\igfxres.dll . ((((((((((((((((((((((((( Pliki utworzone od 2008-10-28 do 2008-11-30 ))))))))))))))))))))))))))))))) . 2008-11-27 16:20 . 2008-11-27 16:22 <DIR> d-------- C:\a512e188b416b5868827b17c33bb 2008-11-26 07:51 . 2008-10-21 06:16 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-26 07:51 . 2008-08-28 04:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-26 07:51 . 2008-08-28 04:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-26 07:51 . 2008-08-28 04:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-26 07:51 . 2008-10-22 04:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-26 07:51 . 2008-10-22 04:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll 2008-11-26 07:51 . 2008-10-22 04:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll 2008-11-25 15:36 . 2008-11-25 16:37 <DIR> d-------- c:\program files\a-squared Free 2008-11-23 20:01 . 2008-11-30 08:02 <DIR> d-------- c:\users\Tata\AppData\Roaming\skypePM 2008-11-23 20:01 . 2008-11-23 20:01 56 --ah----- c:\users\All Users\ezsidmv.dat 2008-11-23 20:01 . 2008-11-23 20:01 56 --ah----- c:\programdata\ezsidmv.dat 2008-11-23 19:53 . 2008-11-30 13:03 <DIR> d-------- c:\users\Tata\AppData\Roaming\Skype 2008-11-23 19:52 . 2008-11-23 19:52 <DIR> d-------- c:\users\All Users\Skype 2008-11-23 19:52 . 2008-11-23 19:52 <DIR> d-------- c:\programdata\Skype 2008-11-23 19:52 . 2008-11-23 19:52 <DIR> d-------- c:\program files\Skype 2008-11-23 19:52 . 2008-11-23 19:52 <DIR> d-------- c:\program files\Common Files\Skype 2008-11-21 14:55 . 2008-11-21 14:55 <DIR> d-------- c:\program files\Lavalys 2008-11-20 07:46 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-20 07:46 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-20 07:46 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-20 07:46 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-20 07:45 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-20 07:45 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-20 07:45 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-20 07:45 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-20 07:45 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-17 10:47 . 2008-11-18 19:05 <DIR> d-------- c:\users\Tata\Gadu-Gadu 2008-11-17 10:47 . 2008-11-17 10:47 <DIR> d-------- c:\program files\Gadu-Gadu 2008-11-16 15:27 . 2008-08-26 02:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-11-16 15:26 . 2008-09-18 03:03 2,027,520 --a------ c:\windows\System32\win32k.sys 2008-11-16 15:26 . 2008-09-05 05:48 1,194,496 --a------ c:\windows\System32\msxml3.dll 2008-11-16 15:26 . 2008-08-26 02:12 290,304 --a------ c:\windows\System32\drivers\srv.sys 2008-11-16 15:26 . 2008-09-05 05:45 2,048 --a------ c:\windows\System32\msxml3r.dll 2008-11-16 15:25 . 2008-09-18 05:35 3,505,208 --a------ c:\windows\System32\ntkrnlpa.exe 2008-11-16 15:25 . 2008-09-18 05:35 3,470,904 --a------ c:\windows\System32\ntoskrnl.exe 2008-11-16 15:25 . 2008-08-12 04:29 441,856 --a------ c:\windows\System32\win32spl.dll 2008-11-16 15:25 . 2008-08-12 04:29 37,376 --a------ c:\windows\System32\printcom.dll 2008-11-16 14:48 . 2008-11-16 14:48 <DIR> d-------- c:\users\Tata\AppData\Roaming\PC Tools 2008-11-16 14:48 . 2008-11-30 12:57 <DIR> d-a------ c:\users\All Users\TEMP 2008-11-16 14:48 . 2008-11-16 14:48 <DIR> d-------- c:\users\All Users\PC Tools 2008-11-16 14:48 . 2008-11-30 12:57 <DIR> d-a------ c:\programdata\TEMP 2008-11-16 14:48 . 2008-11-16 14:48 <DIR> d-------- c:\programdata\PC Tools 2008-11-16 14:48 . 2008-11-30 07:22 <DIR> d-------- c:\program files\PC Tools AntiVirus 2008-11-16 14:48 . 2008-11-16 14:48 <DIR> d-------- c:\program files\Common Files\PC Tools 2008-11-16 14:48 . 2007-12-06 15:51 28,568 --a------ c:\windows\System32\drivers\AVHook.sys 2008-11-16 14:48 . 2007-12-06 15:51 21,912 --a------ c:\windows\System32\drivers\AVRec.sys 2008-11-16 14:48 . 2008-02-12 10:44 21,904 --a------ c:\windows\System32\drivers\AVFilter.sys 2008-11-16 13:56 . 2008-11-16 13:56 <DIR> d-------- c:\users\Tata\AppData\Roaming\DivX 2008-11-16 13:51 . 2008-11-16 13:51 <DIR> d-------- c:\program files\DivX 2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\System32\divx_xx0c.dll 2008-10-28 23:36 . 2008-10-28 23:36 823,296 --a------ c:\windows\System32\divx_xx07.dll 2008-10-28 23:35 . 2008-10-28 23:35 815,104 --a------ c:\windows\System32\divx_xx0a.dll 2008-10-28 23:35 . 2008-10-28 23:35 802,816 --a------ c:\windows\System32\divx_xx11.dll 2008-10-28 23:35 . 2008-10-28 23:35 729,088 --a------ c:\windows\System32\divxdec.ax 2008-10-28 23:35 . 2008-10-28 23:35 684,032 --a------ c:\windows\System32\DivX.dll 2008-10-26 21:28 . 2008-10-26 21:28 <DIR> d-------- c:\program files\Mark IT Now! 2008-10-22 14:33 . 2008-10-22 14:33 <DIR> d-------- c:\users\Tata\AppData\Roaming\TuneUp Software 2008-10-22 14:33 . 2008-10-22 14:33 361,728 --a------ c:\windows\System32\TuneUpDefragService.exe 2008-10-22 14:33 . 2008-07-18 14:05 28,416 --a------ c:\windows\System32\uxtuneup.dll 2008-10-22 14:33 . 2008-07-18 14:05 16,640 --a------ c:\windows\System32\authuitu.dll 2008-10-22 14:32 . 2008-10-22 14:32 <DIR> d-------- c:\users\All Users\TuneUp Software 2008-10-22 14:32 . 2008-10-22 14:32 <DIR> d-------- c:\programdata\TuneUp Software 2008-10-22 14:32 . 2008-10-22 14:33 <DIR> d-------- c:\program files\TuneUp Utilities 2008 2008-10-01 19:58 . 2008-11-22 16:56 <DIR> d-------- c:\users\Tata\AppData\Roaming\The Bat! . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-30 07:24 --------- d-----w c:\users\Tata\AppData\Roaming\OpenOffice.org2 2008-11-27 14:47 --------- d-----w c:\program files\English Translator 3 2008-11-23 11:46 --------- d-----w c:\program files\Mozilla Thunderbird 2008-11-20 06:54 --------- d-----w c:\program files\Common Files\Adobe 2008-11-18 06:54 --------- d-----w c:\program files\Windows Mail 2008-11-16 13:44 --------- d-----w c:\program files\Common Files\Symantec Shared 2008-11-16 13:42 --------- d-----w c:\programdata\Symantec 2008-11-16 13:41 --------- d-----w c:\program files\Symantec 2008-10-22 13:31 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll 2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll 2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-30 12:08 --------- d-----w c:\users\Tata\AppData\Roaming\Thunderbird 2008-09-28 18:02 --------- d-----w c:\programdata\Lavasoft 2008-09-28 17:59 --------- d-----w c:\program files\Lavasoft 2008-09-25 08:03 81,920 ----a-w c:\windows\System32\dpl100.dll 2008-09-25 08:03 593,920 ----a-w c:\windows\System32\dpuGUI11.dll 2008-09-25 08:03 57,344 ----a-w c:\windows\System32\dpv11.dll 2008-09-25 08:03 53,248 ----a-w c:\windows\System32\dpuGUI10.dll 2008-09-25 08:03 524,288 ----a-w c:\windows\System32\DivXsm.exe 2008-09-25 08:03 344,064 ----a-w c:\windows\System32\dpus11.dll 2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu11.dll 2008-09-25 08:03 294,912 ----a-w c:\windows\System32\dpu10.dll 2008-09-25 08:03 196,608 ----a-w c:\windows\System32\dtu100.dll 2008-09-25 08:03 161,096 ----a-w c:\windows\System32\DivXCodecVersionChecker.exe 2008-09-19 21:57 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll 2008-09-19 21:55 200,704 ----a-w c:\windows\System32\ssldivx.dll 2008-09-19 21:55 1,044,480 ----a-w c:\windows\System32\libdivx.dll 2008-09-19 21:54 12,288 ----a-w c:\windows\System32\DivXWMPExtType.dll 2008-09-10 03:25 1,341,440 ----a-w c:\windows\System32\msxml6.dll 2008-09-10 03:21 2,048 ----a-w c:\windows\System32\msxml6r.dll 2008-08-22 05:35 268,800 ----a-w c:\windows\System32\es.dll 2008-08-21 05:34 174 --sha-w c:\program files\desktop.ini 2008-08-20 21:40 61,440 ----a-w c:\windows\System32\winipsec.dll 2008-08-20 21:40 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL 2008-08-20 21:40 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll 2008-08-20 21:40 272,896 ----a-w c:\windows\System32\polstore.dll 2008-08-20 21:40 194,560 ----a-w c:\windows\System32\WebClnt.dll 2008-08-20 21:37 2,048 ----a-w c:\windows\System32\tzres.dll 2008-08-20 21:36 24,064 ----a-w c:\windows\System32\netcfg.exe 2008-08-20 21:36 22,016 ----a-w c:\windows\System32\netiougc.exe 2008-08-20 21:36 167,424 ----a-w c:\windows\System32\tcpipcfg.dll 2008-08-20 21:34 1,585,664 ----a-w c:\windows\System32\setupapi.dll 2008-08-20 21:32 9,728 ----a-w c:\windows\System32\LAPRXY.DLL 2008-08-20 21:32 296,448 ----a-w c:\windows\System32\gdi32.dll 2008-08-20 21:32 223,232 ----a-w c:\windows\System32\WMASF.DLL 2008-08-20 21:32 2,048 ----a-w c:\windows\System32\asferror.dll 2008-08-20 21:32 14,848 ----a-w c:\windows\System32\wshrm.dll 2008-08-20 21:32 11,776 ----a-w c:\windows\System32\sbunattend.exe 2008-08-20 21:31 84,480 ----a-w c:\windows\System32\INETRES.dll 2008-08-20 21:31 83,968 ----a-w c:\windows\System32\dnsrslvr.dll 2008-08-20 21:31 737,792 ----a-w c:\windows\System32\inetcomm.dll 2008-08-20 21:31 24,576 ----a-w c:\windows\System32\dnscacheugc.exe 2008-08-20 21:31 1,327,104 ----a-w c:\windows\System32\quartz.dll 2008-08-20 01:41 704,000 ----a-w c:\windows\System32\PhotoScreensaver.scr 2008-08-20 01:41 67,584 ----a-w c:\windows\System32\wlanhlp.dll 2008-08-20 01:41 542,720 ----a-w c:\windows\System32\sysmain.dll 2008-08-20 01:41 502,784 ----a-w c:\windows\System32\wlansvc.dll 2008-08-20 01:41 47,104 ----a-w c:\windows\System32\wlanapi.dll 2008-08-20 01:41 297,984 ----a-w c:\windows\System32\wlansec.dll 2008-08-20 01:41 290,816 ----a-w c:\windows\System32\wlanmsm.dll 2008-08-20 01:41 24,064 ----a-w c:\windows\System32\wtsapi32.dll 2008-08-20 01:41 2,923,520 ----a-w c:\windows\explorer.exe 2008-08-20 01:40 8,704 ----a-w c:\windows\System32\hcrstco.dll 2008-08-20 01:40 8,704 ----a-w c:\windows\System32\hccoin.dll 2008-08-20 01:40 8,147,968 ----a-w c:\windows\System32\wmploc.DLL 2008-08-20 01:40 7,680 ----a-w c:\windows\System32\spwmp.dll 2008-08-20 01:40 4,096 ----a-w c:\windows\System32\dxmasf.dll 2008-08-20 01:40 356,864 ----a-w c:\windows\System32\MediaMetadataHandler.dll 2008-08-20 01:37 788,992 ----a-w c:\windows\System32\rpcrt4.dll 2008-08-20 01:37 750,080 ----a-w c:\windows\System32\qmgr.dll 2008-08-20 01:30 86,016 ----a-w c:\windows\System32\icfupgd.dll 2008-08-20 01:30 61,952 ----a-w c:\windows\System32\cmifw.dll 2008-08-20 01:30 396,800 ----a-w c:\windows\System32\MPSSVC.dll 2008-08-20 01:30 392,192 ----a-w c:\windows\System32\FirewallAPI.dll 2008-08-20 01:30 374,456 ----a-w c:\windows\System32\mcupdate_GenuineIntel.dll 2008-08-20 01:30 178,688 ----a-w c:\windows\System32\iphlpsvc.dll 2008-08-20 01:30 16,896 ----a-w c:\windows\System32\wfapigp.dll 2008-08-20 01:29 57,856 ----a-w c:\windows\System32\SLUINotify.dll 2008-08-20 01:29 566,784 ----a-w c:\windows\System32\SLCommDlg.dll 2008-08-20 01:29 39,936 ----a-w c:\windows\System32\slcinst.dll 2008-08-20 01:29 351,232 ----a-w c:\windows\System32\SLUI.exe 2008-08-20 01:29 33,280 ----a-w c:\windows\System32\slwmi.dll 2008-08-20 01:29 268,288 ----a-w c:\windows\System32\mcbuilder.exe 2008-08-20 01:29 223,232 ----a-w c:\windows\System32\SLC.dll 2008-08-20 01:29 2,605,568 ----a-w c:\windows\System32\SLsvc.exe 2008-08-20 01:29 186,368 ----a-w c:\windows\System32\SLLUA.exe 2008-08-20 01:27 87,040 ----a-w c:\windows\System32\msoert2.dll 2008-08-20 01:27 5,120 ----a-w c:\windows\System32\wmi.dll 2008-08-20 01:27 39,424 ----a-w c:\windows\System32\ACCTRES.dll 2008-08-20 01:27 205,824 ----a-w c:\windows\System32\msoeacct.dll 2008-08-20 01:27 152,576 ----a-w c:\windows\System32\imagehlp.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-08-20 1232896] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2007-01-30 1716224] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-07 1021224] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "PCTAVApp"="c:\program files\PC Tools AntiVirus\PCTAV.exe" [2008-09-25 1370000] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 c:\windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.WTVC"= wtvc.dll "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe "HotKeysCmds"=c:\windows\system32\hkcmd.exe "IgfxTray"=c:\windows\system32\igfxtray.exe "Persistence"=c:\windows\system32\igfxpers.exe "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" "WarReg_PopUp"=c:\acer\WR_PopUp\WarReg_PopUp.exe "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{8017AD92-7E55-4741-B56F-30CEBD7E5E3A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{20201B0A-4B83-435D-A585-B50031354526}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD "TCP Query User{2594376B-89F3-4228-A5BB-BFB06B1890A5}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{709F7A0D-F214-4F45-8F25-7780BE03C6BD}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{B779A4C4-C54A-44A7-AEF1-ED1D472AB040}c:\\program files\\gadu-gadu\\gg.exe"= UDP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny "UDP Query User{5A062956-B3CE-4EA6-BE66-0740B1946DBB}c:\\program files\\gadu-gadu\\gg.exe"= TCP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny "{D16BF29B-4554-467E-AF80-89BD81322388}"= c:\program files\Skype\Phone\Skype.exe:Skype [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [2006-04-14 28933976] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - PROCEXP90 . Zawartość folderu 'Zaplanowane zadania' 2008-11-30 c:\windows\Tasks\Konserwacja jednym kliknięciem.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-08-27 11:09] . . ------- Skan uzupełniający ------- . FireFox -: Profile - c:\users\Tata\AppData\Roaming\Mozilla\Firefox\Profiles\42ect7ia.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.onet.pl/ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-30 13:03:31 Windows 6.0.6000 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(760) c:\program files\PC Tools AntiVirus\PCTAVHook.dll - - - - - - - > 'lsass.exe'(672) c:\program files\PC Tools AntiVirus\PCTAVHook.dll - - - - - - - > 'csrss.exe'(568) c:\program files\PC Tools AntiVirus\PCTAVHook.dll - - - - - - - > 'csrss.exe'(624) c:\program files\PC Tools AntiVirus\PCTAVHook.dll . Czas ukończenia: 2008-11-30 13:05:35 ComboFix-quarantined-files.txt 2008-11-30 12:05:31 Przed: 28 061 478 912 bajtów wolnych Po: 27,843,121,152 bajtów wolnych 269 --- E O F --- 2008-11-29 13:17:23

Dodano 30.11.2008 13:32:04:
http://www.virustotal.com/pl/analisis/25653b8748faeaf7d865604b38ab8ec9