• Ogłoszenie:

Wudfhost.exe zwykly proces czy virus ?

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.

Wudfhost.exe zwykly proces czy virus ?

Postprzez kristof200 13 Paź 2008, 13:38

reklama
Czesc mam wrazenie ze jest jakis robak albo cos w tym stylu umnie na kompie .W procesach zauwazylem WudfHost.exe wpisalem w google i to jest robak albo trojan cos w tym stylu.
Myle sie czy to jest virus ?

log z hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:33:00, on 2008-10-13
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Kod: Zaznacz wszystko
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Documents and Settings\User\Pulpit\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B7E02ED-CC7C-4B81-B9BC-775EE0A41D2D}: NameServer = 208.67.222.222,208.67.222.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Usługa bramy warstwy aplikacji (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 6785 bytes



zaraz sprobuje zrobic z combo fixa
kristof200
~user
 
Posty: 105
Dołączenie: 03 Maj 2008, 23:06



Wudfhost.exe zwykly proces czy virus ?

Postprzez Magik 13 Paź 2008, 14:06

pzy okazji

Kod: Zaznacz wszystko
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640


te wpisy mozesz dac na fix



co do procesu w HJT go nie ma, wklej log z combofix'a i

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt
Image Image
Awatar użytkownika
Magik
~user
 
Posty: 7956
Dołączenie: 08 Maj 2004, 09:17
Miejscowość: Głogów
Pochwały: 886



Wudfhost.exe zwykly proces czy virus ?

Postprzez kristof200 13 Paź 2008, 14:48

Kod: Zaznacz wszystko
ComboFix 08-10-11.04 - User 2008-10-13 14:37:03.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.221 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\User\Pulpit\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active


[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]
.

(((((((((((((((((((((((((   Pliki utworzone od 2008-09-13 do 2008-10-13  )))))))))))))))))))))))))))))))
.

2008-10-12 22:32 . 2008-10-12 22:32   <DIR>   d--------   C:\Program Files\SigmaTel
2008-10-09 21:44 . 2008-10-09 21:44   <DIR>   d--------   C:\WINDOWS\Sun
2008-10-09 19:45 . 2008-10-09 19:45   <DIR>   d--------   C:\Program Files\NSS
2008-10-09 19:45 . 2006-08-29 16:56   32,377   --a------   C:\WINDOWS\system32\drivers\prodigy.sys
2008-10-09 15:51 . 2008-04-13 22:15   26,112   --a------   C:\WINDOWS\system32\drivers\usbser.sys
2008-10-09 15:51 . 2008-04-13 22:15   26,112   --a------   C:\WINDOWS\system32\dllcache\usbser.sys
2008-10-09 15:50 . 2008-10-09 15:50   0   --ah-----   C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-09 15:50 . 2008-10-09 15:50   0   --ah-----   C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-09 15:49 . 2008-10-09 15:49   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Nokia
2008-10-09 15:47 . 2008-05-07 07:38   8,064   --a------   C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-10-09 15:47 . 2008-06-06 09:24   8,064   --a------   C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-10-09 15:46 . 2008-05-07 07:39   1,419,232   --a------   C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-10-09 15:46 . 2008-05-07 07:38   659,968   --a------   C:\WINDOWS\system32\nmwcdcocls.dll
2008-10-09 15:46 . 2008-05-07 07:38   20,864   --a------   C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-10-09 15:46 . 2008-05-07 07:38   17,536   --a------   C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-10-09 15:45 . 2008-02-01 16:17   138,112   --a------   C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2008-10-09 15:45 . 2008-02-01 16:17   8,320   --a------   C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2008-10-09 15:44 . 2008-10-09 15:44   <DIR>   d--------   C:\Program Files\MSXML 6.0
2008-10-08 13:57 . 2003-08-21 06:15   483,328   -ra------   C:\WINDOWS\system32\hphmon05.exe
2008-10-08 13:57 . 2003-10-07 16:25   6,353   -ra------   C:\WINDOWS\system32\hphmon05.dat
2008-10-08 13:55 . 2008-10-08 13:59   17,325   ---------   C:\WINDOWS\HPHins01.dat
2008-10-08 13:55 . 2003-09-12 23:31   4,308   ---------   C:\WINDOWS\hphmdl01.dat
2008-10-08 13:48 . 2008-10-08 13:48   <DIR>   d--------   C:\temp\photosmart
2008-10-07 16:27 . 2008-10-07 16:27   268   --ah-----   C:\sqmdata07.sqm
2008-10-07 16:27 . 2008-10-07 16:27   244   --ah-----   C:\sqmnoopt07.sqm
2008-10-06 20:07 . 2008-10-06 20:07   268   --ah-----   C:\sqmdata06.sqm
2008-10-06 20:07 . 2008-10-06 20:07   244   --ah-----   C:\sqmnoopt06.sqm
2008-10-06 20:02 . 2008-10-06 20:02   268   --ah-----   C:\sqmdata05.sqm
2008-10-06 20:02 . 2008-10-06 20:02   244   --ah-----   C:\sqmnoopt05.sqm
2008-10-06 19:24 . 2008-10-06 19:24   268   --ah-----   C:\sqmdata04.sqm
2008-10-06 19:24 . 2008-10-06 19:24   244   --ah-----   C:\sqmnoopt04.sqm
2008-10-06 19:22 . 2008-10-06 19:22   268   --ah-----   C:\sqmdata03.sqm
2008-10-06 19:22 . 2008-10-06 19:22   244   --ah-----   C:\sqmnoopt03.sqm
2008-10-06 19:16 . 2008-10-06 19:16   268   --ah-----   C:\sqmdata02.sqm
2008-10-06 19:16 . 2008-10-06 19:16   244   --ah-----   C:\sqmnoopt02.sqm
2008-10-06 19:12 . 2008-10-06 19:12   66,048   --a------   C:\mbr.exe
2008-10-06 17:50 . 2008-10-06 17:50   268   --ah-----   C:\sqmdata01.sqm
2008-10-06 17:50 . 2008-10-06 17:50   244   --ah-----   C:\sqmnoopt01.sqm
2008-10-06 08:34 . 2008-10-06 08:34   268   --ah-----   C:\sqmdata00.sqm
2008-10-06 08:34 . 2008-10-06 08:34   244   --ah-----   C:\sqmnoopt00.sqm
2008-10-04 23:18 . 2008-10-04 23:21   <DIR>   d--------   C:\Program Files\WYSIWYG Web Builder 5
2008-10-04 23:18 . 2008-10-04 23:18   737,280   --a------   C:\WINDOWS\iun6002.exe
2008-10-04 16:48 . 2008-10-13 13:54   156   --a------   C:\WINDOWS\Twunk001.MTX
2008-10-04 16:48 . 2008-10-13 13:54   3   --a------   C:\WINDOWS\Twain001.Mtx
2008-10-04 16:48 . 2008-10-04 16:48   0   --a------   C:\WINDOWS\Twunk002.MTX
2008-10-04 15:38 . 2008-10-04 15:38   <DIR>   d--------   C:\Program Files\Passware
2008-09-22 19:40 . 2008-09-22 19:40   <DIR>   d--------   C:\Program Files\Microsoft IntelliPoint
2008-09-22 19:39 . 2008-09-22 19:39   <DIR>   d--------   C:\Program Files\Microsoft IntelliType Pro
2008-09-22 17:37 . 2006-10-26 19:56   32,592   --a------   C:\WINDOWS\system32\msonpmon.dll
2008-09-22 17:33 . 2008-10-04 12:28   <DIR>   d--------   C:\Program Files\Microsoft Works
2008-09-22 17:29 . 2008-09-22 17:29   <DIR>   d--------   C:\Program Files\Microsoft.NET
2008-09-22 17:26 . 2008-09-22 17:26   <DIR>   d--------   C:\Program Files\Microsoft Visual Studio 8
2008-09-21 13:34 . 2008-09-21 13:34   <DIR>   d--------   C:\WINDOWS\system32\XPSViewer
2008-09-21 13:34 . 2008-09-22 17:33   <DIR>   d--------   C:\Program Files\MSBuild
2008-09-21 13:33 . 2008-07-06 14:06   1,676,288   ---------   C:\WINDOWS\system32\xpssvcs.dll
2008-09-21 13:33 . 2008-07-06 14:06   1,676,288   ---------   C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-21 13:33 . 2008-07-06 12:50   597,504   ---------   C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-21 13:33 . 2008-07-06 14:06   575,488   ---------   C:\WINDOWS\system32\xpsshhdr.dll
2008-09-21 13:33 . 2008-07-06 14:06   575,488   ---------   C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-21 13:33 . 2008-07-06 14:06   117,760   ---------   C:\WINDOWS\system32\prntvpt.dll
2008-09-21 13:33 . 2008-07-06 14:06   89,088   ---------   C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-21 13:30 . 2008-09-21 13:30   <DIR>   d--------   C:\Documents and Settings\User\Dane aplikacji\Nvu
2008-09-21 13:29 . 2008-09-21 13:29   <DIR>   d--------   C:\Program Files\Nvu
2008-09-21 13:23 . 2008-09-21 13:36   <DIR>   d--------   C:\Program Files\Street Hacker
2008-09-21 10:10 . 2008-09-21 10:10   <DIR>   d--------   C:\WINDOWS\system32\xircom
2008-09-21 10:10 . 2008-09-21 10:10   <DIR>   d--------   C:\WINDOWS\system32\oobe
2008-09-21 10:10 . 2008-09-21 10:10   <DIR>   d--------   C:\WINDOWS\srchasst
2008-09-21 10:10 . 2008-09-21 10:10   <DIR>   d--------   C:\WINDOWS\msagent
2008-09-21 10:10 . 2008-09-21 10:10   <DIR>   d--------   C:\Program Files\microsoft frontpage
2008-09-20 22:26 . 2008-09-20 22:26   <DIR>   d--------   C:\WINDOWS\system32\Kaspersky Lab
2008-09-20 22:26 . 2008-09-20 22:26   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-09-20 17:58 . 2008-09-20 17:58   <DIR>   d--------   C:\!FixIEDef
2008-09-16 16:22 . 2004-05-04 12:53   1,645,320   --a------   C:\WINDOWS\system32\gdiplus.dll
2008-09-16 16:18 . 2008-09-16 16:22   <DIR>   d--------   C:\Program Files\BurnAware Free
2008-09-14 22:19 . 2008-09-14 22:19   <DIR>   d--------   C:\Documents and Settings\User\DoctorWeb
2008-09-14 22:19 . 2008-09-14 22:19   <DIR>   d--------   C:\Documents and Settings\User\Dane aplikacji\FDRLab
2008-09-13 22:12 . 2008-09-13 22:12   <DIR>   d--------   C:\Documents and Settings\User\WINDOWS
2008-09-13 11:57 . 2008-09-13 11:57   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 12:27   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\foobar2000
2008-10-12 20:32   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-10-11 19:44   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-10-10 17:51   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Skype
2008-10-10 14:58   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\skypePM
2008-10-09 13:46   ---------   d-----w   C:\Program Files\Nokia
2008-10-09 13:40   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-10-09 13:38   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Nokia
2008-10-08 12:23   ---------   d-----w   C:\Program Files\Hewlett-Packard
2008-10-04 14:48   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Thinstall
2008-09-23 15:59   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-09-14 20:21   ---------   d-----w   C:\Program Files\FDRLab
2008-09-09 15:48   ---------   d-----w   C:\Program Files\Maxtor
2008-09-09 11:18   ---------   d-----w   C:\Program Files\Shut Down-O-Matic
2008-09-06 14:46   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Nokia Multimedia Player
2008-09-05 19:30   ---------   d-----w   C:\Program Files\Theorica Divx ;-) Codecs
2008-09-05 19:28   ---------   d-----w   C:\Program Files\K-Lite Codec Pack
2008-09-05 18:52   ---------   d-----w   C:\Program Files\XviD
2008-09-04 18:34   ---------   d-----w   C:\Program Files\free-downloads.net
2008-09-04 18:34   ---------   d-----w   C:\Program Files\Conduit
2008-09-04 18:33   ---------   d-----w   C:\Program Files\Alcohol Soft
2008-09-04 17:58   716,272   ----a-w   C:\WINDOWS\system32\drivers\sptd.sys
2008-09-03 19:29   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Hide IP NG
2008-09-02 16:41   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\uniblue
2008-09-01 19:34   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Vso
2008-09-01 19:16   47,360   ----a-w   C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-01 19:16   47,360   ----a-w   C:\Documents and Settings\User\Dane aplikacji\pcouffin.sys
2008-09-01 19:16   ---------   d-----w   C:\Program Files\VSO
2008-09-01 17:40   ---------   d-----w   C:\Program Files\Uniblue
2008-09-01 17:35   ---------   d-----w   C:\Program Files\Reference Assemblies
2008-09-01 06:50   ---------   d-----w   C:\Program Files\MSXML 4.0
2008-08-31 20:38   ---------   d-----w   C:\Program Files\Video mp3 Extractor
2008-08-31 19:22   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Dev-Cpp
2008-08-28 14:43   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Maxtor
2008-08-27 17:49   ---------   d-----w   C:\Program Files\Skype
2008-08-27 17:49   ---------   d-----w   C:\Program Files\Common Files\Skype
2008-08-27 17:49   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-08-26 18:59   ---------   d-----w   C:\Program Files\Any Video Converter
2008-08-26 18:59   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Any Video Converter
2008-08-25 17:58   ---------   d-----w   C:\Program Files\NAPI-PROJEKT
2008-08-24 17:23   ---------   d-----w   C:\Program Files\Java
2008-08-24 17:20   ---------   d-----w   C:\Program Files\Common Files\Java
2008-08-24 16:55   ---------   d-----w   C:\Program Files\IrfanView
2008-08-24 08:20   ---------   d-----w   C:\Program Files\Common Files\Adobe AIR
2008-08-24 08:19   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-08-23 22:43   ---------   d-----w   C:\Program Files\JLC's Software
2008-08-23 22:40   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\JLC's Software
2008-08-23 22:32   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\TVU Networks
2008-08-23 22:32   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\TVU Networks
2008-08-23 22:28   ---------   d-----w   C:\Program Files\Free TV Online
2008-08-23 22:23   ---------   d-----w   C:\Program Files\TVPlayerClassic
2008-08-23 19:16   ---------   d-----w   C:\Program Files\Teamspeak2_RC2
2008-08-23 19:16   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\teamspeak2
2008-08-23 18:40   ---------   d-----w   C:\Program Files\Real Alternative
2008-08-23 18:34   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Media Player Classic
2008-08-23 16:52   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2008-08-23 16:43   ---------   d-----w   C:\Program Files\Windows Live
2008-08-23 16:42   ---------   dcsh--w   C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-23 16:39   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\WLInstaller
2008-08-23 13:55   ---------   d-----w   C:\Program Files\NovaLogic
2008-08-23 10:44   ---------   d-----w   C:\Program Files\DIFX
2008-08-23 10:44   ---------   d-----w   C:\Program Files\Common Files\PCSuite
2008-08-23 10:44   ---------   d-----w   C:\Program Files\Common Files\Nokia
2008-08-23 10:43   ---------   d-----w   C:\Program Files\PC Connectivity Solution
2008-08-23 10:43   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\PC Suite
2008-08-23 10:18   ---------   d-----w   C:\Program Files\foobar2000
2008-08-23 10:16   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\BESTplayer
2008-08-23 10:00   ---------   d-----w   C:\Program Files\ESET
2008-08-23 09:57   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Gadu-Gadu
2008-08-23 09:56   ---------   d-----w   C:\Program Files\Yahoo!
2008-08-23 09:56   ---------   d-----w   C:\Program Files\CCleaner
2008-08-23 09:55   ---------   d-----w   C:\Program Files\Gadu-Gadu
2008-08-23 09:53   ---------   d-----w   C:\Program Files\Opera
2008-08-22 22:01   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\ESET
2008-08-22 21:34   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-08-22 21:24   ---------   d-----w   C:\Program Files\Usługi online
2008-08-22 21:22   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-07-29 23:34   96,760   ----a-w   C:\WINDOWS\system32\dfshim.dll
2008-07-29 23:34   83,968   ----a-w   C:\WINDOWS\system32\mscories.dll
2008-07-29 23:34   41,984   ----a-w   C:\WINDOWS\system32\netfxperf.dll
2008-07-29 23:34   282,112   ----a-w   C:\WINDOWS\system32\mscoree.dll
2008-07-29 23:34   158,720   ----a-w   C:\WINDOWS\system32\mscorier.dll
2008-07-29 19:10   73,720   ----a-w   C:\WINDOWS\system32\dxva2.dll
2008-07-29 19:10   493,048   ----a-w   C:\WINDOWS\system32\evr.dll
2008-07-29 19:10   26,112   ----a-w   C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 18:35   326,160   ----a-w   C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 17:59   781,344   ----a-w   C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 17:59   43,544   ----a-w   C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 17:59   161,296   ----a-w   C:\WINDOWS\system32\UIAutomationCore.dll
2008-07-29 17:59   105,016   ----a-w   C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 17:24   97,800   ----a-w   C:\WINDOWS\system32\infocardapi.dll
2008-07-29 17:24   622,080   ----a-w   C:\WINDOWS\system32\icardagt.exe
2008-07-29 17:24   11,264   ----a-w   C:\WINDOWS\system32\icardres.dll
2008-07-18 20:10   94,920   ----a-w   C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10   53,448   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10   45,768   ----a-w   C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10   36,552   ----a-w   C:\WINDOWS\system32\wups.dll
2008-07-18 20:09   563,912   ----a-w   C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09   325,832   ----a-w   C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09   205,000   ----a-w   C:\WINDOWS\system32\wuweb.dll
.

------- Sigcheck -------

2007-07-10 19:06  642560  ce594e18fe0d0af804f1f3694921ce62   C:\WINDOWS\system32\user32.dll

2008-06-16 03:28  549888  335813eacd16e84f3047a3326f6e5473   C:\WINDOWS\system32\winlogon.exe

2008-07-07 23:43  2032128  2bc05e243b86aa8e569ee3c5d8b3c424   C:\WINDOWS\system32\ntkrnlpa.exe

2008-07-06 23:44  2153472  04404b7f25984558ad3390bf84c4eb95   C:\WINDOWS\system32\ntoskrnl.exe

2008-06-27 05:36  1424896  4ec7ed41d95d18b3cd1a2bd9dfefb591   C:\WINDOWS\explorer.exe
.
(((((((((((((((((((((((((((((   snapshot@2008-10-06_19.07.48.95   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-09 13:43:23   10,134   ----a-r   C:\WINDOWS\Installer\{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}\ARPPRODUCTICON.exe
+ 2008-10-09 13:43:23   458,752   ----a-r   C:\WINDOWS\Installer\{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}\NewShortcut16_F7578A24A4B240E4BA057EF931EB25B5.exe
+ 2008-10-09 13:43:23   8,854   ----a-r   C:\WINDOWS\Installer\{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}\NewShortcut2_1C7B7089989A424FB39D41A32581C775.exe
+ 2008-10-09 13:43:23   458,752   ----a-r   C:\WINDOWS\Installer\{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}\NewShortcut20_F7578A24A4B240E4BA057EF931EB25B5.exe
+ 2008-10-09 13:43:23   8,854   ----a-r   C:\WINDOWS\Installer\{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}\NewShortcut24_E2CBBE559A074AF98E8596196B075190.exe
+ 2008-10-09 13:43:23   8,854   ----a-r   C:\WINDOWS\Installer\{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}\Uninstall_QA_OTI_H_FE5D756F71E147C4972AD6775344B40B.exe
+ 2008-10-09 13:45:18   3,262   ----a-r   C:\WINDOWS\Installer\{2A0A6470-FD0F-4F45-9B11-85F3167DB943}\ARPPRODUCTICON.exe
- 2008-08-23 10:44:32   15,086   ----a-r   C:\WINDOWS\Installer\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\ARPPRODUCTICON.exe
+ 2008-10-09 13:36:24   15,086   ----a-r   C:\WINDOWS\Installer\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\ARPPRODUCTICON.exe
- 2008-08-23 10:44:32   216,358   ----a-r   C:\WINDOWS\Installer\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\EXTUI_UninstallPCSui_0F854AC05AF149EFBE65492233B7B5AD.exe
+ 2008-10-09 13:36:24   216,358   ----a-r   C:\WINDOWS\Installer\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\EXTUI_UninstallPCSui_0F854AC05AF149EFBE65492233B7B5AD.exe
+ 2008-10-09 13:47:09   3,262   ----a-r   C:\WINDOWS\Installer\{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}\ARPPRODUCTICON.exe
+ 2006-11-02 05:22:54   492,000   ------w   C:\WINDOWS\system32\drivers\wdf01000.sys
+ 2006-11-02 05:22:52   32,224   ------w   C:\WINDOWS\system32\drivers\wdfldr.sys
+ 2008-05-07 05:38:20   17,536   -c--a-w   C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\ccdcmb.sys
+ 2008-05-07 05:38:24   90,624   -c--a-w   C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\nmwcdcls.dll
+ 2008-05-07 05:38:34   659,968   -c--a-w   C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\nmwcdcocls.dll
+ 2008-05-07 05:39:22   1,419,232   -c--a-w   C:\WINDOWS\system32\DRVSTORE\ccdcmb_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\wdfcoinstaller01005.dll
+ 2008-05-07 05:38:36   8,064   -c--a-w   C:\WINDOWS\system32\DRVSTORE\ccdcmbcj_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\usbser_lowerfltj.sys
+ 2008-06-06 07:24:44   8,064   -c--a-w   C:\WINDOWS\system32\DRVSTORE\ccdcmbm_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\usbser_lowerflt.sys
+ 2008-05-07 05:38:20   20,864   -c--a-w   C:\WINDOWS\system32\DRVSTORE\ccdcmbo_8BBEC91EFF51E4A1A9EC754A696F267BFDD220D5\ccdcmbo.sys
+ 2008-02-01 14:17:12   138,112   -c--a-w   C:\WINDOWS\system32\DRVSTORE\nmwcdnsu_44DA5D9994D88495A1C1116BFFF6763CF67ABD72\nmwcdnsu.sys
+ 2008-02-01 14:17:06   8,320   -c--a-w   C:\WINDOWS\system32\DRVSTORE\nmwcdnsuc_44DA5D9994D88495A1C1116BFFF6763CF67ABD72\nmwcdnsuc.sys
- 2007-02-22 08:15:12   90,624   ----a-w   C:\WINDOWS\system32\nmwcdcls.dll
+ 2008-05-07 05:38:24   90,624   ----a-w   C:\WINDOWS\system32\nmwcdcls.dll
+ 2004-05-05 16:19:14   122,745   ----a-w   C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_7600_se842d\hph7700.dat
+ 2004-05-05 16:19:16   125,040   ----a-w   C:\WINDOWS\system32\spool\drivers\w32x86\hpphotosmart_7600_se842d\hph7900.dat
+ 2008-10-09 13:42:40   1,233,920   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9818.0_x-ww_8ff50c5d\msxml4.dll
+ 2006-12-01 22:46:44   65,536   ----a-w   C:\WINDOWS\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
-- Migawka wyzerowana --
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-02-14 14:54   1555480   --a------   C:\Program Files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [2008-02-14 1555480]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-08-21 483328]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-06-23 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= C:\WINDOWS\system32\i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"msacm.avis"= ff_acm.acm
"vidc.i263"= C:\WINDOWS\system32\i263_32.drv
"msacm.imc"= C:\WINDOWS\system32\imc32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-02-22 13:22 216520 C:\Program Files\Alcohol Soft\Alcohol 52\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 13:20 227328 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2008-06-16 32768]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\otcy7gf4.default\
FF -: plugin - C:\Program Files\Opera\program\plugins\NPOFF12.DLL
FF -: plugin - C:\Program Files\Opera\program\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 14:39:46
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-10-13 14:41:19
ComboFix-quarantined-files.txt  2008-10-13 12:41:12
ComboFix2.txt  2008-10-06 17:08:36
ComboFix3.txt  2008-09-20 19:21:53

Przed: 5,872,836,608 bajtów wolnych
Po: 7,177,621,504 bajtów wolnych

338   --- E O F ---   2008-09-27 12:38:34



Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:48:00, on 2008-10-13
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\User\Pulpit\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B7E02ED-CC7C-4B81-B9BC-775EE0A41D2D}: NameServer = 208.67.222.222,208.67.222.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Usługa bramy warstwy aplikacji (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

--
End of file - 6609 bytes
kristof200
~user
 
Posty: 105
Dołączenie: 03 Maj 2008, 23:06



Wudfhost.exe zwykly proces czy virus ?

Postprzez Magik 13 Paź 2008, 15:17

Kod: Zaznacz wszystko
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'US&#321;UGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')


nic groznego, ale usunac fixem mozesz

wklej do notatnika

Kod: Zaznacz wszystko
FILE::

C:\sqmdata07.sqm
C:\sqmnoopt07.sqm
C:\sqmdata06.sqm
C:\sqmnoopt06.sqm
C:\sqmdata05.sqm
C:\sqmnoopt05.sqm
C:\sqmdata04.sqm
C:\sqmnoopt04.sqm
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmdata02.sqm
C:\sqmnoopt02.sqm
C:\mbr.exe
C:\sqmdata01.sqm
C:\sqmnoopt01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt00.sqm

REGISTRY::

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]


Plik zapisz jako CFScript.txt. Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe


i wklej log z sdfix :!:

Autor postu otrzymał pochwałę
Image Image
Awatar użytkownika
Magik
~user
 
Posty: 7956
Dołączenie: 08 Maj 2004, 09:17
Miejscowość: Głogów
Pochwały: 886



Wudfhost.exe zwykly proces czy virus ?

Postprzez kristof200 13 Paź 2008, 20:25

Kod: Zaznacz wszystko
[b]SDFix: Version 1.235 [/b]
Run by User on 2008-10-13 at 20:18

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File
Restoring Missing Security Center Service

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 20:22:51
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
"h0"=dword:00000000
"ujdew"=hex:86,af,e8,b4,5d,aa,ea,33,80,3c,40,4f,e8,c2,7d,a8,76,3e,0a,35,a3,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
"h0"=dword:00000000
"ujdew"=hex:86,af,e8,b4,5d,aa,ea,33,80,3c,40,4f,e8,c2,7d,a8,76,3e,0a,35,a3,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:


[b]Finished![/b]

kristof200
~user
 
Posty: 105
Dołączenie: 03 Maj 2008, 23:06



Wudfhost.exe zwykly proces czy virus ?

Postprzez Okocza 13 Paź 2008, 20:28

kristof200, gdzie log z combofixa ?
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
Image
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Awatar użytkownika
Okocza
~user
 
Posty: 8001
Dołączenie: 19 Mar 2006, 11:53
Pochwały: 406



Wudfhost.exe zwykly proces czy virus ?

Postprzez kristof200 13 Paź 2008, 20:34

Dodano 13.10.2008 20:34:45:
Kod: Zaznacz wszystko
ComboFix 08-10-11.04 - User 2008-10-13 20:28:00.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1250.1.1045.18.261 [GMT 2:00]
Uruchomiony z: C:\Documents and Settings\User\Pulpit\ComboFix.exe
Użyto następujących komend :: C:\Documents and Settings\User\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania
* Resident AV is active


[COLOR=RED][B]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !![/B][/COLOR]

FILE ::
C:\mbr.exe
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\mbr.exe
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-09-13 do 2008-10-13  )))))))))))))))))))))))))))))))
.

2008-10-13 20:17 . 2008-10-13 20:17   642,560   --a------   C:\WINDOWS\system32\dllcache\user32.dll
2008-10-13 20:15 . 2008-10-13 20:16   <DIR>   d--------   C:\WINDOWS\ERUNT
2008-10-13 20:12 . 2008-10-13 20:23   <DIR>   d--------   C:\SDFix
2008-10-12 22:32 . 2008-10-12 22:32   <DIR>   d--------   C:\Program Files\SigmaTel
2008-10-09 21:44 . 2008-10-09 21:44   <DIR>   d--------   C:\WINDOWS\Sun
2008-10-09 19:45 . 2008-10-09 19:45   <DIR>   d--------   C:\Program Files\NSS
2008-10-09 19:45 . 2006-08-29 16:56   32,377   --a------   C:\WINDOWS\system32\drivers\prodigy.sys
2008-10-09 15:51 . 2008-04-13 22:15   26,112   --a------   C:\WINDOWS\system32\drivers\usbser.sys
2008-10-09 15:51 . 2008-04-13 22:15   26,112   --a------   C:\WINDOWS\system32\dllcache\usbser.sys
2008-10-09 15:50 . 2008-10-09 15:50   0   --ah-----   C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-09 15:50 . 2008-10-09 15:50   0   --ah-----   C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-10-09 15:49 . 2008-10-09 15:49   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Nokia
2008-10-09 15:47 . 2008-05-07 07:38   8,064   --a------   C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-10-09 15:47 . 2008-06-06 09:24   8,064   --a------   C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-10-09 15:46 . 2008-05-07 07:39   1,419,232   --a------   C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-10-09 15:46 . 2008-05-07 07:38   659,968   --a------   C:\WINDOWS\system32\nmwcdcocls.dll
2008-10-09 15:46 . 2008-05-07 07:38   20,864   --a------   C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-10-09 15:46 . 2008-05-07 07:38   17,536   --a------   C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-10-09 15:45 . 2008-02-01 16:17   138,112   --a------   C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2008-10-09 15:45 . 2008-02-01 16:17   8,320   --a------   C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2008-10-09 15:44 . 2008-10-09 15:44   <DIR>   d--------   C:\Program Files\MSXML 6.0
2008-10-08 13:57 . 2003-08-21 06:15   483,328   -ra------   C:\WINDOWS\system32\hphmon05.exe
2008-10-08 13:57 . 2003-10-07 16:25   6,353   -ra------   C:\WINDOWS\system32\hphmon05.dat
2008-10-08 13:55 . 2008-10-08 13:59   17,325   ---------   C:\WINDOWS\HPHins01.dat
2008-10-08 13:55 . 2003-09-12 23:31   4,308   ---------   C:\WINDOWS\hphmdl01.dat
2008-10-08 13:48 . 2008-10-08 13:48   <DIR>   d--------   C:\temp\photosmart
2008-10-04 23:18 . 2008-10-04 23:21   <DIR>   d--------   C:\Program Files\WYSIWYG Web Builder 5
2008-10-04 23:18 . 2008-10-04 23:18   737,280   --a------   C:\WINDOWS\iun6002.exe
2008-10-04 16:48 . 2008-10-13 13:54   156   --a------   C:\WINDOWS\Twunk001.MTX
2008-10-04 16:48 . 2008-10-13 13:54   3   --a------   C:\WINDOWS\Twain001.Mtx
2008-10-04 16:48 . 2008-10-04 16:48   0   --a------   C:\WINDOWS\Twunk002.MTX
2008-10-04 15:38 . 2008-10-04 15:38   <DIR>   d--------   C:\Program Files\Passware
2008-09-22 19:40 . 2008-09-22 19:40   <DIR>   d--------   C:\Program Files\Microsoft IntelliPoint
2008-09-22 19:39 . 2008-09-22 19:39   <DIR>   d--------   C:\Program Files\Microsoft IntelliType Pro
2008-09-22 17:37 . 2006-10-26 19:56   32,592   --a------   C:\WINDOWS\system32\msonpmon.dll
2008-09-22 17:33 . 2008-10-04 12:28   <DIR>   d--------   C:\Program Files\Microsoft Works
2008-09-22 17:29 . 2008-09-22 17:29   <DIR>   d--------   C:\Program Files\Microsoft.NET
2008-09-22 17:26 . 2008-09-22 17:26   <DIR>   d--------   C:\Program Files\Microsoft Visual Studio 8
2008-09-21 13:34 . 2008-09-21 13:34   <DIR>   d--------   C:\WINDOWS\system32\XPSViewer
2008-09-21 13:34 . 2008-09-22 17:33   <DIR>   d--------   C:\Program Files\MSBuild
2008-09-21 13:33 . 2008-07-06 14:06   1,676,288   ---------   C:\WINDOWS\system32\xpssvcs.dll
2008-09-21 13:33 . 2008-07-06 14:06   1,676,288   ---------   C:\WINDOWS\system32\dllcache\xpssvcs.dll
2008-09-21 13:33 . 2008-07-06 12:50   597,504   ---------   C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2008-09-21 13:33 . 2008-07-06 14:06   575,488   ---------   C:\WINDOWS\system32\xpsshhdr.dll
2008-09-21 13:33 . 2008-07-06 14:06   575,488   ---------   C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2008-09-21 13:33 . 2008-07-06 14:06   117,760   ---------   C:\WINDOWS\system32\prntvpt.dll
2008-09-21 13:33 . 2008-07-06 14:06   89,088   ---------   C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2008-09-21 13:30 . 2008-09-21 13:30   <DIR>   d--------   C:\Documents and Settings\User\Dane aplikacji\Nvu
2008-09-21 13:29 . 2008-09-21 13:29   <DIR>   d--------   C:\Program Files\Nvu
2008-09-21 13:23 . 2008-09-21 13:36   <DIR>   d--------   C:\Program Files\Street Hacker
2008-09-21 10:10 . 2008-09-21 10:10   <DIR>   d--------   C:\WINDOWS\system32\xircom
2008-09-21 10:10 . 2008-09-21 10:10   <DIR>   d--------   C:\WINDOWS\system32\oobe
2008-09-21 10:10 . 2008-09-21 10:10   <DIR>   d--------   C:\WINDOWS\srchasst
2008-09-21 10:10 . 2008-09-21 10:10   <DIR>   d--------   C:\WINDOWS\msagent
2008-09-21 10:10 . 2008-09-21 10:10   <DIR>   d--------   C:\Program Files\microsoft frontpage
2008-09-20 22:26 . 2008-09-20 22:26   <DIR>   d--------   C:\WINDOWS\system32\Kaspersky Lab
2008-09-20 22:26 . 2008-09-20 22:26   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-09-20 17:58 . 2008-09-20 17:58   <DIR>   d--------   C:\!FixIEDef
2008-09-16 16:22 . 2004-05-04 12:53   1,645,320   --a------   C:\WINDOWS\system32\gdiplus.dll
2008-09-16 16:18 . 2008-09-16 16:22   <DIR>   d--------   C:\Program Files\BurnAware Free
2008-09-14 22:19 . 2008-09-14 22:19   <DIR>   d--------   C:\Documents and Settings\User\DoctorWeb
2008-09-14 22:19 . 2008-09-14 22:19   <DIR>   d--------   C:\Documents and Settings\User\Dane aplikacji\FDRLab
2008-09-13 22:12 . 2008-09-13 22:12   <DIR>   d--------   C:\Documents and Settings\User\WINDOWS
2008-09-13 11:57 . 2008-09-13 11:57   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Yahoo! Companion

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 18:13   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\foobar2000
2008-10-12 20:32   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-10-11 19:44   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-10-10 17:51   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Skype
2008-10-10 14:58   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\skypePM
2008-10-09 13:46   ---------   d-----w   C:\Program Files\Nokia
2008-10-09 13:40   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-10-09 13:38   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Nokia
2008-10-08 12:23   ---------   d-----w   C:\Program Files\Hewlett-Packard
2008-10-04 14:48   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Thinstall
2008-09-23 15:59   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-09-14 20:21   ---------   d-----w   C:\Program Files\FDRLab
2008-09-09 15:48   ---------   d-----w   C:\Program Files\Maxtor
2008-09-09 11:18   ---------   d-----w   C:\Program Files\Shut Down-O-Matic
2008-09-06 14:46   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Nokia Multimedia Player
2008-09-05 19:30   ---------   d-----w   C:\Program Files\Theorica Divx ;-) Codecs
2008-09-05 19:28   ---------   d-----w   C:\Program Files\K-Lite Codec Pack
2008-09-05 18:52   ---------   d-----w   C:\Program Files\XviD
2008-09-04 18:34   ---------   d-----w   C:\Program Files\free-downloads.net
2008-09-04 18:34   ---------   d-----w   C:\Program Files\Conduit
2008-09-04 18:33   ---------   d-----w   C:\Program Files\Alcohol Soft
2008-09-04 17:58   716,272   ----a-w   C:\WINDOWS\system32\drivers\sptd.sys
2008-09-03 19:29   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Hide IP NG
2008-09-02 16:41   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\uniblue
2008-09-01 19:34   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Vso
2008-09-01 19:16   47,360   ----a-w   C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-01 19:16   47,360   ----a-w   C:\Documents and Settings\User\Dane aplikacji\pcouffin.sys
2008-09-01 19:16   ---------   d-----w   C:\Program Files\VSO
2008-09-01 17:40   ---------   d-----w   C:\Program Files\Uniblue
2008-09-01 17:35   ---------   d-----w   C:\Program Files\Reference Assemblies
2008-09-01 06:50   ---------   d-----w   C:\Program Files\MSXML 4.0
2008-08-31 20:38   ---------   d-----w   C:\Program Files\Video mp3 Extractor
2008-08-31 19:22   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Dev-Cpp
2008-08-28 14:43   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Maxtor
2008-08-27 17:49   ---------   d-----w   C:\Program Files\Skype
2008-08-27 17:49   ---------   d-----w   C:\Program Files\Common Files\Skype
2008-08-27 17:49   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-08-26 18:59   ---------   d-----w   C:\Program Files\Any Video Converter
2008-08-26 18:59   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Any Video Converter
2008-08-25 17:58   ---------   d-----w   C:\Program Files\NAPI-PROJEKT
2008-08-24 17:23   ---------   d-----w   C:\Program Files\Java
2008-08-24 17:20   ---------   d-----w   C:\Program Files\Common Files\Java
2008-08-24 16:55   ---------   d-----w   C:\Program Files\IrfanView
2008-08-24 08:20   ---------   d-----w   C:\Program Files\Common Files\Adobe AIR
2008-08-24 08:19   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-08-23 22:43   ---------   d-----w   C:\Program Files\JLC's Software
2008-08-23 22:40   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\JLC's Software
2008-08-23 22:32   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\TVU Networks
2008-08-23 22:32   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\TVU Networks
2008-08-23 22:28   ---------   d-----w   C:\Program Files\Free TV Online
2008-08-23 22:23   ---------   d-----w   C:\Program Files\TVPlayerClassic
2008-08-23 19:16   ---------   d-----w   C:\Program Files\Teamspeak2_RC2
2008-08-23 19:16   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\teamspeak2
2008-08-23 18:40   ---------   d-----w   C:\Program Files\Real Alternative
2008-08-23 18:34   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Media Player Classic
2008-08-23 16:52   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\PC Suite
2008-08-23 16:43   ---------   d-----w   C:\Program Files\Windows Live
2008-08-23 16:42   ---------   dcsh--w   C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-23 16:39   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\WLInstaller
2008-08-23 13:55   ---------   d-----w   C:\Program Files\NovaLogic
2008-08-23 10:44   ---------   d-----w   C:\Program Files\DIFX
2008-08-23 10:44   ---------   d-----w   C:\Program Files\Common Files\PCSuite
2008-08-23 10:44   ---------   d-----w   C:\Program Files\Common Files\Nokia
2008-08-23 10:43   ---------   d-----w   C:\Program Files\PC Connectivity Solution
2008-08-23 10:43   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\PC Suite
2008-08-23 10:18   ---------   d-----w   C:\Program Files\foobar2000
2008-08-23 10:16   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\BESTplayer
2008-08-23 10:00   ---------   d-----w   C:\Program Files\ESET
2008-08-23 09:57   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\Gadu-Gadu
2008-08-23 09:56   ---------   d-----w   C:\Program Files\Yahoo!
2008-08-23 09:56   ---------   d-----w   C:\Program Files\CCleaner
2008-08-23 09:55   ---------   d-----w   C:\Program Files\Gadu-Gadu
2008-08-23 09:53   ---------   d-----w   C:\Program Files\Opera
2008-08-22 22:01   ---------   d-----w   C:\Documents and Settings\User\Dane aplikacji\ESET
2008-08-22 21:34   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-08-22 21:24   ---------   d-----w   C:\Program Files\Usługi online
2008-08-22 21:22   ---------   d-----w   C:\Program Files\Windows Media Connect 2
2008-07-29 23:34   96,760   ----a-w   C:\WINDOWS\system32\dfshim.dll
2008-07-29 23:34   83,968   ----a-w   C:\WINDOWS\system32\mscories.dll
2008-07-29 23:34   41,984   ----a-w   C:\WINDOWS\system32\netfxperf.dll
2008-07-29 23:34   282,112   ----a-w   C:\WINDOWS\system32\mscoree.dll
2008-07-29 23:34   158,720   ----a-w   C:\WINDOWS\system32\mscorier.dll
2008-07-29 19:10   73,720   ----a-w   C:\WINDOWS\system32\dxva2.dll
2008-07-29 19:10   493,048   ----a-w   C:\WINDOWS\system32\evr.dll
2008-07-29 19:10   26,112   ----a-w   C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 18:35   326,160   ----a-w   C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 17:59   781,344   ----a-w   C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 17:59   43,544   ----a-w   C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 17:59   161,296   ----a-w   C:\WINDOWS\system32\UIAutomationCore.dll
2008-07-29 17:59   105,016   ----a-w   C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 17:24   97,800   ----a-w   C:\WINDOWS\system32\infocardapi.dll
2008-07-29 17:24   622,080   ----a-w   C:\WINDOWS\system32\icardagt.exe
2008-07-29 17:24   11,264   ----a-w   C:\WINDOWS\system32\icardres.dll
2008-07-18 20:10   94,920   ----a-w   C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10   53,448   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10   45,768   ----a-w   C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10   36,552   ----a-w   C:\WINDOWS\system32\wups.dll
2008-07-18 20:09   563,912   ----a-w   C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09   325,832   ----a-w   C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09   205,000   ----a-w   C:\WINDOWS\system32\wuweb.dll
.

------- Sigcheck -------

2007-07-10 19:06  642560  ce594e18fe0d0af804f1f3694921ce62   C:\WINDOWS\system32\user32.dll
2008-10-13 20:17  642560  ce594e18fe0d0af804f1f3694921ce62   C:\WINDOWS\system32\dllcache\user32.dll

2008-06-16 03:28  549888  335813eacd16e84f3047a3326f6e5473   C:\WINDOWS\system32\winlogon.exe

2008-07-07 23:43  2032128  2bc05e243b86aa8e569ee3c5d8b3c424   C:\WINDOWS\system32\ntkrnlpa.exe

2008-07-06 23:44  2153472  04404b7f25984558ad3390bf84c4eb95   C:\WINDOWS\system32\ntoskrnl.exe

2008-06-27 05:36  1424896  4ec7ed41d95d18b3cd1a2bd9dfefb591   C:\WINDOWS\explorer.exe
.
(((((((((((((((((((((((((((((   snapshot_2008-10-13_14.40.28.60   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 14:27:04   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-10-13 18:16:04   2,756,608   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-10-13 18:16:04   184,320   ----a-w   C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-07 14:27:04   163,328   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-10-13 18:16:03   2,756,608   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-10-13 18:16:03   184,320   ----a-w   C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-08-21 483328]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= C:\WINDOWS\system32\i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"msacm.avis"= ff_acm.acm
"vidc.i263"= C:\WINDOWS\system32\i263_32.drv
"msacm.imc"= C:\WINDOWS\system32\imc32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2008-02-22 13:22 216520 C:\Program Files\Alcohol Soft\Alcohol 52\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 13:20 227328 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2008-06-16 32768]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 20:30:26
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-10-13 20:31:43
ComboFix-quarantined-files.txt  2008-10-13 18:31:39
ComboFix2.txt  2008-10-13 12:41:21
ComboFix3.txt  2008-10-06 17:08:36
ComboFix4.txt  2008-09-20 19:21:53

Przed: 8 188 301 312 bajtów wolnych
Po: 8,178,737,152 bajtów wolnych

317   --- E O F ---   2008-09-27 12:38:34
kristof200
~user
 
Posty: 105
Dołączenie: 03 Maj 2008, 23:06



Wudfhost.exe zwykly proces czy virus ?

Postprzez Okocza 13 Paź 2008, 20:43

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp :) (ewentualnie tym programem przejdź komputer)
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd.
eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
Image
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Awatar użytkownika
Okocza
~user
 
Posty: 8001
Dołączenie: 19 Mar 2006, 11:53
Pochwały: 406



Wudfhost.exe zwykly proces czy virus ?

Postprzez kristof200 13 Paź 2008, 20:58

W uruchamianiu mam tylko

egui Firewall
jusched
Grovemonitor
type32
point32


i to wszystko wiec chyba nic nieda sie wyrzucic :p
kristof200
~user
 
Posty: 105
Dołączenie: 03 Maj 2008, 23:06



Wudfhost.exe zwykly proces czy virus ?

Postprzez Okocza 13 Paź 2008, 20:59

eMachines E730G - Core i5-430M, 2GiB RAM, ATI Mobility Radeon HD5470, WD 320GiB; Cort Z-44,DR 0.09-0.42, Peavey Backstage
Mac OS X 10.7.4 Lion // Windows 7 Professional x64 // NIE POMAGAM NA PW/GG/E-MAIL
Image
"Moje Ego i Anima spotykają się i wymieniają przepisami na ciasteczka" - Maynard James Keenan
Awatar użytkownika
Okocza
~user
 
Posty: 8001
Dołączenie: 19 Mar 2006, 11:53
Pochwały: 406



Wudfhost.exe zwykly proces czy virus ?

Postprzez kristof200 13 Paź 2008, 21:10

Dzieki bardzo za wszystko !
Pozdro
kristof200
~user
 
Posty: 105
Dołączenie: 03 Maj 2008, 23:06




Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 14 gości