Wysokie wykorzystanie pamięci przez svchost.exe

[bogus]

ComboFix 12-01-13.05 - PAWEŁ 2012-01-14 15:41:05.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1250.48.1045.18.8136.5823 [GMT 1:00]

Uruchomiony z: c:\users\PAWEú\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Utworzono nowy punkt przywracania

.

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\facemoods.com

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.png

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll

c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe

c:\programdata\Roaming

c:\users\PAWEŁ\AppData\Roaming\A9F1.tmp

c:\users\PAWEŁ\AppData\Roaming\B0D5.tmp

c:\windows\PFRO.log

c:\windows\pkunzip.pif

c:\windows\pkzip.pif

c:\windows\s.bat

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_npf

.

.

((((((((((((((((((((((((( Pliki utworzone od 2011-12-14 do 2012-01-14 )))))))))))))))))))))))))))))))

.

.

2012-01-14 14:55 . 2012-01-14 14:55 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06B6B16C-BD42-4845-897C-DA60B90C4390}\offreg.dll

2012-01-14 14:48 . 2012-01-14 14:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-01-14 14:48 . 2012-01-14 14:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-13 09:14 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06B6B16C-BD42-4845-897C-DA60B90C4390}\mpengine.dll

2012-01-11 14:33 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-11 14:33 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-11 14:33 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-11 14:33 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-11 14:33 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 14:33 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-11 14:33 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-11 14:33 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-11 13:41 . 2012-01-11 13:41 193 ----a-w- c:\users\PAWEŁ\AppData\Roaming\A2FE.tmp

2012-01-02 06:32 . 2012-01-02 06:32 -------- d-----w- c:\users\PAWEŁ\AppData\Local\ElevatedDiagnostics

2012-01-02 06:16 . 2012-01-02 06:16 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2012-01-02 06:16 . 2012-01-02 06:16 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2012-01-02 06:16 . 2012-01-02 06:16 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2012-01-02 06:16 . 2012-01-02 06:16 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll

2011-12-31 15:20 . 2011-12-19 12:45 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2011-12-31 15:20 . 2011-12-19 12:45 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2011-12-31 15:20 . 2011-12-31 15:20 -------- d-----w- c:\program files\Oracle

2011-12-27 15:43 . 2011-12-27 15:43 -------- d-----w- c:\users\PAWEŁ\AppData\Roaming\MySQL

2011-12-22 16:46 . 2011-12-22 16:46 240 ----a-w- C:\user.js

2011-12-22 16:46 . 2011-12-22 16:46 -------- d-----w- c:\program files (x86)\BabylonToolbar

2011-12-22 16:46 . 2011-12-22 16:46 -------- d-----w- c:\programdata\Premium

2011-12-22 16:46 . 2011-12-22 16:46 -------- d-----w- c:\programdata\InstallMate

2011-12-20 20:35 . 2011-12-20 20:46 -------- d-----w- c:\users\PAWEŁ\AppData\Roaming\Notepad++

2011-12-20 20:35 . 2011-12-20 20:35 -------- d-----w- c:\program files (x86)\Notepad++

2011-12-19 12:45 . 2011-12-19 12:45 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2011-12-19 12:43 . 2011-12-19 12:43 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll

2011-12-19 12:43 . 2011-12-19 12:43 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2011-12-17 18:01 . 2011-12-17 18:01 -------- d-----w- c:\users\PAWEŁ\AppData\Local\Opera

2011-12-17 18:01 . 2011-12-17 18:01 -------- d-----w- c:\program files (x86)\Opera

2011-12-17 17:06 . 2011-12-17 17:06 -------- d-----w- c:\program files (x86)\Safari

2011-12-17 15:23 . 2011-12-17 15:23 -------- d-----w- c:\windows\Sun

2011-12-16 22:49 . 2011-12-16 22:49 -------- d-----w- c:\users\PAWEŁ\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2011-12-16 16:11 . 2011-12-16 16:11 -------- d-----w- c:\program files\WinPcap

2011-12-16 14:18 . 2011-12-16 14:18 -------- d-----w- c:\users\PAWEŁ\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1

2011-12-15 16:14 . 2011-12-15 16:14 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-14 09:33 . 2011-11-03 13:58 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2011-12-14 09:32 . 2011-11-03 13:58 686416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-12-05 10:24 . 2011-12-05 10:24 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2011-12-05 10:24 . 2011-12-05 10:24 686400 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-11-28 18:01 . 2011-12-08 07:50 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 18:01 . 2011-12-08 07:50 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-11-28 18:01 . 2011-12-08 07:51 256960 ----a-w- c:\windows\system32\aswBoot.exe

2011-11-28 17:54 . 2011-12-08 07:51 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:53 . 2011-12-08 07:51 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-11-28 17:52 . 2011-12-08 07:51 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-11-28 17:52 . 2011-12-08 07:51 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-11-28 17:52 . 2011-12-08 07:51 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-11-28 17:51 . 2011-12-08 07:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-11-24 04:52 . 2011-12-15 05:48 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-23 13:06 . 2011-11-23 13:07 103744 ----a-w- c:\windows\system32\MSCOMM32.OCX

2011-11-17 07:12 . 2011-10-28 11:10 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-11-14 15:37 . 2011-09-25 17:21 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-05 05:32 . 2011-12-15 05:48 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:26 . 2011-12-15 05:48 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-10-28 11:10 . 2011-10-28 11:10 53248 ----a-r- c:\users\PAWEŁ\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-10-28 11:10 . 2011-10-28 11:10 53248 ----a-r- c:\users\PAWEŁ\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-10-26 05:21 . 2011-12-15 05:48 43520 ----a-w- c:\windows\system32\csrsrv.dll

.

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"YouCam Tray"="c:\program files (x86)\Lenovo\YouCam\YouCam.exe" [2011-01-28 228448]

"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

"Cobian Backup 10"="c:\program files (x86)\Cobian Backup 10\Cobian.exe" [2010-09-23 421376]

"iCueScheduler"="c:\program files (x86)\BASF\iCueScheduler\iCueScheduler.exe" [2011-06-01 333824]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2011-12-12 74752]

R2 gupdate;Usługa Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-16 136176]

R3 %S_ServiceName%;%S_ServiceName%;c:\windows\system32\Drivers\xrite_usb_x64.sys [x]

R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 gupdatem;Usługa Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-16 136176]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [x]

R3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]

R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [x]

R4 SQLAgent$SQL_ICCM;SQL Server Agent (SQL_ICCM);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQL_ICCM\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]

R4 SQLAgent$SQL_PB1;SQL Server Agent (SQL_PB1);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL_PB1\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [x]

S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [x]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S1 winioex;winioex;c:\windows\system32\drivers\winioex.sys [x]

S2 Apache2.2;Apache2.2;e:\xampp\apache\bin\httpd.exe [2011-09-10 18432]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2011-12-12 8704]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]

S2 MSSQL$SQL_ICCM;SQL Server (SQL_ICCM);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQL_ICCM\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]

S2 MSSQL$SQL_PB1;SQL Server (SQL_PB1);c:\program files\Microsoft SQL Server\MSSQL10_50.SQL_PB1\MSSQL\Binn\sqlservr.exe [2010-04-03 61913952]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-01 2009704]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]

S2 TeamViewer4;TeamViewer 4;c:\program files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2010-03-22 185640]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]

S3 DelayMan;ACPI DelayMan Filter Service;c:\windows\system32\DRIVERS\delayman.sys [x]

S3 IntcDAud;Intel® Audio dla ekranów;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Sterownik karty Intel® Wireless WiFi Link 5000 Series dla systemu Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [x]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

.

--- Inne Usługi/Sterowniki w Pamięci ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Zawartość folderu 'Zaplanowane zadania'

.

2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-16 19:51]

.

2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-16 19:51]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]

@="{771C7324-DA80-49D3-8017-753B0AF60951}"

[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]

2011-06-16 19:58 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]

"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-06-16 789920]

"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-06-16 206176]

"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2011-06-16 9753024]

"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2011-06-16 5908928]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"combofix"="c:\combofix\CF30778.3XE" [2010-11-21 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://search.babylon.com/?AF=100888&tt=221211_cntrl&babsrc=HP_ss&mntrId=ca8036ba0000000000008ca982af0755

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://lenovo.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\PAWEŁ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\PAWEŁ\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Funkcja Google Sidewiki - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\PAWEŁ\AppData\Roaming\Mozilla\Firefox\Profiles\pcxf3ks4.default\

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100888&tt=221211_cntrl&babsrc=adbartrp&mntrId=ca8036ba0000000000008ca982af0755&q=

FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=221211_cntrl

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - ca8036ba0000000000008ca982af0755

FF - user.js: extensions.BabylonToolbar_i.hardId - ca8036ba0000000000008ca982af0755

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15330

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:46

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - USUNIĘTO PUSTE WPISY - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe

.

.

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

.

[HKEY_USERS\S-1-5-21-2608434482-2585595813-3508950046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariDownload"

.

[HKEY_USERS\S-1-5-21-2608434482-2585595813-3508950046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (S-1-5-21-2608434482-2585595813-3508950046-1001)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2608434482-2585595813-3508950046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (S-1-5-21-2608434482-2585595813-3508950046-1001)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2608434482-2585595813-3508950046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariExtension"

.

[HKEY_USERS\S-1-5-21-2608434482-2585595813-3508950046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (S-1-5-21-2608434482-2585595813-3508950046-1001)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2608434482-2585595813-3508950046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-2608434482-2585595813-3508950046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-2608434482-2585595813-3508950046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (S-1-5-21-2608434482-2585595813-3508950046-1001)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2608434482-2585595813-3508950046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (S-1-5-21-2608434482-2585595813-3508950046-1001)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2608434482-2585595813-3508950046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-2608434482-2585595813-3508950046-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B3FD39C6-D702-5D39-A6C8-DBD8CB186A1F}*]

"iaiagpfgdogebfncle"=hex:63,61,64,6f,6b,66,00,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

e:\xampp\mysql\bin\mysqld.exe

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe

.

**************************************************************************

.

Czas ukończenia: 2012-01-14 17:05:18 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2012-01-14 16:05

.

Przed: 212 595 064 832 bajtów wolnych

Po: 214 930 550 784 bajtów wolnych

.

- - End Of File - - 2A64C1F030A1A9181CD489704A2C394B

[picasso]

Brak opisu problemu, brak obowiązkowych logów z OTL. Proszę się dostosować do zasad działu: KLIK.

 

ComboFix to nie jest narzędzie domowego użytku, to narzędzie poziomu ekspert stosowane pod nadzorem, gdy są po temu powody: KLIK. Uruchomiłeś go niepotrzebnie, dręcząc system. Tyle w tej kwestii. Proszę narzędzie odinstalować w prawidłowy sposób, klawisz z flagą Windows+R i w Uruchom wklej:

 

C:\Users\PAWEŁ\Desktop\ComboFix.exe /uninstall

 

 

.

[bogus]

Czy znaczy to że wszystko jest ok ?

 

Uruchomiłem combofix ponieważ wykorzystanie pamięci ciągle jest na poziomie 30% .

 

Menedzer zadań pamięć :

svchost.exe ciągle około 141 972K

 

normalne ? co do jest ?

[picasso]

Tytuł tematu dopasowuję do problemu właściwego. Nadal nie zostały dostarczone logi z OTL.

 

 

Czy znaczy to że wszystko jest ok ?

 

Nie, nie jest to potwierdzenie dostateczne. Raport z ComboFix jest filtrowany + limitowany, specjalizowany pod kątem określonego tematu. Nie służy do diagnostyki wszystkich problemów systemowych jak leci. Na jego podstawie można jedynie stwierdzić, że ComboFix nie widzi znanej sobie infekcji (znanej = ComboFix nie jest skanerem antywirusowym ogólnym i ma planowane tylko określone rzeczy) oraz że podstawowe miejsca startowe nie mają widocznych zapisu trojanów.

 

Tu kiedyś jakaś infekcja była, świadczy o tym klucz dopisany do Trybu awaryjnego: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv. Ale to resztka, nieistotna na razie w dywagacjach. Widać też, że masz śmieci poinstalowane (Babylon Toolbar).

 

 

Uruchomiłem combofix ponieważ wykorzystanie pamięci ciągle jest na poziomie 30% .

 

Menedzer zadań pamięć :

svchost.exe ciągle około 141 972K

 

normalne ? co do jest ?

 

Zdiagnozuj o które usługi chodzi. Z prawokliku na ten svchost.exe pobierz opcję "Przejdź do usług" i wypisz wszystkie, które się zaznaczą.

 

 

 

.

[bogus]

wudfsvc :: windows driver foundation - user mode driver framework

Wlansvc :: autokonfiguracja sieci WLAN

WdiSystemHost :: Host systemu diagnostyki

UxSms :: Menedżer sesji Menedżera okien pulpitu

TrkWks :: Klient śledzenia łączy rozproszonych

SysMain :: Wstępne ładowania pamięci

PcaSvc :: Usługa asystentów zgodności programów

Netman :: Połączenia sieciowe

AudioEndpointBuilder :: konstruktor punktów końcowych audi systemów Windows

 

 

---

jak otrzymać logi OTL - o czym piszesz ?

[picasso]

jak otrzymać logi OTL - o czym piszesz ?

 

Podałam link do zasad działu. Skoro o to pytasz, nie przeczytałeś tego, bo tam jest skierowanie do instrukcji robienia raportu.

 

 

 

.

Edytowane 14 Lutego 2012 przez picasso
14.02.2012 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso