Komputer dłuuugo myśli & internet - prosze o spr. loga

**Posty:** 271 · przez **Sythev** 06 Lut 2009, 22:23

Witam !

Mam nowy komputer (1miesiąc) i już coś dłuuuugo zaczyna myślec i internet też..
Mam WINDOWS VISTA.

Jakie logi mam zrobic (program) ?

**Posty:** 8001 · przez **Okocza** 06 Lut 2009, 22:27

z combofixa i hijacka, bez tego anirusz.

**Posty:** 271 · przez **Sythev** 06 Lut 2009, 22:35

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:35:02, on 2009-02-06 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\msfeedssync.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [diagnostics] "C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" /icon -l:pl O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA') O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8CBA24B3-9835-478F-A2A1-868EC66CF709}: NameServer = 213.241.79.37 83.238.255.76 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: ArcaBit Control (ArcaRemoteService) - Unknown owner - C:\Program Files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe (file missing) O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ArcaBit Backup Service (AVBackup) - Unknown owner - C:\Program Files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe (file missing) O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ArcaBit Tasks Service (AVTasks2) - Unknown owner - C:\PROGRA~1\ArcaBit\Common\ARCATA~1.EXE (file missing) O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe -- End of file - 5726 bytes

Dodano 06.02.2009 21:44:23:

Kod: Zaznacz wszystko: ComboFix 09-02-06.01 - Dom 2009-02-06 21:37:43.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1045.18.3326.2423 [GMT 1:00] Uruchomiony z: c:\users\Dom\Downloads\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Utworzono nowy punkt przywracania * Resident AV is active . ((((((((((((((((((((((((( Pliki utworzone od 2009-01-06 do 2009-02-06 ))))))))))))))))))))))))))))))) . 2009-02-06 21:34 . 2009-02-06 21:34 <DIR> d-------- c:\program files\Trend Micro 2009-02-06 21:30 . 2009-02-06 21:30 <DIR> d-------- C:\ERDNT 2009-02-06 21:29 . 2009-02-06 21:29 <DIR> d-------- c:\windows\ERUNT 2009-02-06 21:29 . 2009-02-06 21:29 <DIR> d-------- C:\!FixIEDef 2009-02-06 21:28 . 2009-02-06 21:29 1,123,472 --a------ c:\users\Dom\FixIEDef.exe 2009-02-06 21:26 . 2009-02-06 21:26 50,688 --a------ c:\users\Dom\ATF-Cleaner.exe 2009-02-03 23:11 . 2009-02-03 23:11 167,972 --a------ c:\users\Dom\rf.zip 2009-02-03 23:11 . 2009-02-03 23:11 297 --a------ c:\users\Dom\4961-cpl_mouse_fix.zip 2009-02-02 20:06 . 2009-02-02 20:11 <DIR> d-------- c:\program files\Vidalia Bundle 2009-01-31 16:07 . 2009-01-31 16:07 <DIR> d-------- c:\program files\Microsoft Works 2009-01-31 16:06 . 2009-01-31 16:06 <DIR> d-------- c:\windows\PCHEALTH 2009-01-31 16:06 . 2009-01-31 16:06 <DIR> d-------- c:\program files\Microsoft.NET 2009-01-31 16:05 . 2009-01-31 16:08 <DIR> d-------- c:\users\All Users\Microsoft Help 2009-01-31 16:05 . 2009-01-31 16:08 <DIR> d-------- c:\programdata\Microsoft Help 2009-01-31 16:05 . 2009-01-31 16:05 <DIR> dr-h----- C:\MSOCache 2009-01-26 14:47 . 2009-01-26 14:55 <DIR> d-------- c:\users\Dom\AppData\Roaming\Corel 2009-01-26 14:47 . 2009-01-26 14:47 2,828 --ahs---- c:\users\All Users\KGyGaAvL.sys 2009-01-26 14:47 . 2009-01-26 14:47 2,828 --ahs---- c:\programdata\KGyGaAvL.sys 2009-01-26 14:47 . 2009-01-26 14:47 8 -r-hs---- c:\users\All Users\15C7767172.sys 2009-01-26 14:47 . 2009-01-26 14:47 8 -r-hs---- c:\programdata\15C7767172.sys 2009-01-26 14:45 . 2009-01-26 14:55 <DIR> d-------- c:\users\All Users\Corel 2009-01-26 14:45 . 2009-01-26 14:54 <DIR> d-------- c:\users\All Users\Borland 2009-01-26 14:45 . 2009-01-26 14:55 <DIR> d-------- c:\programdata\Corel 2009-01-26 14:45 . 2009-01-26 14:54 <DIR> d-------- c:\programdata\Borland 2009-01-25 15:47 . 2009-01-25 15:47 <DIR> d-------- c:\users\All Users\TVU Networks 2009-01-25 15:47 . 2009-01-25 15:47 <DIR> d-------- c:\programdata\TVU Networks 2009-01-16 23:35 . 2008-09-26 14:21 1,136,128 --a------ c:\users\Dom\AequiAPI.dll 2009-01-16 23:35 . 2008-09-28 14:53 242,176 --a------ c:\users\Dom\aequitas.exe 2009-01-14 18:51 . 2009-01-14 18:51 <DIR> d-------- c:\users\Dom\AppData\Roaming\PeerNetworking 2009-01-14 18:21 . 2009-01-15 01:20 <DIR> d-------- C:\temp 2009-01-14 18:21 . 2009-01-14 18:21 987,136 --a------ c:\temp\abmaster.dll 2009-01-14 17:59 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2009-01-14 17:59 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2009-01-14 17:59 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2009-01-14 17:59 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2009-01-14 17:59 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2009-01-14 17:59 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2009-01-14 17:59 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2009-01-14 17:59 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2009-01-14 17:59 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2009-01-08 23:19 . 2009-01-22 21:31 <DIR> d-------- c:\users\Dom\demka n1 . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-06 16:57 --------- d-----w c:\program files\Steam 2009-02-04 16:23 --------- d-----w c:\program files\Common Files\Steam 2009-02-02 19:11 --------- d-----w c:\program files\SkanerOnline 2009-01-31 14:12 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-31 13:31 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-14 17:27 --------- d-----w c:\program files\Common Files\LightScribe 2009-01-14 17:22 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-07 17:48 --------- d-----w c:\program files\Common Files\Adobe 2009-01-05 00:44 --------- d-----w c:\program files\DivX 2008-12-27 15:59 --------- d-----w c:\users\Dom\AppData\Roaming\Winamp 2008-12-26 15:53 --------- d-----w c:\users\Dom\AppData\Roaming\Media Player Classic 2008-12-23 07:07 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-12-22 08:13 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys 2008-12-22 08:13 69,128 ----a-w c:\windows\system32\drivers\avgwfpx.sys 2008-12-22 08:13 10,520 ----a-w c:\windows\System32\avgrsstx.dll 2008-12-22 08:05 51,232 ----a-w c:\users\Dom\wwdc.exe 2008-12-20 19:05 --------- d-----w c:\program files\Ventrilo 2008-12-20 18:20 --------- d-----w c:\users\Dom\AppData\Roaming\Ventrilo 2008-12-18 20:41 --------- d-----w c:\program files\Common Files\Logitech 2008-12-18 20:39 --------- d-----w c:\program files\Logitech 2008-12-17 19:16 --------- d-----w c:\users\Dom\AppData\Roaming\Gadu-Gadu 2008-12-17 19:14 --------- d-----w c:\program files\Gadu-Gadu 2008-12-17 18:55 --------- d-----w c:\program files\Thomson 2008-12-17 18:18 --------- d-----w c:\programdata\LightScribe 2008-12-17 18:10 40,320 ----a-w c:\windows\system32\drivers\steth.sys 2008-12-17 18:10 30,464 ----a-w c:\windows\system32\drivers\st330.sys 2008-12-17 18:10 16,128 ----a-w c:\windows\system32\drivers\lpwdm.sys 2008-12-17 18:10 12,672 ----a-w c:\windows\system32\drivers\stbus.sys 2008-12-17 17:57 --------- d-----w c:\program files\SEC 2008-12-17 16:58 --------- d-----w c:\programdata\Ahead 2008-12-17 16:56 --------- d-----w c:\program files\Nero 2008-12-17 16:48 --------- d-----w c:\program files\Kalendarz XP 2008-12-17 16:46 --------- d-----w c:\program files\Winamp 2008-12-17 16:45 --------- d-----w c:\program files\K-Lite Codec Pack 2008-12-17 16:45 --------- d-----w c:\program files\Java 2008-12-17 16:44 --------- d-----w c:\program files\Common Files\Java 2008-12-17 16:43 --------- d-----w c:\programdata\avg8 2008-12-17 16:43 --------- d-----w c:\program files\AVG 2008-12-17 16:39 --------- d-----w c:\users\Dom\AppData\Roaming\ATI 2008-12-17 16:39 --------- d-----w c:\programdata\ATI 2008-12-17 16:13 --------- d-----w c:\program files\ATI Technologies 2008-12-17 16:12 --------- d-----w c:\program files\Common Files\ATI Technologies 2008-12-17 16:10 --------- d-----w c:\program files\Realtek 2008-12-17 16:09 319,456 ----a-w c:\windows\DIFxAPI.dll 2008-12-17 16:09 315,392 ----a-w c:\windows\HideWin.exe 2008-12-17 16:09 --------- d-----w c:\users\Dom\AppData\Roaming\InstallShield 2008-12-17 15:25 --------- d-----w c:\program files\ATI 2008-12-17 15:20 --------- d-sh--w c:\programdata\Ulubione 2008-12-17 15:20 --------- d-sh--w c:\programdata\Szablony 2008-12-17 15:20 --------- d-sh--w c:\programdata\Pulpit 2008-12-17 15:20 --------- d-sh--w c:\programdata\Menu Start 2008-12-17 15:20 --------- d-sh--w c:\programdata\Dokumenty 2008-12-17 15:20 --------- d-sh--w c:\programdata\Dane aplikacji 2008-11-21 21:46 200,704 ----a-w c:\windows\System32\ssldivx.dll 2008-11-21 21:46 1,044,480 ----a-w c:\windows\System32\libdivx.dll 2008-04-16 19:04 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-22 1261336] "diagnostics"="c:\program files\Thomson\ST330\diagnostics\diagnostics.exe" [2008-12-17 557149] "EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2004-01-08 37888] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 c:\windows\RtHDVCpl.exe] "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 c:\windows\LOGI_MWX.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NaturalColorLoad.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NaturalColorLoad.lnk backup=c:\windows\pss\NaturalColorLoad.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-03-25 04:28 144784 c:\program files\Java\jre1.6.0_06\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-04-01 19:49 36352 c:\program files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{94EF9BF6-231C-4B27-B942-9DB68F00B20B}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{30BC7E75-AC1D-4F58-90DF-837E8873D1CA}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{312766FB-2843-4637-9A22-E6561F2F236F}"= UDP:c:\users\Dom\AppData\Local\Temp\RarSFX1\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard "{D59C81EB-092F-4F63-873A-1FF41C5C534B}"= TCP:c:\users\Dom\AppData\Local\Temp\RarSFX1\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard "{630D427E-1672-441D-8FB2-1F4EA962CA14}"= UDP:c:\users\Dom\AppData\Local\Temp\RarSFX2\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard "{DEE0F4BD-DD8D-4A74-B120-E7CFF021DF40}"= TCP:c:\users\Dom\AppData\Local\Temp\RarSFX2\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard "{F52D7C74-3CD8-4CBC-91D2-08F5DD292033}"= UDP:c:\users\Dom\AppData\Local\Temp\RarSFX3\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard "{D1E037A3-FE29-41FB-A678-BF007BF97322}"= TCP:c:\users\Dom\AppData\Local\Temp\RarSFX3\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard "{5B03697C-773E-4A8D-838E-9F5FA87CC90E}"= UDP:c:\users\Dom\AppData\Local\Temp\RarSFX4\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard "{B2191528-A58C-47D4-B9B7-E9FB11AA345A}"= TCP:c:\users\Dom\AppData\Local\Temp\RarSFX4\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard "{FE12D0F1-6AC9-4CE7-BCED-E074E1A0336B}"= UDP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service "{169FEB98-A68D-4E98-97A5-FF011E92D78D}"= TCP:c:\program files\Thomson\ST330\service\st330service.exe:ST330 service "TCP Query User{7D4D77DF-28D3-4E89-98FD-DC9D95E4A0E1}c:\\program files\\steam\\steamapps\\fisq\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\fisq\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{3F79F56D-2DBF-4B03-BF0F-2E0EA87BCCD5}c:\\program files\\steam\\steamapps\\fisq\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\fisq\counter-strike\hl.exe:Half-Life Launcher "TCP Query User{2C8D7456-A4E9-4A28-9D06-4E3F663F9D11}c:\\program files\\gadu-gadu\\gg.exe"= UDP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny "UDP Query User{9A28137A-A81B-4A18-AA3D-B11CDE45034A}c:\\program files\\gadu-gadu\\gg.exe"= TCP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny "TCP Query User{2CF305F5-9119-49C8-A7A0-38DEC13DE82F}c:\\users\\dom\\desktop\\azereus.exe"= UDP:c:\users\dom\desktop\azereus.exe:azereus "UDP Query User{C6EB05E8-D0B4-41D6-8AE5-3C0CCEDAD024}c:\\users\\dom\\desktop\\azereus.exe"= TCP:c:\users\dom\desktop\azereus.exe:azereus "TCP Query User{9FFB30B7-A068-4B2F-B735-8588F36024A1}d:\\azer\\azereus.exe"= UDP:d:\azer\azereus.exe:azereus "UDP Query User{235BF3FA-4EEC-4295-874C-7A64F24B95C4}d:\\azer\\azereus.exe"= TCP:d:\azer\azereus.exe:azereus "{BE6A5F68-824A-40E8-A0D2-FBEB05393703}"= Disabled:UDP:50000:ArcaVir CommunicationPort (A) "{E54CDC02-2523-4FEE-813C-D49A438D1EE7}"= Disabled:UDP:50001:ArcaVir CommunicationPort (S) "{10C9A816-9FA1-4CB8-8C40-58EA51AC821B}"= Disabled:UDP:14380:BitComet 14380 TCP "{0EC7FD63-0F83-4771-AF0D-721E29C3156F}"= Disabled:TCP:14380:BitComet 14380 UDP "TCP Query User{F46D95D1-4C4D-46C7-9449-8CD84306974B}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{5CEC2D62-915C-4ADA-9C00-85E17FFE41F9}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "{8D679661-18EF-488D-B314-121217B530D4}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{E2C37AD0-C230-4827-9698-0236D437ECDA}c:\\program files\\bitcomet\\bitcomet.exe"= Disabled:UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "UDP Query User{65999302-7D2C-4932-A640-E585D442B836}c:\\program files\\bitcomet\\bitcomet.exe"= Disabled:TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "TCP Query User{66243DE4-1FF9-4104-A807-91BD868C81CA}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{EDC5215B-8D5E-4A33-A221-BB1D999533D2}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-12-17 97928] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-17 875288] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-17 231704] R3 AvgWfpX;AVG8 Firewall Driver x86;c:\windows\System32\drivers\avgwfpx.sys [2008-12-17 69128] R3 ST330;ST330;c:\windows\System32\drivers\st330.sys [2008-12-17 30464] R3 STBUS;STBUS;c:\windows\System32\drivers\stbus.sys [2008-12-17 12672] R3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\System32\drivers\steth.sys [2008-12-17 40320] S2 ArcaRemoteService;ArcaBit Control;c:\program files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe --> c:\program files\ArcaBit\ArcaAgent\ArcaRemoteSvc.exe [?] S2 AVBackup;ArcaBit Backup Service;c:\program files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe --> c:\program files\ArcaBit\ArcaTools\arcabackup\ArcaBackupService.exe [?] S2 AVTasks2;ArcaBit Tasks Service;c:\progra~1\ArcaBit\Common\ARCATA~1.EXE --> c:\progra~1\ArcaBit\Common\ARCATA~1.EXE [?] S3 vmmouse;VMware Pointing Device;c:\windows\System32\drivers\vmmouse.sys [2008-04-16 11696] S3 vmx_svga;vmx_svga;c:\windows\System32\drivers\vmx_svga.sys [2008-04-16 62768] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40a4a29a-d0c0-11dd-a918-806e6f6e6963}] \shell\AutoRun\command - nfdmg.com \shell\explore\Command - nfdmg.com \shell\open\Command - nfdmg.com . Zawartość folderu 'Zaplanowane zadania' 2009-02-06 c:\windows\Tasks\User_Feed_Synchronization-{246AD1E8-2520-4098-AD2D-F27B767CFFE0}.job - c:\windows\system32\msfeedssync.exe [2008-01-18 22:33] . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe MSConfigStartUp-ABRegmon - c:\program files\ArcaBit\ArcaVir\abregmon.exe MSConfigStartUp-ArcaCheck - c:\program files\ArcaBit\ArcaVir\ArcaCheck.exe MSConfigStartUp-AvMenu - c:\program files\ArcaBit\ArcaVir\AVMenu.exe MSConfigStartUp-BitComet - c:\program files\BitComet\BitComet.exe MSConfigStartUp-InCD - c:\program files\Nero\Nero 7\InCD\InCD.exe MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe MSConfigStartUp-SecurDisc - c:\program files\Nero\Nero 7\InCD\NBHGui.exe . ------- Skan uzupełniający ------- . uStart Page = about:blank IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta TCP: {8CBA24B3-9835-478F-A2A1-868EC66CF709} = 213.241.79.37 83.238.255.76 FF - ProfilePath - c:\users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\izn5r2ki.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.livescore.com/ FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\izn5r2ki.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-06 21:39:20 Windows 6.0.6001 Service Pack 1 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(1068) c:\windows\system32\avgrsstx.dll - - - - - - - > 'lsass.exe'(744) c:\windows\system32\avgrsstx.dll - - - - - - - > 'Explorer.exe'(5876) c:\program files\Logitech\MouseWare\System\LgWndHk.dll c:\program files\Gadu-Gadu\ggwhook.dll c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll . Czas ukończenia: 2009-02-06 21:42:07 ComboFix-quarantined-files.txt 2009-02-06 20:42:04 Przed: 129 188 036 608 bajtów wolnych Po: 131,320,782,848 bajtów wolnych 240

Dodano 06.02.2009 21:50:40:
screen z programu WWDC i nie ciekawie on wygląda.

Kod: Zaznacz wszystko: http://www.speedyshare.com/564716930.html

**Posty:** 18165 · przez **wojtas** 07 Lut 2009, 17:36

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

**Posty:** 271 · przez **Sythev** 07 Lut 2009, 22:29

Kod: Zaznacz wszystko: ******************************************************************************** * * * FixIEDef Log * * Version 1.7.22.7368 * * * ******************************************************************************** Created at 21:29:24 on Saturday, February 07, 2009 Time Zone : (GMT+01:00) Sarajewo, Skopie, Warszawa, Zagrzeb Logged On User : Dom Operating System : Microsoft® Windows Vista™ Ultimate Service Pack 1 OS Architecture : X86 System Langauge : Polish Keyboard Layout : Polish Processor : X64 AMD Phenom(tm) 8450 Triple-Core Processor System Drive : C:\ Windows Directory : C:\Windows System Directory : C:\Windows\system32 System Drive Type : Fixed System Drive Status : READY System Drive Label : System Drive Size : 176.94 GB System Drive Free : 145.3 GB Total Physical Memory: 3326 MB Free Physical Memory : 1863 MB Total Page File : 3326 MB Free Page File : 5917 MB Total Virtual Memory : 2048 MB Free Virtual Memory : 1957 MB Boot State : Normal boot -------------------------------------------------------------------------------- !!! userinit.exe is Clean !!! -------------------------------------------------------------------------------- !!! Files that have been deleted !!! No malicious files found -------------------------------------------------------------------------------- !!! Directories that have been removed !!! No malicious directories to be removed -------------------------------------------------------------------------------- !!! Registry entries that have been removed !!! No malicious Registry entries found ================================================================================ All Done :) ShadowPuterDude Safe Surfing!!!

**Posty:** 18165 · przez **wojtas** 08 Lut 2009, 16:59

a raport?