Avira wykrył wirusy, wszystko zwolniło-log

**Posty:** 185 · przez **ykes** 08 Lut 2009, 13:13

Tak jak w temacie, system jest niestabilny, zwolnił a avira AntiVir wykrył kilka wirusów, poza tym dysk twardy cały czas "mieli" a komputer miał raz problem z uruchomieniem(trzeba było resetować bo zawiesił się przy wczytywaniu Windowsa). Nie wiem czy to ważne ale jakiś czas temu zmieniłem system na Vista Ultimate.

Hijack This:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:06:19, on 2009-02-08 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Windows\System32\rundll32.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\System32\dvmurl.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O13 - Gopher Prefix: O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe -- End of file - 3817 bytes

ComboFix:

Kod: Zaznacz wszystko: ComboFix 09-02-06.04 - Użytkownik 2009-02-08 12:08:24.2 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.1.1045.18.3325.2370 [GMT 1:00] Uruchomiony z: c:\users\Użytkownik\Desktop\Bezpieczeństwo\ComboFix.exe AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) . ((((((((((((((((((((((((( Pliki utworzone od 2009-01-08 do 2009-02-08 ))))))))))))))))))))))))))))))) . 2009-02-08 12:09 . 2009-02-08 12:09 53,248 --a------ c:\temp\catchme.dll 2009-02-08 11:31 . 2009-02-08 11:31 <DIR> d-------- c:\program files\Trend Micro 2009-02-01 22:05 . 2009-02-01 22:05 <DIR> d-------- c:\users\Użytkownik\AppData\Roaming\Media Player Classic 2009-01-31 17:50 . 2009-01-31 17:50 <DIR> d-------- c:\windows\ERUNT 2009-01-31 17:50 . 2009-01-31 17:50 <DIR> d-------- C:\ERDNT 2009-01-31 17:50 . 2009-01-31 17:50 <DIR> d-------- C:\!FixIEDef 2009-01-31 16:26 . 2009-01-31 16:26 <DIR> d--hs---- c:\temp\Temporary Internet Files 2009-01-31 16:26 . 2009-02-08 11:35 <DIR> d--hs---- c:\temp\History 2009-01-31 16:26 . 2009-02-08 11:35 <DIR> d--hs---- c:\temp\Cookies 2009-01-31 14:04 . 2009-01-31 14:04 <DIR> d-------- C:\Nowy folder 2009-01-31 13:45 . 2009-02-03 16:43 <DIR> d-------- C:\HOI 2009-01-30 18:24 . 2009-01-30 18:24 <DIR> d-------- c:\program files\SEGA 2009-01-29 15:25 . 2009-01-29 15:25 <DIR> d-------- c:\users\Użytkownik\AppData\Roaming\dvdcss 2009-01-29 15:24 . 2009-01-29 15:33 <DIR> d-------- c:\users\Użytkownik\AppData\Roaming\vlc 2009-01-29 15:23 . 2009-01-29 15:23 <DIR> d-------- c:\program files\VideoLAN 2009-01-29 15:14 . 2009-01-29 15:14 <DIR> d-------- c:\users\Użytkownik\AppData\Roaming\Winamp 2009-01-29 15:08 . 2009-01-29 15:16 <DIR> d-------- c:\program files\Winamp 2009-01-28 20:49 . 2001-08-24 14:00 1,355,776 --a------ c:\windows\System32\msvbvm50.dll 2009-01-28 20:49 . 1997-02-28 15:23 597,264 --a------ c:\windows\System32\COMCTL32.OCX 2009-01-26 16:32 . 2009-01-26 16:32 <DIR> d-------- c:\windows\Left 4 Dead 2009-01-26 16:32 . 2009-01-26 16:48 <DIR> d-------- c:\program files\Left 4 Dead 2009-01-26 14:08 . 2009-01-26 14:08 <DIR> d-------- c:\users\Użytkownik\AppData\Roaming\Canon 2009-01-24 22:23 . 2009-01-24 22:24 <DIR> d-------- c:\users\Użytkownik\AppData\Roaming\Autodesk 2009-01-24 22:11 . 2009-01-24 22:23 <DIR> d-------- c:\users\All Users\Autodesk 2009-01-24 22:11 . 2009-01-24 22:23 <DIR> d-------- c:\programdata\Autodesk 2009-01-24 14:20 . 2009-01-29 16:18 <DIR> d-------- c:\program files\Ubisoft 2009-01-23 21:23 . 2009-01-23 21:23 <DIR> d-------- c:\program files\WBGames 2009-01-23 18:57 . 2009-01-24 22:13 <DIR> d-------- c:\program files\Common Files\Autodesk Shared 2009-01-23 18:57 . 2009-01-24 22:13 <DIR> d-------- c:\program files\Autodesk 2009-01-23 18:52 . 2009-01-23 18:52 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-01-23 16:12 . 2009-01-23 16:12 <DIR> d-------- c:\program files\Common Files\McNeel Shared 2009-01-23 16:11 . 2009-01-23 16:11 <DIR> d-------- c:\users\All Users\McNeel 2009-01-23 16:11 . 2009-01-23 16:11 <DIR> d-------- c:\programdata\McNeel 2009-01-23 16:11 . 2009-01-23 16:11 <DIR> d-------- c:\program files\Rhinoceros 4.0 2009-01-22 16:25 . 2009-01-29 15:20 52,712 --a------ c:\users\Użytkownik\AppData\Roaming\GDIPFONTCACHEV1.DAT 2009-01-21 22:38 . 2009-01-21 22:38 <DIR> d-------- c:\users\All Users\VistaCodecs 2009-01-21 22:38 . 2009-01-21 22:38 <DIR> d-------- c:\programdata\VistaCodecs 2009-01-21 22:29 . 2009-01-21 22:29 <DIR> d-------- c:\users\Użytkownik\AppData\Roaming\BESTplayer 2009-01-17 20:26 . 2009-01-17 21:26 <DIR> d-------- c:\users\Użytkownik\AppData\Roaming\Hamachi 2009-01-17 20:26 . 2009-01-17 20:26 <DIR> d-------- c:\program files\Hamachi 2009-01-17 20:26 . 2009-01-17 20:26 25,280 --a------ c:\windows\System32\drivers\hamachi.sys 2009-01-17 17:49 . 2009-01-17 17:49 <DIR> d-------- c:\users\Użytkownik\AppData\Roaming\Nero 2009-01-17 17:48 . 2009-01-17 17:48 <DIR> d-------- c:\users\All Users\Nero 2009-01-17 17:48 . 2009-01-17 17:48 <DIR> d-------- c:\programdata\Nero 2009-01-17 17:48 . 2009-01-17 17:48 <DIR> d-------- c:\program files\Nero 2009-01-17 17:48 . 2009-01-17 17:48 <DIR> d-------- c:\program files\Common Files\Nero 2009-01-17 17:48 . 2006-03-17 12:45 1,757,184 --a------ c:\windows\System32\imagX7.dll 2009-01-17 17:48 . 2006-03-17 12:45 802,816 --a------ c:\windows\System32\imagXRA7.dll 2009-01-17 17:48 . 2006-03-17 12:45 497,296 --a------ c:\windows\System32\imagXpr7.dll 2009-01-17 17:48 . 2006-03-17 15:49 368,640 --a------ c:\windows\System32\TwnLib4.dll 2009-01-17 17:48 . 2006-03-17 12:45 258,048 --a------ c:\windows\System32\imagXR7.dll 2009-01-17 16:27 . 2009-01-17 16:27 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-01-16 16:12 . 2009-01-16 16:12 <DIR> d-------- c:\users\UYTKOW~2\Documents 2009-01-16 16:12 . 2009-01-16 16:12 <DIR> d-------- c:\users\U?ytkownik 2009-01-16 16:12 . 2009-01-16 16:13 <DIR> d-------- c:\program files\GameSpy Arcade 2009-01-16 16:07 . 2009-01-16 16:07 <DIR> d-------- c:\program files\EA GAMES 2009-01-15 18:42 . 2009-01-15 18:45 <DIR> d-a------ c:\users\All Users\TEMP 2009-01-15 18:42 . 2009-01-15 18:45 <DIR> d-a------ c:\programdata\TEMP 2009-01-15 18:42 . 2009-01-15 18:42 <DIR> d-------- c:\program files\BurnInTest 2009-01-14 14:00 . 2008-12-16 03:42 288,768 --a------ c:\windows\System32\drivers\srv.sys 2009-01-13 18:52 . 2009-01-22 16:02 418 --a------ c:\windows\ODBC.INI 2009-01-13 15:24 . 2009-01-13 15:24 <DIR> d-------- c:\users\All Users\CanonIJPLM 2009-01-13 15:24 . 2009-01-13 15:24 <DIR> d-------- c:\programdata\CanonIJPLM 2009-01-13 13:35 . 2009-01-13 13:35 <DIR> d-------- c:\users\All Users\Adobe 2009-01-13 13:35 . 2009-01-13 13:35 <DIR> d-------- c:\program files\Common Files\Adobe 2009-01-13 13:34 . 2009-01-13 13:34 <DIR> d-------- c:\windows\Cache 2009-01-12 19:30 . 2009-01-12 19:30 <DIR> d-------- c:\program files\Common Files\CANON 2009-01-12 19:27 . 2009-01-12 19:27 <DIR> d--h----- c:\windows\System32\CanonIJ Uninstaller Information 2009-01-12 19:27 . 2009-01-12 19:27 <DIR> d--h----- c:\users\All Users\CanonBJ 2009-01-12 19:27 . 2009-01-12 19:27 <DIR> d--h----- c:\programdata\CanonBJ 2009-01-12 19:25 . 2009-01-12 19:25 <DIR> d--h----- c:\program files\CanonBJ 2009-01-12 19:25 . 2007-03-23 08:30 1,400,832 --a------ c:\windows\System32\CNC610C.DLL 2009-01-12 19:25 . 2007-04-15 21:00 215,040 --a------ c:\windows\System32\CNMLM93.DLL 2009-01-12 19:25 . 2007-04-13 06:46 200,704 --a------ c:\windows\System32\CNC610L.DLL 2009-01-12 19:25 . 2007-03-15 06:12 188,416 --a------ c:\windows\System32\CNC610O.DLL 2009-01-12 19:25 . 2007-03-23 08:29 98,304 --a------ c:\windows\System32\CNC610I.DLL 2009-01-12 19:24 . 2009-01-13 15:24 <DIR> d-------- c:\program files\Canon 2009-01-11 18:59 . 2008-11-12 14:54 1,108,512 --a------ c:\windows\System32\nvcpluir.dll 2009-01-11 18:59 . 2008-11-12 14:54 801,312 --a------ c:\windows\System32\nvcplui.exe 2009-01-11 18:59 . 2008-11-12 14:54 420,384 --a------ c:\windows\System32\nvcpl.cpl 2009-01-11 18:58 . 2008-11-12 13:45 453,152 --a------ c:\windows\System32\NVUNINST.EXE 2009-01-11 18:48 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\System32\D3DX9_39.dll 2009-01-11 18:48 . 2008-07-12 08:18 1,493,528 --a------ c:\windows\System32\D3DCompiler_39.dll 2009-01-11 18:48 . 2008-07-31 10:40 509,448 --a------ c:\windows\System32\XAudio2_2.dll 2009-01-11 18:48 . 2008-07-12 08:18 467,984 --a------ c:\windows\System32\d3dx10_39.dll 2009-01-11 18:48 . 2008-07-31 10:41 238,088 --a------ c:\windows\System32\xactengine3_2.dll 2009-01-11 18:48 . 2008-07-31 10:41 68,616 --a------ c:\windows\System32\XAPOFX1_1.dll 2009-01-11 18:06 . 2009-02-08 12:09 <DIR> d-------- C:\TMP 2009-01-11 18:06 . 2009-02-08 12:09 <DIR> d-------- C:\TEMP 2009-01-11 18:05 . 2008-09-03 22:13 2,723,264 --a------ C:\vcredist_x86.exe 2009-01-11 17:32 . 2009-01-11 17:32 <DIR> d-------- c:\program files\Bethesda Softworks 2009-01-11 17:04 . 2009-01-11 17:04 <DIR> d-------- c:\program files\CCleaner 2009-01-11 16:37 . 2009-01-11 16:37 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-01-11 16:35 . 2009-01-11 16:35 <DIR> d-------- c:\users\Użytkownik\.thumbnails 2009-01-11 16:35 . 2009-01-11 16:35 <DIR> d-------- c:\users\Użytkownik\.thumbnails 2009-01-11 16:34 . 2009-01-30 08:22 <DIR> d-------- c:\users\Użytkownik\AppData\Roaming\gtk-2.0 2009-01-11 16:34 . 2009-01-30 08:24 <DIR> d-------- c:\users\Użytkownik\.gimp-2.6 2009-01-11 16:34 . 2009-01-30 08:24 <DIR> d-------- c:\users\Użytkownik\.gimp-2.6 2009-01-11 16:34 . 2009-01-11 16:34 <DIR> d-------- c:\users\Użytkownik\.gegl-0.0 2009-01-11 16:34 . 2009-01-11 16:34 <DIR> d-------- c:\users\Użytkownik\.gegl-0.0 2009-01-11 16:33 . 2009-01-11 16:33 <DIR> d-------- c:\program files\GIMP-2.0 2009-01-11 15:58 . 2009-01-11 15:58 <DIR> d-------- c:\program files\Driver Cleaner 2009-01-11 00:36 . 2009-01-11 00:36 <DIR> d-------- c:\users\Użytkownik\AppData\Roaming\Gadu-Gadu 2009-01-11 00:35 . 2009-01-31 20:30 <DIR> d-------- c:\users\Użytkownik\Gadu-Gadu 2009-01-11 00:35 . 2009-01-31 20:30 <DIR> d-------- c:\users\Użytkownik\Gadu-Gadu 2009-01-11 00:35 . 2009-01-11 00:37 <DIR> d-------- c:\program files\Gadu-Gadu 2009-01-10 23:24 . 2008-10-02 02:32 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2009-01-10 23:22 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll 2009-01-10 23:04 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\System32\D3DX9_40.dll 2009-01-10 23:04 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\System32\D3DCompiler_40.dll 2009-01-10 23:04 . 2008-10-27 10:04 514,384 --a------ c:\windows\System32\XAudio2_3.dll 2009-01-10 23:04 . 2008-10-10 04:52 452,440 --a------ c:\windows\System32\d3dx10_40.dll 2009-01-10 23:04 . 2008-10-27 10:04 235,856 --a------ c:\windows\System32\xactengine3_3.dll 2009-01-10 23:04 . 2008-10-27 10:04 70,992 --a------ c:\windows\System32\XAPOFX1_2.dll 2009-01-10 23:04 . 2008-10-27 10:04 23,376 --a------ c:\windows\System32\X3DAudio1_5.dll 2009-01-10 23:03 . 2009-01-10 23:04 <DIR> d--h----- c:\windows\msdownld.tmp 2009-01-10 21:15 . 2009-01-10 21:15 107,888 --a------ c:\windows\System32\CmdLineExt.dll 2009-01-10 21:14 . 2009-01-10 21:16 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE 2009-01-10 20:13 . 2009-01-10 19:36 152,576 --a------ c:\windows\System32\SPWizUI.dll 2009-01-10 20:13 . 2009-01-10 19:36 47,560 --a------ c:\windows\System32\SPReview.exe 2009-01-10 20:03 . 2008-01-18 23:33 599,552 --a------ c:\windows\System32\vsp1cln.exe 2009-01-10 20:03 . 2008-01-18 23:33 193,024 --a------ c:\windows\System32\recdisc.exe 2009-01-10 20:03 . 2008-01-18 23:36 6,656 --a------ c:\windows\System32\sdspres.dll 2009-01-10 20:02 . 2008-01-18 23:36 142,336 --a------ c:\windows\System32\spp.dll 2009-01-10 20:02 . 2008-01-18 23:36 28,160 --a------ c:\windows\System32\sxproxy.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-08 11:08 2,359,296 --sha-w c:\users\Użytkownik\NTUSER.DAT 2009-02-08 11:08 2,359,296 --sha-w c:\users\Użytkownik\NTUSER.DAT 2009-02-01 21:05 --------- d-----w c:\users\Użytkownik\AppData\Roaming\Media Player Classic 2009-01-30 07:22 --------- d-----w c:\users\Użytkownik\AppData\Roaming\gtk-2.0 2009-01-30 06:32 --------- d-s---w c:\users\Użytkownik\AppData\Roaming\Microsoft 2009-01-29 15:25 22,328 ----a-w c:\users\Użytkownik\AppData\Roaming\PnkBstrK.sys 2009-01-29 14:33 --------- d-----w c:\users\Użytkownik\AppData\Roaming\vlc 2009-01-29 14:25 --------- d-----w c:\users\Użytkownik\AppData\Roaming\dvdcss 2009-01-29 14:20 52,712 ----a-w c:\users\Użytkownik\AppData\Roaming\GDIPFONTCACHEV1.DAT 2009-01-29 14:14 --------- d-----w c:\users\Użytkownik\AppData\Roaming\Winamp 2009-01-26 13:08 --------- d-----w c:\users\Użytkownik\AppData\Roaming\Canon 2009-01-24 21:24 --------- d-----w c:\users\Użytkownik\AppData\Roaming\Autodesk 2009-01-21 21:29 --------- d-----w c:\users\Użytkownik\AppData\Roaming\BESTplayer 2009-01-17 20:26 --------- d-----w c:\users\Użytkownik\AppData\Roaming\Hamachi 2009-01-17 16:49 --------- d-----w c:\users\Użytkownik\AppData\Roaming\Nero 2009-01-14 21:40 --------- d-----w c:\program files\Windows Mail 2009-01-13 12:36 --------- d-----w c:\users\Użytkownik\AppData\Roaming\Adobe 2009-01-10 23:36 --------- d-----w c:\users\Użytkownik\AppData\Roaming\Gadu-Gadu 2009-01-10 19:34 174 --sha-w c:\program files\desktop.ini 2009-01-10 19:29 --------- d-----w c:\program files\Windows Sidebar 2009-01-10 19:29 --------- d-----w c:\program files\Windows Photo Gallery 2009-01-10 19:29 --------- d-----w c:\program files\Windows Journal 2009-01-10 19:29 --------- d-----w c:\program files\Windows Collaboration 2009-01-10 19:29 --------- d-----w c:\program files\Windows Calendar 2009-01-10 19:28 --------- d-----w c:\program files\Windows Defender 2009-01-10 19:19 82,432 ----a-w c:\windows\System32\axaltocm.dll 2009-01-10 19:19 101,888 ----a-w c:\windows\System32\ifxcardm.dll 2009-01-10 14:06 --------- d-----w c:\users\Użytkownik\AppData\Roaming\Mozilla 2009-01-10 12:47 --------- d-----w c:\users\Użytkownik\AppData\Roaming\Macromedia 2009-01-09 21:46 --------- d-----w c:\users\Użytkownik\AppData\Roaming\DAEMON Tools 2009-01-09 21:15 --------- d-----w c:\users\Użytkownik\AppData\Roaming\WinRAR 2009-01-09 16:52 --------- d--h--r c:\users\Użytkownik\AppData\Roaming\SecuROM 2009-01-08 21:04 --------- d-----w c:\users\Użytkownik\AppData\Roaming\InstallShield 2009-01-08 21:01 319,488 ----a-w c:\windows\HideWin.exe 2009-01-08 21:01 319,456 ----a-w c:\windows\DIFxAPI.dll 2009-01-08 20:51 --------- d-----w c:\users\Użytkownik\AppData\Roaming\Identities 2009-01-08 20:49 --------- d-sh--w c:\programdata\Ulubione 2009-01-08 20:49 --------- d-sh--w c:\programdata\Szablony 2009-01-08 20:49 --------- d-sh--w c:\programdata\Pulpit 2009-01-08 20:49 --------- d-sh--w c:\programdata\Menu Start 2009-01-08 20:49 --------- d-sh--w c:\programdata\Dokumenty 2009-01-08 20:49 --------- d-sh--w c:\programdata\Dane aplikacji . ((((((((((((((((((((((((((((( SnapShot@2009-02-08_11.36.15,77 ))))))))))))))))))))))))))))))))))))))))) . - 2009-02-08 10:17:19 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-02-08 10:36:20 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2009-02-08 10:36:20 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-02-08 10:17:24 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2009-02-08 10:36:26 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD}"= "c:\windows\System32\dvmurl.dll" [2008-05-02 146528] [HKEY_CLASSES_ROOT\clsid\{0063bf63-bfff-4b8f-9d26-4267df7f17dd}] [HKEY_CLASSES_ROOT\dvmurl.DvmIEGoogleSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-24 c:\windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2008-07-24 c:\windows\SkyTel.exe] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-07-24 16:02 490952 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC] -ra------ 2008-11-14 14:35 305064 c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{E6E3E3D8-26AE-4D6E-A9FE-543C2FC881F8}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{1D7C4A66-3732-4DB3-B2BE-BC18349DD63E}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{9A605F4B-2086-470E-8185-8AE897202F8E}"= UDP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{96BFCA21-770C-44BF-AB45-78A778F73C41}"= TCP:c:\program files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{8F9C97F3-1A79-4707-B82C-A74FA793FCC3}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{4BD02192-DFFD-400F-BA49-941BDD847534}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{CF3FC10D-E16B-49A5-99D8-FCB146F349F5}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{F88DD0CB-1343-4C70-B96E-A87C943AF492}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{6490931A-F5AF-4792-BDAE-83A70277D252}"= UDP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club "{43F509BE-CD74-42AB-A02C-7967608910BB}"= TCP:c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:Rockstar Games Social Club "{D162CECF-36E1-4D8D-B858-35DDFD5C3D0C}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{E59415C6-C7AD-4676-A97D-CCFA2CA5C2DF}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "TCP Query User{BF479716-63B8-41BD-ABBA-9E5C5661BE04}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{7DC4CFAE-DC42-4B8B-8900-823E4AB96D8D}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "{082C0A46-443D-4F27-887E-0E39F53DD528}"= UDP:c:\program files\WBGames\Monolith Productions\F.E.A.R. 2 SP Demo\FEAR2SPDemo.exe:FEAR2SPDemo.exe "{CDB8C51F-9EDF-4E19-8DFC-F500161F417B}"= TCP:c:\program files\WBGames\Monolith Productions\F.E.A.R. 2 SP Demo\FEAR2SPDemo.exe:FEAR2SPDemo.exe "{9A93E4A6-E461-4471-8700-59FB055A3C52}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor "{753C5824-36D3-49F3-B679-8B7AF93F228A}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor "{FFEB282D-8BEE-4725-81F5-AEE3CEE27802}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager "{A586E11D-C1FA-451C-A839-C4D210F485FD}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager "{3F1FBFF8-BDC0-440F-B6DA-D9BCB0FF4843}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server "{A86D1C65-9D37-4810-86C1-CFC9C4DB08D5}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server "{C3A01486-6013-4D99-902C-AA7A10135D52}"= UDP:c:\program files\Autodesk\3ds Max 2009\3dsmax.exe:Autodesk 3ds Max 2009 32-bit "{07604CD0-ACC0-46AB-A720-2548FF2BF4D0}"= TCP:c:\program files\Autodesk\3ds Max 2009\3dsmax.exe:Autodesk 3ds Max 2009 32-bit "TCP Query User{C8195893-501E-4609-B277-E5731916F83A}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= UDP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh "UDP Query User{50BFD5DA-290A-446A-930B-353B3198BBB4}c:\\program files\\ubisoft\\gearbox software\\brothers in arms - hell's highway\\binaries\\biahh.exe"= TCP:c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe:biahh "TCP Query User{5486CFD5-6992-4420-B76A-5998B64C8C81}c:\\program files\\left 4 dead\\left4dead.exe"= UDP:c:\program files\left 4 dead\left4dead.exe:left4dead "UDP Query User{E2F834DE-6FC9-47C0-B3A7-1F61C8441AC4}c:\\program files\\left 4 dead\\left4dead.exe"= TCP:c:\program files\left 4 dead\left4dead.exe:left4dead "{1F4E43EF-1793-4AD5-9D8C-DF3B287D34FE}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{A6439A6F-B399-4C80-836C-C0C7BAFE49D8}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FarCry2.exe:Far Cry 2 "{E6364980-2408-4087-9A73-F6092A13A501}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{1E5F4A71-1993-4861-BACF-258B03259F42}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater "{16AD09FB-C65F-488A-9A02-FC3A16E8B989}"= UDP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor "{0D1C5112-EA73-4EDC-8769-B0EA8DBF6541}"= TCP:c:\program files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:Editor R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-01-08 68136] R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27f0c0a3-de97-11dd-9b5f-001fd0af256a}] \shell\AutoRun\command - E:\autoplay.exe . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Użytkownik\AppData\Roaming\Mozilla\Firefox\Profiles\aabd3pd0.default\ FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-08 12:09:16 Windows 6.0.6001 Service Pack 1 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'Explorer.exe'(3972) c:\program files\Gadu-Gadu\ggwhook.dll . Czas ukończenia: 2009-02-08 12:10:51 ComboFix-quarantined-files.txt 2009-02-08 11:10:49 ComboFix2.txt 2009-02-08 10:37:41 Przed: 348 338 798 592 bajtów wolnych Po: 348,301,393,920 bajtów wolnych 283 --- E O F --- 2009-02-05 16:42:17

**Posty:** 18165 · przez **wojtas** 08 Lut 2009, 16:56

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.