Wolna praca komputera prosze o przejrzenie loga

[mateusznokian]

Witam prosze o przejrzenie loga. Profilaktycznie wlaczylem combofixa i okazalo sie ze usunal jakis pliki. Wczesniej zauwazylem nieznacznie wolniejsza prace prace komputera:/ a i jeszcze jakby ktos mogl mi powiedziec w jaki sposob sprawdza sie logi zeby nie zawracać forumowiczom glowy.

Kod: Zaznacz wszystko

ComboFix 10-02-12.01 - mat 2010-02-14  15:32:04.8.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1023.603 [GMT 1:00]
Uruchomiony z: F:\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100214-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\mat\Dane aplikacji\BITS
c:\documents and settings\mat\Dane aplikacji\BITS\BITS.ini
c:\documents and settings\mat\Dane aplikacji\BITS\DHTTable.dat
c:\documents and settings\mat\Dane aplikacji\BITS\ProxyList.ini
c:\documents and settings\mat\Dane aplikacji\BITS\UPnP.ini

.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


(((((((((((((((((((((((((   Pliki utworzone od 2010-01-14 do 2010-02-14  )))))))))))))))))))))))))))))))
.

2010-02-08 10:46 . 2010-02-08 10:46   --------   d-----w-   c:\program files\Windows Mobile Device Handbook
2010-02-03 16:46 . 1998-05-21 12:45   113152   ----a-w-   c:\windows\system\MSS16.DLL
2010-02-03 16:39 . 2005-07-16 01:39   374272   ----a-w-   c:\windows\system\mss32.dll
2010-02-01 11:24 . 2010-02-01 11:24   --------   d-sh--w-   c:\documents and settings\mat\UserData
2010-01-31 09:34 . 2010-01-31 15:21   --------   d-----w-   c:\documents and settings\mat\Dane aplikacji\ipla
2010-01-31 09:34 . 2010-01-31 09:42   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\ipla
2010-01-31 09:30 . 2010-01-31 09:30   1700352   ----a-w-   c:\windows\system32\gdiplus.dll
2010-01-24 17:57 . 2010-01-24 17:57   152576   ----a-w-   c:\documents and settings\mat\Dane aplikacji\Sun\Java\jre1.6.0_17\lzma.dll

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 22:10 . 2009-10-07 17:09   --------   d-----w-   c:\documents and settings\mat\Dane aplikacji\uTorrent
2010-02-03 16:48 . 2008-09-09 17:33   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-02-03 15:40 . 2009-12-06 21:55   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-01-24 17:57 . 2008-10-02 15:47   --------   d-----w-   c:\program files\Java
2010-01-24 17:57 . 2009-11-23 18:03   79488   ----a-w-   c:\documents and settings\mat\Dane aplikacji\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-24 10:24 . 2001-10-26 15:15   85114   ----a-w-   c:\windows\system32\perfc015.dat
2010-01-24 10:24 . 2001-10-26 15:15   493870   ----a-w-   c:\windows\system32\perfh015.dat
2010-01-18 18:38 . 2010-01-07 09:58   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Microsoft Help
2010-01-09 14:05 . 2008-09-09 18:52   51504   ----a-w-   c:\documents and settings\mat\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2010-01-07 10:09 . 2010-01-07 10:03   --------   d-----w-   c:\program files\Microsoft Works
2010-01-07 10:03 . 2009-08-31 20:55   --------   d-----w-   c:\program files\MSBuild
2010-01-07 10:01 . 2010-01-07 10:01   --------   d-----w-   c:\program files\Microsoft.NET
2010-01-07 10:00 . 2010-01-07 10:00   --------   d-----w-   c:\program files\Microsoft Visual Studio 8
2010-01-07 09:48 . 2008-11-18 22:41   1   ----a-w-   c:\documents and settings\mat\Dane aplikacji\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-31 16:50 . 2004-08-03 21:14   353792   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-12-29 21:58 . 2008-12-23 09:59   66872   ----a-w-   c:\windows\system32\PnkBstrA.exe
2009-12-28 23:35 . 2009-10-07 17:49   737280   ----a-w-   c:\windows\iun6002.exe
2009-12-21 19:08 . 2004-08-03 22:44   916480   ----a-w-   c:\windows\system32\wininet.dll
2009-12-20 19:34 . 2009-12-20 19:34   --------   d-----w-   c:\program files\Microsoft Games for Windows - LIVE
2009-12-20 19:19 . 2009-12-20 19:19   --------   d-----w-   c:\program files\Common Files\Windows Live
2009-12-18 17:03 . 2009-12-18 17:03   --------   d-----w-   c:\program files\Norton Security Scan
2009-12-18 17:03 . 2009-12-06 21:17   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\Norton
2009-12-18 17:03 . 2009-12-06 21:17   --------   d-----w-   c:\documents and settings\All Users\Dane aplikacji\NortonInstaller
2009-12-17 07:42 . 2008-09-09 17:07   345088   ----a-w-   c:\windows\system32\mspaint.exe
2009-12-14 15:45 . 2009-12-14 15:45   33824   ----a-w-   c:\windows\system32\drivers\oreans32.sys
2009-12-14 07:10 . 2004-08-03 22:43   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2005-01-19 04:26   455424   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2009-12-01 22:46 . 2009-12-01 22:46   10134   ----a-r-   c:\documents and settings\mat\Dane aplikacji\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe
2009-11-30 17:02 . 2009-11-30 17:02   171144   ----a-w-   c:\windows\system32\xliveinstall.dll
2009-11-30 17:02 . 2009-11-30 17:02   72840   ----a-w-   c:\windows\system32\xliveinstallhost.exe
2009-11-27 17:14 . 2004-08-03 22:44   1295360   ----a-w-   c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-04 00:44   17920   ----a-w-   c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-04 00:44   48128   ----a-w-   c:\windows\system32\iyuv_32.dll
2009-11-27 16:09 . 2004-08-03 22:44   11264   ----a-w-   c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-03 22:43   84992   ----a-w-   c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2001-10-26 17:29   8704   ----a-w-   c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2001-10-26 16:29   28672   ----a-w-   c:\windows\system32\msvidc32.dll
2009-11-24 23:54 . 2009-04-19 22:27   1280480   ----a-w-   c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-04-19 22:27   93424   ----a-w-   c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-04-19 22:27   94160   ----a-w-   c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-04-19 22:27   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-04-19 22:27   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-04-19 22:27   48560   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-04-19 22:27   23120   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-04-19 22:27   27408   ----a-w-   c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-04-19 22:27   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2004-08-03 22:43   471552   ----a-w-   c:\windows\AppPatch\aclayers.dll
2004-03-11 11:27 . 2008-09-12 16:04   40960   ----a-w-   c:\program files\Uninstall_CDS.exe
1765-05-30 03:37 . 1765-05-30 03:37   4263   --sh--w-   c:\windows\windllreg1c.sys
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="e:\programy\nTune\nTune\nTuneCmd.exe" [2007-09-04 81920]
"DAEMON Tools Lite"="e:\programy\Daemon\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-10-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"avast!"="e:\programy\avast\ashDisp.exe" [2009-11-24 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-21 8429568]
"nwiz"="nwiz.exe" [2007-05-21 1626112]
"GrooveMonitor"="e:\programy\Office 2007\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-10-5 111376]
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2009-10-28 1609728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^oKalendarz v3.05.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\oKalendarz v3.05.lnk
backup=c:\windows\pss\oKalendarz v3.05.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Ralink Wireless Utility.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Status Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Status Monitor.lnk
backup=c:\windows\pss\Status Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Uruchamianie pakietu Office.lnk]
path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Uruchamianie pakietu Office.lnk
backup=c:\windows\pss\Uruchamianie pakietu Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^mat^Menu Start^Programy^Autostart^oKalendarz v3.05.lnk]
path=c:\documents and settings\mat\Menu Start\Programy\Autostart\oKalendarz v3.05.lnk
backup=c:\windows\pss\oKalendarz v3.05.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2005-07-19 10:36   933888   ------w-   c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51   691656   ----a-w-   e:\programy\Daemon\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2004-08-22 15:05   81920   ----a-w-   e:\programy\Daemon\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet]
2008-08-19 07:47   1795656   ----a-w-   e:\programy\FlashGet universal\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 14:57   1289000   ----a-w-   e:\programy\Active Sync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:21   1695232   ------w-   c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50   155648   ----a-w-   c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nowe Gadu-Gadu]
2009-05-28 09:23   10486376   ----a-w-   e:\programy\Gadu-Gadu\Nowe Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-05-21 10:04   8429568   ----a-w-   c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 17:25   81920   ----a-w-   e:\programy\nTune\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-05-21 10:05   1626112   ----a-w-   c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
2003-12-22 20:15   86016   ------w-   e:\programy\Cyberlink\Multimedia Launcher\PowerBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power_Gear]
2006-03-14 15:46   90112   ----a-w-   e:\programy\Power4G\BatteryLife.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 17:42   32768   ----a-w-   e:\programy\Cyberlink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon]
2008-08-31 17:30   2711552   ----a-w-   e:\programy\rivatuner\RivaTuner v2.10\RivaTuner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
2005-01-26 16:02   49152   ------w-   e:\programy\drukarka\MFC215\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-09-29 16:57   21755688   ----a-r-   c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2007-01-29 10:22   638976   ----a-r-   c:\program files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 02:27   144784   ----a-w-   c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TOSHIBA Bluetooth Service"=2 (0x2)
"RalinkRegistryWriter"=2 (0x2)
"PnkBstrA"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Brother XP spl Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\programy\\FlashGet universal\\FlashGet.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\programy\\Real Alternative\\Media Player Classic\\mplayerc.exe"=
"e:\\programy\\uTorrent\\uTorrent.exe"=
"e:\\programy\\Gadu-Gadu\\Nowe Gadu-Gadu\\gg.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"f:\\gry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"f:\\gry\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"e:\\programy\\Office 2007\\Office12\\OUTLOOK.EXE"=
"e:\\programy\\Office 2007\\Office12\\GROOVE.EXE"=
"e:\\programy\\Office 2007\\Office12\\ONENOTE.EXE"=
"e:\programy\Active Sync\rapimgr.exe"= e:\programy\Active Sync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\programy\Active Sync\wcescomm.exe"= e:\programy\Active Sync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\programy\Active Sync\WCESMgr.exe"= e:\programy\Active Sync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2008-09-09 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2008-09-09 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-10-06 721904]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-04-19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-04-19 20560]
R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [2008-09-10 2208]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2009-11-30 19072]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\system32\StkCSrv.exe [2008-09-09 24576]
R3 StkCMini;Syntek AVStream USB2.0 2M WebCam;c:\windows\system32\drivers\StkCMini.sys [2008-09-09 1245056]
S1 ntiomin;ntiomin; [x]
S3 BIOSCHK;BIOSCHK;\??\c:\docume~1\mat\USTAWI~1\Temp\TII4.tmp\disk1\BIOSCHK.SYS --> c:\docume~1\mat\USTAWI~1\Temp\TII4.tmp\disk1\BIOSCHK.SYS [?]
S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [2009-10-28 16512]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-11-30 779136]
S3 SoftFSB;SoftFSB;\??\c:\documents and settings\mat\Pulpit\SoftFSB.SYS --> c:\documents and settings\mat\Pulpit\SoftFSB.SYS [?]
S4 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\Ralink\Common\RalinkRegistryWriter.exe [2009-10-28 75040]
.
Zawartość folderu 'Zaplanowane zadania'

2010-02-13 c:\windows\Tasks\Norton Security Scan for mat.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-18 10:54]
.
.
------- Skan uzupełniający -------
.
uStart Page = google.pl/
IE: &Download All by FlashGet - e:\programy\FlashGet universal\ComDlls\Bhoall.htm
IE: &Download by FlashGet - e:\programy\FlashGet universal\ComDlls\Bholink.htm
IE: E&ksportuj do programu Microsoft Excel - e:\programy\OFFICE~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\ua_lsp.dll
Trusted Zone: mks.com.pl\www
FF - ProfilePath - c:\documents and settings\mat\Dane aplikacji\Mozilla\Firefox\Profiles\yevpi2cv.default\
FF - plugin: c:\documents and settings\mat\Dane aplikacji\Mozilla\Firefox\Profiles\yevpi2cv.default\extensions\{eaf8a4ef-d221-45ca-9deb-d0934b45fa34}\plugins\npOggX.dll
FF - plugin: c:\documents and settings\mat\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOggX.dll
FF - plugin: e:\programy\Real Alternative\browser\plugins\nppl3260.dll
FF - plugin: e:\programy\Real Alternative\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - USUNIĘTO PUSTE WPISY - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)
MSConfigStartUp-BearShare - e:\programy\Bearshare\BearShare.exe
MSConfigStartUp-Gadu-Gadu - e:\programy\Gadu-Gadu\gg.exe
MSConfigStartUp-IPLA! - c:\program files\ipla\ipla.exe
MSConfigStartUp-PC Suite Tray - e:\programy\Nokia\Nokia PC Suite 7\PCSuite.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-Gadu-Gadu - e:\programy\Gadu-Gadu\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 15:38
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86BBBCB8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7582f28
\Driver\ACPI -> ACPI.sys @ 0xf72b5cb8
\Driver\atapi -> 0x86bbbcb8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8169/8110 Family Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf7140bb0
PacketIndicateHandler -> NDIS.sys @ 0xf712fa0d
SendHandler -> NDIS.sys @ 0xf7143b40
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-2052111302-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*W%g*_*]
@Class="Shell"

[HKEY_USERS\S-1-5-21-2052111302-2025429265-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*W%g*_*\OpenWithList]
@Class="Shell"

[HKEY_USERS\S-1-5-21-2052111302-2025429265-725345543-1003\Software\Microsoft\Windows Mobile Disc\U*r*z*
d*z*e*n*i*e* *o*p*a*r*t*e* *n*a* *s*y*s*t*e*m*i*e* *W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2052111302-2025429265-725345543-1003\Software\Microsoft\Windows Mobile Disc\U*r*z*
d*z*e*n*i*e* *o*p*a*r*t*e* *n*a* *s*y*s*t*e*m*i*e* *W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2052111302-2025429265-725345543-1003\Software\Microsoft\Windows Mobile Disc\U*r*z*
d*z*e*n*i*e* *o*p*a*r*t*e* *n*a* *s*y*s*t*e*m*i*e* *W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2052111302-2025429265-725345543-1003\Software\Microsoft\Windows Mobile Disc\U*r*z*
d*z*e*n*i*e* *o*p*a*r*t*e* *n*a* *s*y*s*t*e*m*i*e* *W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-2052111302-2025429265-725345543-1003\Software\Microsoft\Windows Mobile Disc\U*r*z*
d*z*e*n*i*e* *o*p*a*r*t*e* *n*a* *s*y*s*t*e*m*i*e* *W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000002
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'lsass.exe'(996)
c:\windows\system32\ua_lsp.dll

- - - - - - - > 'explorer.exe'(3968)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
e:\programy\avast\aswUpdSv.exe
e:\programy\avast\ashServ.exe
e:\programy\nTune\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
e:\programy\avast\ashMaiSv.exe
e:\programy\avast\ashWebSv.exe
c:\windows\RTHDCPL.EXE
c:\windows\ATK0100\ATKOSD.exe
e:\programy\ACTIVE~1\rapimgr.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2010-02-14  15:41:40 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2010-02-14 14:41

Przed: 3 170 373 632 bajtów wolnych
Po: 3 095 490 560 bajtów wolnych

- - End Of File - - 9A9828EF27DBBBF0B4A50F6E3B55054E


[wojtas]

logi ciężko tak samemu sprawdzić ...

zrób skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie ) i daj raport ze skanu

[mateusznokian]

Szkoda, ale dobrze że zawsze ktoś pomoże;) poniżej daje loga i jeszcze cos mi sie przypomnialo, przy sciaganiu plikow, np. z rapida przekierowuje mnie na strony z megaupload i jest normalnie odliczanie po ktorym plik sie sciaga. Dziwne prawda?

Kod: Zaznacz wszystko

Malwarebytes' Anti-Malware 1.44
Wersja bazy definicji: 3738
Windows 5.1.2600 Dodatek Service Pack 3
Internet Explorer 8.0.6001.18702

2010-02-14 17:14:16
mbam-log-2010-02-14 (17-14-10).txt

Typ skanowania: Pełne skanowanie (C:\|E:\|F:\|)
Przeskanowane obiekty: 208302
Upłynęło: 41 minute(s), 5 second(s)

Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 2
Zainfekowane wartości rejestru: 1
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 0
Zainfekowane pliki: 3

Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)

Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)

Zainfekowane klucze rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

Zainfekowane wartości rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> No action taken.

Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)

Zainfekowane foldery:
(Nie wykryto groźnych plików)

Zainfekowane pliki:
E:\programy\Ivona\Realspeak Agata 22kHz + TextAloudMP3\TextAloudMP3 2.193\Keygen.exe (Malware.Packer.Gen) -> No action taken.
F:\Office 2007\#Dodatki - doinstaluj ręcznie\WinRAR.v3.80.FINAL.FULL.PL\keygen\keygen.exe (Trojan.Agent) -> No action taken.
F:\Office 2007\#Dodatki - doinstaluj ręcznie\WinRAR.v3.80.FINAL.FULL.PL\patch\RAR Slayer v1.1.exe (Malware.Tool) -> No action taken.


i jeszcze jak to usunac programem jakims czy recznie?

[wojtas]

usun je poprzez Malwarebytes; ) w logu nic nie widać

Autor postu otrzymał pochwałę

[mateusznokian]

dzieki ale lamer ze mnie nie zauwazylem tego przycisku dziekuje sog czy jak to sie tam mówi :-)