[zamulony komputer]prosze o sprawdzenie loga

**Posty:** 21 · przez **Mentoll** 17 Kwi 2009, 21:26

Witam. Od kilku dni mam mały, lecz denerwujący problem. Otóż, komputer się dłużej włącza, zamula i dośc często się zawiesza. Potrafi się zawiesic gdy "chodzę" po internecie lub wtedy gdy gram np. (counter strike). Myślę, ze to jakis wirus. Bardzo proszę o sprawdzenie logów.

Jak w "poradniku"

Pierwszy log Combo Fix:

Kod: Zaznacz wszystko: ComboFix 09-04-18.01 - Marcinek 2009-04-17 21:17.7 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.511.151 [GMT 2:00] Uruchomiony z: c:\documents and settings\Marcinek\Pulpit\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Outdated) * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((( Pliki utworzone od 2009-03-18 do 2009-04-18 ))))))))))))))))))))))))))))))) . 2009-04-17 17:05 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-04-17 17:05 . 2009-04-17 17:05 -------- d-----w c:\program files\Avira 2009-04-17 17:05 . 2009-04-17 17:05 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Avira 2009-04-15 04:06 . 2009-03-06 14:22 285696 -c----w c:\windows\system32\dllcache\pdh.dll 2009-04-15 04:06 . 2009-02-09 11:25 111104 -c----w c:\windows\system32\dllcache\services.exe 2009-04-15 04:06 . 2009-02-09 10:53 401408 -c----w c:\windows\system32\dllcache\rpcss.dll 2009-04-15 04:06 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe 2009-04-15 04:06 . 2009-02-09 10:53 731136 -c----w c:\windows\system32\dllcache\lsasrv.dll 2009-04-15 04:06 . 2009-02-09 10:53 686592 -c----w c:\windows\system32\dllcache\advapi32.dll 2009-04-15 04:06 . 2009-02-09 10:53 473600 -c----w c:\windows\system32\dllcache\fastprox.dll 2009-04-15 04:06 . 2009-02-09 10:53 722944 -c----w c:\windows\system32\dllcache\ntdll.dll 2009-04-15 04:06 . 2009-02-09 10:53 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll 2009-04-15 04:05 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb 2009-04-15 04:05 . 2008-04-21 21:16 218112 -c----w c:\windows\system32\dllcache\wordpad.exe 2009-04-05 19:47 . 2009-04-05 19:47 -------- d-----w c:\program files\Robster Productions 2009-04-02 09:57 . 2009-04-17 17:42 -------- d-----w c:\program files\Steam 2009-03-31 13:28 . 2009-03-31 13:28 -------- d-----w c:\program files\PITy 2009-03-23 05:24 . 2009-03-23 05:24 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\LogiShrd 2009-03-22 09:20 . 2008-05-02 01:38 301656 ----a-w c:\windows\system32\BtCoreIf.dll 2009-03-22 09:20 . 2009-03-22 09:21 -------- d-----w c:\program files\Common Files\Logishrd 2009-03-21 14:08 . 2009-03-21 14:08 1018368 -c----w c:\windows\system32\dllcache\kernel32.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-17 17:42 . 2008-10-25 08:46 -------- d-----w c:\program files\AutoConnect 2009-04-15 08:16 . 2006-03-02 12:00 74230 ----a-w c:\windows\system32\perfc015.dat 2009-04-15 08:16 . 2006-03-02 12:00 448004 ----a-w c:\windows\system32\perfh015.dat 2009-04-14 07:25 . 2008-08-19 13:15 -------- d-----w c:\documents and settings\Marcinek\Dane aplikacji\Tibia 2009-04-13 08:19 . 2008-08-24 10:43 -------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2009-04-11 14:27 . 2009-02-22 13:20 -------- d-----w c:\program files\Counter-Strike 2009-04-09 13:03 . 2008-10-28 14:49 -------- d-----w c:\documents and settings\Marcinek\Dane aplikacji\HPAppData 2009-04-05 12:46 . 2008-08-19 09:53 -------- d-----w c:\documents and settings\Marcinek\Dane aplikacji\Skype 2009-04-05 09:03 . 2008-09-22 18:38 -------- d-----w c:\documents and settings\Marcinek\Dane aplikacji\skypePM 2009-03-29 10:23 . 2008-08-19 08:08 -------- d--h--w c:\program files\InstallShield Installation Information 2009-03-22 09:20 . 2009-02-18 20:20 -------- d-----w c:\program files\Common Files\Logitech 2009-03-10 18:46 . 2009-03-10 18:46 -------- d-----w c:\documents and settings\Marcinek\Dane aplikacji\Remere's Map Editor 2009-03-10 18:46 . 2009-03-10 18:46 -------- d-----w c:\program files\Remere's Map Editor 2009-03-06 14:22 . 2006-03-02 12:00 285696 ----a-w c:\windows\system32\pdh.dll 2009-02-20 20:25 . 2009-02-20 20:25 -------- d-----w c:\documents and settings\Marcinek\Dane aplikacji\Media Player Classic 2009-02-20 20:23 . 2008-09-24 18:07 -------- d-----w c:\program files\K-Lite Codec Pack 2009-02-20 20:22 . 2009-02-20 20:22 -------- d-----w c:\program files\Real Alternative 2009-02-20 08:12 . 2006-03-02 12:00 668672 ----a-w c:\windows\system32\wininet.dll 2009-02-20 08:11 . 2006-03-02 12:00 81920 ----a-w c:\windows\system32\ieencode.dll 2009-02-18 20:21 . 2009-02-18 20:21 -------- d-----w c:\documents and settings\Marcinek\Dane aplikacji\Logitech 2009-02-18 20:20 . 2009-02-18 20:20 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Logitech 2009-02-18 20:20 . 2009-02-18 20:20 -------- d-----w c:\program files\Logitech 2009-02-14 11:13 . 2009-02-14 11:13 98304 ----a-w c:\windows\system32\CmdLineExt.dll 2009-02-10 17:09 . 2004-08-04 00:38 2067328 ----a-w c:\windows\system32\ntkrnlpa.exe 2009-02-09 14:07 . 2006-03-02 12:00 1847040 ----a-w c:\windows\system32\win32k.sys 2009-02-09 11:26 . 2006-03-02 12:00 2190336 ----a-w c:\windows\system32\ntoskrnl.exe 2009-02-09 11:25 . 2006-03-02 12:00 111104 ----a-w c:\windows\system32\services.exe 2009-02-09 10:53 . 2006-03-02 12:00 731136 ----a-w c:\windows\system32\lsasrv.dll 2009-02-09 10:53 . 2006-03-02 12:00 686592 ----a-w c:\windows\system32\advapi32.dll 2009-02-09 10:53 . 2006-03-02 12:00 401408 ----a-w c:\windows\system32\rpcss.dll 2009-02-09 10:53 . 2006-03-02 12:00 722944 ----a-w c:\windows\system32\ntdll.dll 2009-02-06 10:39 . 2006-03-02 12:00 35328 ----a-w c:\windows\system32\sc.exe 2009-02-03 19:58 . 2006-03-02 12:00 56832 ----a-w c:\windows\system32\secur32.dll 2009-01-31 10:16 . 2009-01-31 10:16 249856 ------w c:\windows\Setup1.exe 2009-01-31 10:16 . 2009-01-31 10:16 73216 ----a-w c:\windows\ST6UNST.EXE 2008-12-23 10:46 . 2008-08-21 06:40 18336 ----a-w c:\documents and settings\Marcinek\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2008-11-14 17:58 . 2008-11-14 17:56 7824960 ----a-w c:\documents and settings\Marcinek\picasa3-setup.exe 2008-11-06 19:13 . 2008-11-06 19:13 2255 ----a-w c:\documents and settings\Marcinek\optymalizacja.reg . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "AutoConnect"="c:\program files\AutoConnect\AutoConnect.exe" [2004-08-28 295424] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-09-16 1961984] "Steam"="c:\program files\steam\steam.exe" [2009-04-02 1410296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-05 61440] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-07-27 68096] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Marcinek\Menu Start\Programy\Autostart\ Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-1-18 385024] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ ATI CATALYST - pasek zadaä.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-6 61440] DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-10-25 962661] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-18 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 ----a-w c:\program files\common files\logitech\bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Marcinek^Menu Start^Programy^Autostart^hamachi.lnk] path=c:\documents and settings\Marcinek\Menu Start\Programy\Autostart\hamachi.lnk backup=c:\windows\pss\hamachi.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-07-24 15:02 490952 ----a-w c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "e:\\piulpiot\\NTSD_BETA_2.1\\NTSD BETA 2.1\\NTSD 2.1 BETA.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\WebServ\\apache2\\bin\\WebServ(apache).exe"= "c:\\Program Files\\Counter-Strike\\hl.exe"= "f:\\Stronghold\\StrongholdLegends.exe"= "c:\\Program Files\\WebServ\\mysql\\bin\\WebServ(mysqld).exe"= "c:\\Program Files\\Counter-Strike\\hltv.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "27015:TCP"= 27015:TCP:Cs "27016:TCP"= 27016:TCP:css R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2008-11-22 23064] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289] S3 phil2vid;Kamera Philips USB VGA;c:\windows\system32\DRIVERS\philcam2.sys [2001-08-17 173696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06f31707-ae6a-11dd-b91c-4d6564696130}] \Shell\AutoRun\command - J:\EXPLORER.EXE \Shell\explore\Command - J:\EXPLORER.EXE \Shell\open\Command - J:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a272e3a-bc98-11dd-b941-4d6564696130}] \Shell\AutoRun\command - K:\EXPLORER.EXE \Shell\explore\Command - K:\EXPLORER.EXE \Shell\open\Command - K:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{74bab081-6dd0-11dd-bb0a-806d6172696f}] \Shell\AutoRun\command - G:\setup.EXE /AUTORUN \Shell\configure\command - G:\setup.EXE \Shell\install\command - G:\setup.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b7409658-0ff4-11de-86de-4d6564696130}] \Shell\AutoRun\command - I:\AutoRun.exe . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe HKLM-Run-lsass.exe - c:\windows\lsass.exe . ------- Skan uzupełniający ------- . uDefault_Search_URL = hxxp://www.google.com/ie uStart Page = hxxp://wyborcza.pl/0,0.html?p=013 uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: {1E43C199-479F-469B-93F3-F8A53D8AC2FE} = 194.204.159.1 217.98.63.164 FF - ProfilePath - c:\documents and settings\Marcinek\Dane aplikacji\Mozilla\Firefox\Profiles\csbbs188.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-18 21:19 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run lsass.exe = c:\windows\lsass.exe????????????????????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-796845957-813497703-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**_*%] @Class="Shell" [HKEY_USERS\S-1-5-21-796845957-813497703-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**_*%\OpenWithList] @Class="Shell" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(524) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll . Czas ukończenia: 2009-04-18 21:20 ComboFix-quarantined-files.txt 2009-04-18 19:20 ComboFix2.txt 2009-02-22 13:27 Przed: 1 042 501 632 bajtów wolnych Po: 1 032 450 048 bajtów wolnych 213 --- E O F --- 2009-04-15 05:12

A oto log z hijackthis :

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:22:18, on 2009-04-18 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\nvraidservice.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wyborcza.pl/0,0.html?p=013 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: Zaznaczanie HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{1E43C199-479F-469B-93F3-F8A53D8AC2FE}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip\..\{1E43C199-479F-469B-93F3-F8A53D8AC2FE}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS3\Services\Tcpip\..\{1E43C199-479F-469B-93F3-F8A53D8AC2FE}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 5962 bytes

**Posty:** 18165 · przez **wojtas** 18 Kwi 2009, 14:11

wklej do notatnika

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06f31707-ae6a-11dd-b91c-4d6564696130}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a272e3a-bc98-11dd-b941-4d6564696130}]

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.