Strasznie się muli,czasami programy przy zamykaniu się wieszają, często wiesza się Explorer
Załączam logi
Proszę o pomoc
witam chcialabym prosic o pomoc mam jakis problem z kompem strasznie sie krzaczy nie wspominajac juz o tym ze jego uruchomienie trwa cala wiecznosc combofix widzi to tak
ComboFix 08-10-30.13 - oka82 2008-10-31 20:22:30.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1045.18.1242 [GMT 1:00]
Uruchomiony z: C:\Users\oka82\Desktop\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\lsprst7.dll
C:\Windows\system32\ssprs.dll
.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_iprip
((((((((((((((((((((((((( Pliki utworzone od 2008-09-28 do 2008-10-31 )))))))))))))))))))))))))))))))
.
2008-10-28 20:11 . 2008-08-12 04:39 443,392 --a------ C:\Windows\System32\win32spl.dll
2008-10-28 20:11 . 2008-09-18 05:56 147,456 --a------ C:\Windows\System32\Faultrep.dll
2008-10-28 20:11 . 2008-09-18 05:56 125,952 --a------ C:\Windows\System32\wersvc.dll
2008-10-26 18:41 . 2008-10-26 18:41
2008-10-26 08:44 . 2008-10-26 08:44
2008-10-26 08:44 . 2008-10-26 08:44
2008-10-25 21:35 . 2008-10-25 21:35
2008-10-25 21:35 . 2008-10-25 21:35
2008-10-25 21:24 . 2008-10-26 08:43
2008-10-25 21:24 . 2004-04-09 17:12 1,040,384 --a------ C:\Windows\System32\GnucDNA.dll
2008-10-23 22:35 . 2008-10-23 22:35
2008-10-23 21:58 . 2008-10-23 21:58
2008-10-23 21:47 . 2008-10-25 14:43
2008-10-23 21:46 . 2008-10-23 21:46
2008-10-23 07:24 . 2008-08-05 10:49 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-10-23 07:24 . 2008-08-05 10:49 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-10-23 07:24 . 2008-08-05 10:48 217,088 --a------ C:\Windows\System32\psisrndr.ax
2008-10-23 07:24 . 2008-08-05 10:48 177,664 --a------ C:\Windows\System32\mpg2splt.ax
2008-10-23 07:24 . 2008-08-05 10:48 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-10-22 18:37 . 2008-10-22 18:37
2008-10-22 18:37 . 2008-10-22 18:37
2008-10-22 18:31 . 2008-10-22 18:31
2008-10-16 06:39 . 2008-09-18 06:09 3,601,464 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-16 06:39 . 2008-09-18 06:09 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-16 06:39 . 2008-09-18 03:16 2,032,640 --a------ C:\Windows\System32\win32k.sys
2008-10-16 06:39 . 2008-08-27 02:06 288,768 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-14 19:15 . 2008-07-09 04:05 9,200 --------- C:\Windows\System32\drivers\cdralw2k.sys
2008-10-14 19:15 . 2008-07-09 04:05 9,072 --------- C:\Windows\System32\drivers\cdr4_xp.sys
2008-10-12 19:10 . 2008-10-12 19:10
2008-10-12 19:08 . 2008-10-12 19:08
2008-10-12 19:08 . 2008-10-12 19:08
2008-10-12 19:07 . 2008-10-12 19:08
2008-10-12 19:07 . 2008-10-12 19:07
2008-10-12 17:30 . 2008-10-13 19:14
2008-10-12 16:42 . 2008-10-12 16:42
2008-10-12 16:42 . 2008-10-12 16:42 40,960 --a------ C:\Windows\DelPiv.exe
2008-10-12 16:35 . 2008-10-12 16:35
2008-10-12 12:56 . 2008-10-12 13:59
2008-10-12 11:45 . 2008-10-12 11:45
2008-10-12 11:45 . 2008-10-12 11:45
2008-10-12 11:45 . 2008-10-12 11:45 1,025 --a------ C:\Windows\System32\sysprs7.tgz
2008-10-12 11:45 . 2008-10-12 11:45 1,025 --a------ C:\Windows\System32\sysprs7.dll
2008-10-12 11:45 . 2008-10-12 11:45 1,025 --a------ C:\Windows\System32\clauth2.dll
2008-10-12 11:45 . 2008-10-12 11:45 1,025 --a------ C:\Windows\System32\clauth1.dll
2008-10-12 11:45 . 2008-10-12 11:45 219 --a------ C:\Windows\System32\lsprst7.tgz
2008-10-12 11:45 . 2008-10-12 11:45 87 --a------ C:\Windows\System32\ssprs.tgz
2008-10-12 11:44 . 2008-10-12 11:44
2008-10-12 11:41 . 2008-10-12 11:41
2008-09-21 12:40 . 2008-10-26 16:05
2008-09-17 21:13 . 2008-09-17 21:13
2008-09-17 06:02 . 2008-09-17 06:02
2008-09-17 05:58 . 2008-10-17 02:06
2008-09-17 05:58 . 2008-10-17 02:06
2008-09-14 14:52 . 2008-09-14 14:52
2008-09-14 14:52 . 2008-09-14 14:52
2008-09-11 18:57 . 2008-09-11 18:57
2008-09-11 18:57 . 2008-09-11 18:57
2008-09-09 22:29 . 2008-07-31 02:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-09 22:29 . 2008-07-31 04:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-09 22:28 . 2008-08-02 02:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-09 22:28 . 2008-06-26 04:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-09 22:28 . 2008-06-26 04:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-09 22:28 . 2008-05-08 20:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-09 22:28 . 2008-05-20 03:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-09 22:28 . 2008-06-26 04:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-09 22:28 . 2008-08-02 04:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-07 22:17 . 2008-02-01 07:40 110,592 --a------ C:\Windows\System32\TG_DUMP0708.DLL
2008-09-07 21:48 . 2008-09-07 21:48
2008-09-07 21:48 . 2003-04-18 15:29 82,432 --a------ C:\Windows\System32\msxml4r.dll
2008-09-07 21:48 . 2003-04-18 15:29 44,544 --a------ C:\Windows\System32\msxml4a.dll
2008-09-07 21:47 . 2008-09-07 21:47
2008-09-07 19:03 . 2008-09-07 22:16 40 --a------ C:\SYSTEM.VER
2008-09-07 19:02 . 2008-09-07 19:02
2008-09-07 19:00 . 2008-09-07 19:00
2008-09-07 19:00 . 2007-11-20 14:36 118,784 --a------ C:\Windows\System32\MaDRM.dll
2008-09-07 18:57 . 2008-09-07 18:57 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-09-06 18:14 . 2008-09-06 18:14
2008-09-05 21:32 . 2006-11-29 12:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-09-05 21:31 . 2008-09-05 21:31
2008-09-05 21:30 . 2008-09-07 20:46
2008-09-05 21:20 . 2008-09-05 21:23
2008-09-05 21:19 . 2008-09-07 20:44
2008-09-05 21:17 . 2008-09-05 21:17
2008-09-05 21:17 . 2008-09-05 21:17
2008-09-04 19:55 . 2008-09-20 21:02
2008-09-04 19:32 . 2008-09-04 19:33
2008-09-04 19:32 . 2008-04-12 18:46 2,751,488 --a------ C:\Windows\Photo! 3D ScreenSaver.scr
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 19:00 --------- d-----w C:\Users\oka82\AppData\Roaming\skypePM
2008-10-31 18:59 --------- d-----w C:\Users\oka82\AppData\Roaming\Skype
2008-10-30 22:31 --------- d-----w C:\Users\oka82\AppData\Roaming\Azureus
2008-10-30 22:31 --------- d-----w C:\Program Files\Vuze
2008-10-25 13:44 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-10-22 17:32 --------- d-----w C:\Program Files\Common Files\Adobe
2008-10-22 14:44 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-21 19:51 --------- d-----w C:\Program Files\Common Files\Corel
2008-10-21 19:47 8,456 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-10-21 06:08 --------- d-----w C:\Users\oka82\AppData\Roaming\U3
2008-10-17 01:12 --------- d-----w C:\Program Files\Windows Mail
2008-10-08 19:02 --------- d-----w C:\Program Files\Opera
2008-09-21 11:42 --------- d-----w C:\Users\oka82\AppData\Roaming\Corel
2008-09-21 11:42 --------- d-----w C:\ProgramData\Corel
2008-09-21 11:40 --------- d-----w C:\Program Files\Corel
2008-09-20 20:00 --------- d—a-w C:\ProgramData\TEMP
2008-09-17 05:01 --------- d-----w C:\Program Files\Microsoft.NET
2008-09-08 17:56 --------- d-----w C:\Program Files\Besttoolbar
2008-09-02 18:19 --------- d-----w C:\Program Files\PhotoDreamr
2008-08-30 15:45 --------- d-----w C:\Program Files\Movie Player ActiveX Control
2008-08-30 15:45 --------- d-----w C:\Program Files\Audio Capture ActiveX Control
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-20 15:43 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-07-20 15:43 315,392 ----a-w C:\Windows\HideWin.exe
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-13 17:03 56 —ha-w C:\Users\All Users\ezsidmv.dat
2008-07-13 17:03 56 —ha-w C:\ProgramData\ezsidmv.dat
2008-07-13 16:39 183,056 ----a-w C:\Windows\UNINST32.EXE
2008-07-13 14:28 174 --sha-w C:\Program Files\desktop.ini
2008-07-13 14:02 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-07-13 14:02 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-07-13 11:38 9,847,296 ----a-w C:\Windows\System32\NlsData000a.dll
2008-07-13 00:09 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-07-13 00:07 988,216 ----a-w C:\Windows\System32\winload.exe
2008-07-13 00:07 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-07-13 00:07 615,992 ----a-w C:\Windows\System32\ci.dll
2008-07-13 00:07 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-07-13 00:07 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-07-13 00:07 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-07-13 00:07 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-07-13 00:07 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-07-13 00:07 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-07-13 00:07 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-07-13 00:05 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-07-13 00:02 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-13 00:01 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-13 00:01 1,695,744 ----a-w C:\Windows\System32\gameux.dll
2008-07-12 23:58 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-07-09 03:05 129,520 ------w C:\Windows\System32\pxafs.dll
2008-07-09 03:05 120,568 ------w C:\Windows\System32\pxcpyi64.exe
2008-07-09 03:05 118,256 ------w C:\Windows\System32\pxinsi64.exe
2008-07-01 19:55 1,502,720 ----a-w C:\Windows\System32\FotoAlbum 6.Scr
2007-09-12 18:05 47,262 ----a-w C:\Program Files\Photoshop Elements 6.0 Read Me.html
2007-01-25 01:52 65,536 ----a-w C:\Program Files\Common Files\NMSAccessU.exe
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
“{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}”= “C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL” [2008-07-21 66912]
[HKEY_CLASSES_ROOT\clsid{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-07-21 18:53 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{AB9F4B05-11E0-4D71-B9A7-BA94EDBC7C5D}]
2008-07-01 15:02 2404352 --a------ C:\Program Files\Besttoolbar\toolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{48595E49-E252-4BF0-839C-641FD8BB831D}”= “C:\Program Files\Besttoolbar\toolbar.dll” [2008-07-01 2404352]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
“{48595E49-E252-4BF0-839C-641FD8BB831D}”= “C:\Program Files\Besttoolbar\toolbar.dll” [2008-07-01 2404352]
[HKEY_CLASSES_ROOT\clsid{48595e49-e252-4bf0-839c-641fd8bb831d}]
[HKEY_CLASSES_ROOT\TBSB09939.TBSB09939.3]
[HKEY_CLASSES_ROOT\TypeLib{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB09939.TBSB09939]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ehTray.exe”=“C:\Windows\ehome\ehTray.exe” [2008-01-19 125952]
“Gadu-Gadu”=“O:\Gadu-Gadu\gg.exe” [2008-03-20 2127296]
“Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2008-05-30 21718312]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2008-07-13 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Acer Product Registration”=“C:\Program Files\Acer Registration\ACE1.exe” [2007-02-02 3383296]
“Apoint”=“C:\Program Files\Apoint2K\Apoint.exe” [2006-11-07 159744]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-02-09 845360]
“StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 90112]
“eAudio”=“C:\Acer\Empowering Technology\eAudio\eAudio.exe” [2007-06-11 1286144]
“eDataSecurity Loader”=“C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe” [2007-04-25 457216]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]
“F-PROT Antivirus Tray application”=“C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe” [2008-04-21 1597832]
“SMSTray”=“C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe” [2007-09-20 132624]
“Skytel”=“Skytel.exe” [2008-07-20 C:\Windows\SkyTel.exe]
“RtHDVCpl”=“RtHDVCpl.exe” [2008-07-20 C:\Windows\RtHDVCpl.exe]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“Picasa Media Detector”=“C:\Program Files\Picasa2\PicasaMediaDetector.exe” [2008-02-26 443968]
C:\Users\oka82\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-01 113664]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-08-01 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“EnableUIADesktopToggle”= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{88485281-8b4b-4f8d-9ede-82e29a064277}”= “C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL” [2004-11-23 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=eNetHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.ACDV”= ACDV.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]
@=“Service”
[HKLM~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
–a------ 2007-02-02 19:05 1261568 C:\Program Files\Acer Assist\launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
–a------ 2004-06-22 23:20 733184 D:\COREL\Languages\PL\Programs\registration.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
–a------ 2004-06-16 05:03 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
–a------ 2004-06-16 05:03 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
–a------ 2008-07-07 08:34 167936 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
–a------ 2008-07-09 22:33 36352 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AutoUpdateDisableNotify”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
“{DDEFCF3A-96D0-4D48-A8C6-CEBBB7889526}”= UDP:C:\Windows\System32\mqsvc.exe:Message Queuing
“{5913FB54-0CC1-4B77-89BB-54234A9F91E6}”= TCP:C:\Windows\System32\mqsvc.exe:Message Queuing
“{C424D72C-578E-4AEE-A816-BF31B302F0A7}”= UDP:C:\Windows\System32\mqsvc.exe:Message Queuing
“{AB404A16-94E9-4814-A51E-CFA55DEE05A5}”= TCP:C:\Windows\System32\mqsvc.exe:Message Queuing
“{E5D55335-1092-4B33-945E-B11E601EDCFB}”= Profile=Public|C:\Program Files\Skype\Phone\Skype.exe:Skype
“{5E23B10E-3C1F-4459-A119-0434C87F1F65}”= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
“{A538720B-1C5A-48A4-97C2-A29C0DBAD3DA}”= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
“{4BE1B42C-76E0-4F7D-9C1E-0F057C15D913}”= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
“{64B37EC4-4CC7-4115-B1DD-531DF4D33C5D}”= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
“{E4CB6C37-39A4-4612-B5D7-074749A196E8}”= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
“{2D6E0067-26C7-4433-9E67-BF0027D88158}”= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
“{C5BA6B8E-7F93-4EBF-9084-0721636CA572}”= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
“{BD74F1B5-D3AA-4DF1-923C-0C67193132ED}”= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
“TCP Query User{5E88D349-27B7-4D04-BF1D-20E992BE679A}C:\program files\winamp remote\bin\orbtray.exe”= UDP:C:\program files\winamp remote\bin\orbtray.exe:Orb
“UDP Query User{6995A14D-EC8E-4458-A13F-98768BC4C76C}C:\program files\winamp remote\bin\orbtray.exe”= TCP:C:\program files\winamp remote\bin\orbtray.exe:Orb
“TCP Query User{19436B15-38D3-4AF6-B75A-36C72FC26689}C:\program files\opera\opera.exe”= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
“UDP Query User{E51F8478-3337-4469-B467-7EE007CBEB86}C:\program files\opera\opera.exe”= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
“{0D030688-8A33-4B94-AD0C-34E726B7EA33}”= Disabled:C:\Program Files\Skype\Phone\Skype.exe:Skype
“TCP Query User{C0D880D5-E4D2-4229-A9B3-0C259E8AEE17}C:\program files\vuze\azureus.exe”= UDP:C:\program files\vuze\azureus.exe:Azureus
“UDP Query User{6C3ACE65-795A-43CC-8138-C05F1E691249}C:\program files\vuze\azureus.exe”= TCP:C:\program files\vuze\azureus.exe:Azureus
“TCP Query User{19FCB529-F549-4358-A9B8-3495CEB20C80}C:\program files\opera\opera.exe”= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
“UDP Query User{BF69C384-618C-4892-8D7C-1F5017B17A58}C:\program files\opera\opera.exe”= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
“TCP Query User{4D2036CF-A3D3-46BC-9917-1769AD1CED73}C:\program files\internet explorer\iexplore.exe”= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“UDP Query User{4D2CC176-D824-44A0-9322-91028B50B05E}C:\program files\internet explorer\iexplore.exe”= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
“TCP Query User{8C0B67B3-DFDC-4D34-AC44-770B2FD1B366}D:\program files\god\god.exe”= UDP:D:\program files\god\god.exe:GoD
“UDP Query User{43C3206C-8310-444B-8A2D-CD554176985B}D:\program files\god\god.exe”= TCP:D:\program files\god\god.exe:GoD
“{29B6ACEE-D0E4-40A8-9FEB-3ED5E6D9F1C1}”= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
“{7945929B-3D6B-4A57-85BF-45EA1AB5F01B}”= UDP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
“{3DF3D753-D3B1-49A1-ACAE-32B4DCE1D513}”= TCP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
“{FE0E41F0-2485-4D81-B0B0-308B473C02A6}”= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
“{14E057ED-8389-4560-B007-753BE9D189CA}”= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
“{73E080CA-838D-4E86-9B9F-13D92866113C}”= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
“Rip-Listener-1”= TCP:520|%SystemRoot%\System32\svchost.exe|Svc=iprip:@iprip.dll,-200|
[HKLM~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
“SNMP-1”= TCP:%SystemRoot%\system32\snmp.exe|Svc=SNMP:@%SystemRoot%\system32\snmp.exe,-5|
[HKLM~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
“C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe”= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
“C:\Acer\Empowering Technology\eDataSecurity\encryption.exe”= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
“C:\Acer\Empowering Technology\eDataSecurity\decryption.exe”= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
R1 FPAV_RTP;FPAV_RTP;C:\Windows\system32\DRIVERS\FPAV_RTP.sys [2008-03-28 584544]
R2 FPAVServer;F-PROT Antivirus for Windows system;C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2008-04-21 45960]
R2 NMSAccessU;NMSAccessU;C:\Program Files\Common Files\NMSAccessU.exe [2007-01-25 65536]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-05-04 2591232]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-08 179712]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2008-07-13 32256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
ipripsvc REG_MULTI_SZ iprip
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{93cf7014-751f-11dd-8397-001b774ec91a}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
HKCU-Run-MsnMsgr - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-Device Detector - DevDetect.exe
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-NWEReboot - (no file)
MSConfigStartUp-WarReg_PopUp - C:\Acer\WR_PopUp\WarReg_PopUp.exe
.
------- Skan uzupełniający -------
.
R0 -: HKCU-Main,Start Page = hxxp://twojeip.wp.pl/?ticaid=16909
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 20:34:35
Windows 6.0.6001 Service Pack 1 NTFS
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\CISVC.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\mqsvc.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\System32\PSIService.exe
C:\Windows\System32\TCPSVCS.EXE
C:\Windows\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\conime.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\oka82\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Czas ukończenia: 2008-10-31 20:43:10 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-10-31 19:41:26
Przed: 6 904 127 488 bajtów wolnych
Po: 7,712,002,048 bajtów wolnych
355 — E O F — 2008-10-31 05:45:57
czy moglby ktos to przeanalizowac i powiedziec co jest nie tak?!z gory thx
a mi się coś zdaje że moderator znowu zaspał - dwa tematy w jednym z tego co widzę.
piotrbisek ,
Log HJT wygląda na czysty
Pobierz The Avenger zaznacz poniższy tekst
kopiujesz - klikasz na Paste Script from Clipboard - Execute - Potwierdzasz i zgadzasz się na restart klikając OK.
Po wykonaniu skasuj z dysku plik: C:\Avenger\backup.zip i wklej raport na forum C:\avenger.txt
Instrukcja obsługi programu http://cybertrash.pl/images/tata/Avenger/Avenger.html
usuń ręcznie folder C: \Qoobox oraz instalkę Combofix z dysku.
Przeczyść system oraz rejestr CCleaner
Wykonaj optymalizacje Autostartu
Wyłącz i włącz przywracanie systemu na wszystkich dyskach.
Przeskanuj obszar Mój komputer Kaspersky Online Scanner Uruchom pod IE daj raport na forum
lub Dr.WEB CureIt!
cecetka ,
wklej do notatnika:
Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe
Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.
Loga wklej na www.wklejto.pl lub http://www.wklej.org/ a w poście daj linka
Pliki usunięte przejdź do pozostałych punktów
zastosowalam sie do instrukcji oto raporcik
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows NT 6.0 (build 6001, Service Pack 1)
Sat Nov 01 11:10:38 2008
11:10:38: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!
//////////////////////////////////////////
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file “C:\WINDOWS\System32\VCCLSID.exe” not found!
Deletion of file “C:\WINDOWS\System32\VCCLSID.exe” failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
–> the object does not exist
Error: file “C:\WINDOWS\System32\SrchSTS.exe” not found!
Deletion of file “C:\WINDOWS\System32\SrchSTS.exe” failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
–> the object does not exist
Error: file “C:\WINDOWS\System32\AntiXPVSTFix.exe” not found!
Deletion of file “C:\WINDOWS\System32\AntiXPVSTFix.exe” failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
–> the object does not exist
Error: file “C:\WINDOWS\System32\VACFix.exe” not found!
Deletion of file “C:\WINDOWS\System32\VACFix.exe” failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
–> the object does not exist
Error: file “C:\WINDOWS\System32\Process.exe” not found!
Deletion of file “C:\WINDOWS\System32\Process.exe” failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
–> the object does not exist
Error: file “C:\WINDOWS\System32\dumphive.exe” not found!
Deletion of file “C:\WINDOWS\System32\dumphive.exe” failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
–> the object does not exist
Error: file “C:\WINDOWS\System32\WS2Fix.exe” not found!
Deletion of file “C:\WINDOWS\System32\WS2Fix.exe” failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
–> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
jeszcze tylko ccliner…
cecetka ,
To jest efekt podpinania się pod nie swój temat. Przecież ta instrukcja była dla innego usera dla Ciebie jest poniżej. Poczytaj uważnie co masz zrobić.
cecetka ,
wklej do notatnika:
Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe
Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym daj log na forum.
Loga wklej na http://www.wklejto.pl lub http://www.wklej.org/ a w poście daj linka
Jeśli więc system nadal muli to nie jest to wina infekcji
Zobacz ten temat http://www.searchengines.pl/index.php?showtopic=5989 zakładka Start / Zamykanie