Witajcie ostatnio jak włączam ts3 mimo czyszczenia dobrze chodzilo… znow to się dzieje. Wlaczam sobie nfs i nagle komp sie wylacza. wczesniej swobodnie gralam w rozne gry…
sprawdzilam loga i pokazalo i ze w dwoch wpisach mam malware ; aktualny ;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:29, on 2009-07-04
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\HijackThis\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Opera\opera.exe
C:\Users\ASIA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JNLT8NT0\launch[1].exe
C:\Users\ASIA\AppData\Local\Temp\RarSFX0\5cw7j5.exe
C:\Users\ASIA\AppData\Local\Temp\RarSFX0\r4tf4.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://grono.net/users/2008510/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\ASIA\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B810DF39-5552-463E-8424-449F950D9FE5}: NameServer = 194.204.159.1 217.98.63.164
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\Users\ASIA\AppData\Local\Temp\AVSETUP_49fc1c63\basic\avupgsvc.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Opiekun (OpSrv) - Unknown owner - C:\Windows\system32\opsrv.exe (file missing)
O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 5513 bytes
i stary z malware ;
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:41:24, on 2009-07-04 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18248) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Nowe Gadu-Gadu\gg.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Windows\system32\SearchFilterHost.exe C:\Program Files\HijackThis\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://grono.net/users/2008510/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 123.237.248.76:6588 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\ASIA\AppData\Roaming\Nowe Gadu-Gadu_userdata\ggbho.1.dll O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir Desktop\avgnt.exe” /min O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” O4 - HKLM…\Run: [COMODO Internet Security] “C:\Program Files\COMODO\COMODO Internet Security\cfp.exe” -h O4 - HKCU…\Run: [Nowe Gadu-Gadu] “C:\Program Files\Nowe Gadu-Gadu\gg.exe” O4 - HKCU…\Run: [ccleaner] “C:\Program Files\CCleaner\ccleaner.exe” /AUTO O4 - HKUS\S-1-5-18…\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User ‘Default user’) O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/ … /CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip…{B810DF39-5552-463E-8424-449F950D9FE5}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\Users\ASIA\AppData\Local\Temp\AVSETUP_49fc1c63\basic\avupgsvc.exe (file missing) O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Opiekun (OpSrv) - Unknown owner - C:\Windows\system32\opsrv.exe (file missing) O23 - Service: ServiceLayer - Unknown owner - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (file missing) O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe – End of file - 5591 bytes
prosze o pomoc…
aha i z combofix nie chce sie bawic bo on mi psuje kompa. dzieki z gory
– Dodane 04.07.2009 (So) 13:13 –
aha i mowie odrazu skanuje dr web jak cos znajdzie dam znac
– Dodane 04.07.2009 (So) 13:40 –
haloo… 25 osob przegladalo temat a zadna osoba nie pomoze… ?
tomson66
(tomson66)
4 Lipiec 2009 11:58
#2
Witaj.
Ostatnio się gorąco zrobiło. Srawdź temperatury w evereście.
everest udaje ze wykorzystalam trial chociaz wczesbniej go nie mialam O-o
screen : http://i43.tinypic.com/126bdcp.jpg
dobrez jest? ja s ie nie znam ^^" mam 4 rdzenie.
– Dodane 04.07.2009 (So) 14:23 –
i wylacza sie. nie mozna nic sprawdzic
Nic tu nie ma. Możesz wkleić logi z OTL i gmer, może coś więcej pokażą
http://oldtimer.geekstogo.com/OTL.exe
http://www.gmer.net/
Logi dajesz na http://www.wklej.org a tutaj tylko link.
No to skorzystaj z System Info for Windows, pokazuje to samo a wersja darmowa ma tylko to ograniczenie, że raportu nie da się wyeksportować do pliku txt.
http://dobreprogramy.pl/index.php?dz=2& … 2009.05.12
http://www.wklej.org/id/116083/ takie cos mi z otl wyszlo i drugie z otl http://www.wklej.org/id/116084/ ale gmer jeszcze nie skończył.
– Dodane 04.07.2009 (So) 15:49 –
przez gmera chyba mialam blue screen i sprawdzanie dyskow.
pojawilo sie ‘rozwiaz problemy.traraa.r…a’ i tresc to mniej wiecej :
Address a problem with ATI Graphics Driver ATI Graphics Driver has stopped working properly. A driver update, if available, might prevent this problem from recurring. There are several ways of locating and installing driver updates, but it is best to let Windows do this for you. Try the first step below, which describes the process. If it doesn’t produce a driver update that solves the problem, then try the remaining steps in the order given. Check for optional third-party updates Even if all critical updates have been installed on your computer, optional updates might be available for ATI Graphics Driver that have yet to be installed. Here’s how to use Windows Update to check for and install optional driver updates: Open Windows Update: Windows Update In the left pane, click Check for updates to see if there are any optional updates available for your computer. If no new optional updates are available, go to step 2. If optional updates are available, click View available updates (if you do not see this option, you might have to click Check online for updates from Microsoft Update). Windows Update or Microsoft Update will list any updated drivers that are available for devices installed in your computer. Select any optional updates that are listed (especially if they appear to be graphics related), and then click Install. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. Try updating ATI Graphics Driver manually If no optional ATI Graphics Driver updates were available in Windows Update, you can try updating ATI Graphics Driver manually. Note It’s best to let Windows install drivers for your hardware automatically, as described in step 1 above. If you decide to manually update ATI Graphics Driver, here’s how to do it: Click to open Device Manager. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. In Device Manager, double-click Display adapters, and then double-click the name of the device running ATI Graphics Driver. Click the Driver tab, and then click Update Driver. When asked how you want to search for driver software, click Search automatically for updated driver software. Windows will locate and install a new driver if one is available. Check the ATI Technologies, Inc. website for driver updates If no optional ATI Graphics Driver updates were available in Windows Update, go online to the following website to check for driver updates: ATI Technologies, Inc. How to manually update a driver using a downloaded file Click to open Device Manager. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. In Device Manager, locate the device you want to update, and then double-click the device name. Click the Driver tab, and then click Update Driver. When asked how you want to search for driver software, click Browse my computer for driver software. Click Browse, locate where you placed the new driver on your computer, click OK, and then click Next. Windows will locate and install the new driver. Note If you are running the latest version of ATI Graphics Driver and are still experiencing the problem, we recommend that you contact ATI Technologies, Inc. or the manufacturer for additional information and support. Check your computer manufacturer’s website for driver updates If ATI Graphics Driver was preinstalled on your computer, check your computer manufacturer’s website for driver updates. How do I find my computer manufacturer? Click the Start button , type msinfo32 in the Search box, and then press ENTER. Your computer manufacturer is listed as the System Manufacturer in the right pane of the System Information window. Click to go online to see contact information for most computer manufacturers How to manually update a driver using a downloaded file Click to open Device Manager. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. In Device Manager, locate the device you want to update, and then double-click the device name. Click the Driver tab, and then click Update Driver. When asked how you want to search for driver software, click Browse my computer for driver software. Click Browse, locate where you placed the new driver on your computer, click OK, and then click Next. Windows will locate and install the new driver.
Znasz to bo to działa z tempów, pierwszy podpisany jako Dr.WEB ale nie wiem co ten drugi
Poza tym w tym logu nic nie ma.
Do usunięcia w dodatku Bonjour, bo wg loga to jest i go nie ma, ale lepiej żeby go wykończyć definitywnie, instrukcja
http://www.searchengines.pl/index.php?s … t&p=465605
No to spróbuj przeinstalować sterownik od karty graficznej, bo to nie wygląda na wirusy raczej.
tak to od dr web po aktualizacji chyba.
Wobec tego w logu nic już nie widać. Ten sterownik spróbuj przeinstalować bo może on tak mąci. To nie jest kwestia wirusowa.
okej a co z tym : http://i44.tinypic.com/73pamo.jpg ?
co moge usunac z tąd? bo wczesniej nie bylo tego a plik pagefile zajmuje 2 gb
ciemnowidz
(Henio Mazurek)
4 Lipiec 2009 17:18
#10
To pliki i foldery Windows, teraz je widać, bo widocznie OTL przy skanie przestawia widok.
Opcje folderów => zakładka Widok => włącz ukrywanie plików i folderów systemowych, zaznacz by ukryte pliki i foldery nie były pokazywane.
Tego nie wolno usuwać. Co do pagefile.sys => jak to zmniejszyć masz w drugim linku pod optymalizacją, poszukaj.
viewtopic.php?f=7&t=76580
http://www.searchengines.pl/Optymalizac … t5989.html
aha dzieki. zaisntalowałam najnowsze stery ale problem nadal jest. ;/
nfs NIGDY się nie wylaczało. przed instalacja the sims 3 normalnie bylo.
komp jest teraz jakby nadwrazliwy… kurde nie wiem co robic… chce pograc w ts3 i nfs ale nie moge bo sie za chwile wylacza caly komp. czy to moze byc zasilacz? skoro wczesniej tego nie bylo ? a i dodam ze mialam jakis malware na kompie moze to jego sprawka? aha i dodam tez ze gry mam oryginalne The sims 3 i Need For Speed Carbon.
ciemnowidz
(Henio Mazurek)
5 Lipiec 2009 12:34
#12
To może być zasilacz, w końcu komputer wyłącza się przy nagłym zapotrzebowaniu na prąd. Mogą być też spuchnięte lub wylane kondensatory na płycie głównej lub zasilaczu, jak tutaj
http://www.edw.com.pl/index.php?module= … y&ceid=151
Sprawdź to i przeczyść kompa od wewnątrz z kurzu.