x-kom hosting

Proszę o sprawdzenie loga - Vista zamula i się wiesza.

Wencman
utworzono
utworzono

Nie będę rozpoczynał od tego jak Vista jest gówniana, bo to temat na osobny wątek (nie, nie mam beznadziejnego kompa :P)

Ale mam z nią straszny problem. Włączam kompa i po paru minutach pracy zupełnie się wiesza. nie ważne co robię. Pisze w Wordzie, przeglądam neta, nagle łapie zwieche i pomaga tylko twardy reset. Wyczyściłem kompa 1,5 gb CCleanerem, robiłem CHKDSK, defragmentację i kupa... wielka kupa... proszę pomóżcie bo mam ochotę wyrzucić go przez okno...

oto logi

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:35, on 2009-01-11Platform: Windows Vista  (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16764)Boot mode: NormalRunning processes:C:\Program Files\DigitalPersona\Bin\DpAgent.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\rundll32.exeC:\Program Files\Synaptics\SynTP\SynTPStart.exeC:\Windows\RtHDVCpl.exeC:\Windows\System32\rundll32.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exeC:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Windows\ehome\ehtray.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files\Hewlett-Packard\Shared\HpqToaster.exeC:\Windows\system32\CF10586.exeC:\Windows\system32\conime.exeC:\Windows\system32\DllHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Windows\system32\wuauclt.exeC:\ComboFix\pv.cfexeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=81&bd=Pavilion&pf=laptopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=81&bd=Pavilion&pf=laptopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=81&bd=Pavilion&pf=laptopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStartO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exeO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeO4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /StartO4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exeO4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exeO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeO4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeO4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmO8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmO13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLLO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exeO23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exeO23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exeO23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exeO23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe--End of file - 9503 bytes
ComboFix 08-10-23.03 - Enklawa-dom 2009-01-11 15:36:28.2 - NTFSx86Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1250.1.1045.18.1284 [GMT 1:00]Uruchomiony z: C:\Users\Enklawa-dom\Desktop\ComboFix.exe.- TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -.(((((((((((((((((((((((((   Pliki utworzone od 2008-12-11 do 2009-01-11  ))))))))))))))))))))))))))))))).2009-01-11 14:35 . 2009-01-11 14:35	<DIR>	d--------	C:\Program Files\Trend Micro2009-01-10 12:06 . 2009-01-10 12:16	<DIR>	d--------	C:\Program Files\SkanerOnline2009-01-10 11:00 . 2009-01-10 11:00	<DIR>	d--------	C:\Program Files\Panda Security2009-01-10 10:57 . 2009-01-10 10:57	<DIR>	d--------	C:\Windows\System32\Kaspersky Lab2009-01-10 10:49 . 2009-01-10 10:48	410,984	--a------	C:\Windows\System32\deploytk.dll2008-12-27 21:20 . 2008-12-27 21:20	<DIR>	d--------	C:\Users\Enklawa-dom\AppData\Roaming\Zylom2008-12-19 11:23 . 2008-12-12 02:53	1,383,424	--a------	C:\Windows\System32\mshtml.tlb2008-12-11 17:31 . 2008-10-22 00:31	2,048	--a------	C:\Windows\System32\tzres.dll2008-12-11 12:31 . 2008-10-21 06:16	297,472	--a------	C:\Windows\System32\gdi32.dll2008-12-11 12:29 . 2008-11-01 00:38	4,247,552	--a------	C:\Windows\System32\GameUXLegacyGDFs.dll2008-12-11 12:29 . 2008-11-01 04:33	1,687,040	--a------	C:\Windows\System32\gameux.dll2008-12-11 12:29 . 2008-11-01 04:33	28,672	--a------	C:\Windows\System32\Apphlpdm.dll2008-12-11 12:27 . 2008-06-23 02:52	2,855,424	--a------	C:\Windows\System32\mf.dll2008-12-11 12:27 . 2008-06-23 02:52	996,352	--a------	C:\Windows\System32\WMNetMgr.dll2008-12-11 12:27 . 2008-06-23 02:52	98,816	--a------	C:\Windows\System32\mfps.dll2008-12-11 12:27 . 2008-06-23 02:52	94,720	--a------	C:\Windows\System32\logagent.exe2008-12-11 12:27 . 2008-06-23 02:52	52,736	--a------	C:\Windows\System32\rrinstaller.exe2008-12-11 12:27 . 2008-06-23 02:52	24,576	--a------	C:\Windows\System32\mfpmp.exe2008-12-11 12:27 . 2008-06-22 23:34	2,048	--a------	C:\Windows\System32\mferror.dll.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-01-10 09:48	---------	d-----w	C:\Program Files\Java2009-01-10 09:44	---------	d-----w	C:\ProgramData\Skype2009-01-10 09:42	---------	d-----w	C:\Program Files\Counter-Strike 1.62008-12-27 20:50	27,905	----a-w	C:\Users\Enklawa-dom\AppData\Roaming\nvModes.dat2008-12-12 09:45	174	--sha-w	C:\Program Files\desktop.ini2008-12-12 09:44	---------	d-----w	C:\Program Files\Windows Mail2008-12-07 20:30	---------	d-----w	C:\Users\Enklawa-dom\AppData\Roaming\Apple Computer2008-12-07 20:25	---------	d-----w	C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}2008-12-07 20:25	---------	d-----w	C:\Program Files\iTunes2008-12-07 20:25	---------	d-----w	C:\Program Files\iPod2008-12-07 20:25	---------	d-----w	C:\Program Files\Common Files\Apple2008-12-07 20:24	---------	d-----w	C:\ProgramData\Apple Computer2008-12-07 20:24	---------	d-----w	C:\Program Files\Bonjour2008-12-07 20:23	---------	d-----w	C:\Program Files\QuickTime2008-12-07 20:19	---------	d-----w	C:\Program Files\Apple Software Update2008-12-07 20:17	---------	d-----w	C:\ProgramData\Apple2008-11-01 03:33	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll2008-11-01 03:33	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll2008-11-01 03:33	449,536	----a-w	C:\Windows\AppPatch\AcSpecfc.dll2008-11-01 03:33	2,144,256	----a-w	C:\Windows\AppPatch\AcGenral.dll2008-11-01 03:33	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll2008-10-31 23:23	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll2008-10-29 06:20	2,923,520	----a-w	C:\Windows\explorer.exe2008-04-30 20:40	32	----a-w	C:\Users\All Users\ezsid.dat2008-04-30 20:40	32	----a-w	C:\ProgramData\ezsid.dat2008-04-02 07:09	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat2008-04-02 07:09	32,768	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat2008-04-02 07:09	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 86016]"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 8497696]"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 81920]"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]"DpAgent"="C:\Program Files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 C:\Windows\RtHDVCpl.exe][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.l3codecp"= l3codecp.acm"msacm.l3fhg"= mp3fhg.acm"msacm.divxa32"= divxa32.acm"VIDC.X264"= x264vfw.dll"VIDC.HFYU"= huffyuv.dll"vidc.i263"= i263_32.drv[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Notification Packages	REG_MULTI_SZ   	scecli DPPWDFLT[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"{5F745DD9-58E3-425A-A0F9-1E92F3B773B8}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector"{8D8FAF48-98FB-4323-939C-3A22BEEC41E5}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play"{B8BBD0FB-3600-4735-ACC9-FC7E739645E4}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program"{A8FD7E66-2BDE-40B0-8EDA-F7A488A7EF9D}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)"TCP Query User{52AB7983-A9CE-4CC1-8FD1-61133FFB3C9A}C:\\property 2\\firebird\\bin\\fbserver.exe"= UDP:C:\property 2\firebird\bin\fbserver.exe:Firebird SQL Server"UDP Query User{92ABB46D-5579-4BFF-8989-91AC4A4BC881}C:\\property 2\\firebird\\bin\\fbserver.exe"= TCP:C:\property 2\firebird\bin\fbserver.exe:Firebird SQL Server"TCP Query User{849A09EF-218D-43F8-A688-2A6042D80B9D}C:\\users\\enklawa-dom\\desktop\\unianet\\firebird\\bin\\fbserver15.exe"= UDP:C:\users\enklawa-dom\desktop\unianet\firebird\bin\fbserver15.exe:fbserver15.exe"UDP Query User{4662C67B-FFA5-4449-B3FE-306C7DEDA96B}C:\\users\\enklawa-dom\\desktop\\unianet\\firebird\\bin\\fbserver15.exe"= TCP:C:\users\enklawa-dom\desktop\unianet\firebird\bin\fbserver15.exe:fbserver15.exe"{ECDAA37A-A8AA-4C6C-BA69-FF47F28DD34D}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook"{90AEF8DB-DCEC-4482-8A33-B2604D7E8C41}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{AF5233EB-8C21-46AF-96AE-9899BFA1E7C6}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{9BCA70D2-25BF-4168-8271-8472B733AD1C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{F8498DA3-50C8-48CA-967A-243A57FCE3B3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"TCP Query User{025653CB-DAF4-445E-B5F8-0FFE92B47F45}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{CBD2144D-2A5A-48C3-8336-60250BBFB2F9}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{84DE0D26-9DF0-4F7D-BB0C-855535943D1B}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent"UDP Query User{48BD4DB4-CA0A-4AC7-8676-7321DC393E35}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent"TCP Query User{279D6600-2905-4D09-8E1A-B0E17C8505D6}C:\\program files\\counter-strike 1.6\\hl.exe"= UDP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher"UDP Query User{4D4D882F-FCA7-4531-B45A-C93F0E18A283}C:\\program files\\counter-strike 1.6\\hl.exe"= TCP:C:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher"TCP Query User{1DE80E2A-6ED3-4540-9C45-258DA1C09E1A}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox"UDP Query User{FA6D4A36-3282-4BDD-8580-8D9087BD0A46}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox"{C452538D-917F-4B01-81CF-0F54C49AAF0A}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour"{783A17D4-2069-4F79-8FCD-8A397B9311AE}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour"{CA3B74EC-A5BC-44EB-93E2-DA3F3AB85D43}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes"{04977A4A-53D0-4B5F-87A6-9B0D9F321B1E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-09-30 271760]R2 QPSched;QuickPlay Task Scheduler (QTS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-09-30 112016]R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]S3 btwaudio;Urz1dzenie dYwiekowe Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 80424]S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 80936]S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 16168]S3 VNUSB;VN Series Device;C:\Windows\system32\DRIVERS\VNUSB.sys [2006-04-07 38496][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]bthsvcs	REG_MULTI_SZ   	BthServ[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a49280a8-00b3-11dd-9ca6-001e37a79ddc}]\shell\AutoRun\command - F:\SETUP.EXE\shell\configure\command - F:\SETUP.EXE\shell\install\command - F:\SETUP.EXE[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a63ee9f0-0018-11dd-adac-001e37a79ddc}]\shell\Auto\command - F:\UFO.exe\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\UFO.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1a9b87a-4101-11dd-a8a4-001e37a79ddc}]\shell\Auto\command - UFO.exe\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe".Zawartość folderu 'Zaplanowane zadania'2009-01-11 C:\Windows\Tasks\User_Feed_Synchronization-{7DEDBAA3-14F3-4052-92BA-0D860ED6CB3F}.job- C:\Windows\system32\msfeedssync.exe [2006-11-02 10:45].- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe.------- Skan uzupełniający -------.FireFox -: Profile - C:\Users\Enklawa-dom\AppData\Roaming\Mozilla\Firefox\Profiles\a6f0ro9n.default\FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.onet.pl/.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-01-11 15:36:57Windows 6.0.6000  NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.Czas ukończenia: 2009-01-11 15:43:35ComboFix-quarantined-files.txt  2009-01-11 14:43:18Przed: 89,554,845,696 bajtów wolnychPo: 89,579,626,496 bajtów wolnych177	--- E O F ---	2009-01-10 09:50:07

Dziękuje za każdą pomoc...

Jest jeszcze taka sprawa. nie wiem czy to może mieć coś wspólnego:

Moja mama ma firmowego e-maila *@enklawa-dom.pl

i przez jakiś czas miała domyślne hasło do panelu administracyjnego hostingiem maili, i dostawała spam z kont które ktoś zakładał np. j.harlemic@enklawa-dom.pl, i wiele wiele innych. Zmieniłem hasło od panelu, ale to nic nie dało. Dostaje spam z kont które są już dawno skasowane, a tych kont z których dostaje spam nie ma widocznych w panelu administracyjnym. Nie wiecie co to może być? niestety nie wiem jaki to hosting (nie pamiętam). Dostaje spam nawet od własnego maila. Czyli tego domyślnego z którego wysyła z Outlooka. Czyli tak jakby wysyłała sama do siebie.

Mateusz J.
komentarz
komentarz

coś to czyszczenie rejstru ccleanerem nie wyszło, w rejestrze dalej są puste wpisy:

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

Usuwanie:Fixujesz wpisy w Hjt

I do tego szkodliwe wpisy z pendirve:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a49280a8-00b3-11dd-9ca6-001e37a79ddc}]\shell\AutoRun\command - F:\SETUP.EXE\shell\configure\command - F:\SETUP.EXE\shell\install\command - F:\SETUP.EXE[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a63ee9f0-0018-11dd-adac-001e37a79ddc}]\shell\Auto\command - F:\UFO.exe\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\UFO.exe[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c1a9b87a-4101-11dd-a8a4-001e37a79ddc}]\shell\Auto\command - UFO.exe\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

Usuwanie:

do notatnika wklej:

Windows Registry Editor Version 5.00[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Plik ==> Zapisz jako ==> Zmień rozszerzenie na Wszystkie pliki ==> Zapisz pod nazwą FIX.REG

Uruchom utworzony plik FIX.REG i potwierdź dodanie do Rejestru i zresetuj komputer.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.