Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

Wszystko sie samo zamyka

Rozpoczęty przez Kopecki997 , 03 11 2008 23:15

Zaloguj się, aby dodać odpowiedź

3 odpowiedzi w tym temacie

#1 Kopecki997

Nowy

4 postów

Napisano 03 11 2008 - 23:15

Mam problem z windowsem od pewnego czau wszytskie aplikacje sie same zamykają. Wyskakuje błąd has stoped worked i mam do wyboru tylko close program, czasem tez grafika się psuję wyskakuje białe tło programu lub przezroczyste i program się zawiesz. Oto dane z programu:

ComboFix 08-11-02.03 - Arni 2008-11-03  0:40:58.1 - NTFSx86
Microsoft? Windows Vista? Home Basic   6.0.6000.0.1250.1.1033.18.235 [GMT 1:00]
Uruchomiony z: C:\Users\Arni\Downloads\ComboFix.exe
* Utworzono nowy punkt przywracania
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]09F35F1.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]09F3A35.bin
C:\Program Files\myglobalsearch\bar\Cache\[u]0[/u]09F3C09.bin
C:\Program Files\myglobalsearch\bar\Cache\files.ini
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm
C:\Windows\system32\x64

.
(((((((((((((((((((((((((   Pliki utworzone od 2008-10-02 do 2008-11-02  )))))))))))))))))))))))))))))))
.

2008-11-01 19:03 . 2008-11-01 19:03	<DIR>	d--------	C:\Windows\E80F62FF5D3C4A1984099721F2928206.TMP
2008-11-01 18:40 . 2008-11-01 18:41	<DIR>	d--------	C:\Program Files\CCleaner
2008-10-31 20:35 . 2006-11-02 10:46	439,808	--a------	C:\Windows\System32\win32spl.dll
2008-10-31 20:35 . 2006-11-02 10:46	37,376	--a------	C:\Windows\System32\printcom.dll
2008-10-30 21:22 . 2008-10-30 21:23	<DIR>	d--------	C:\Program Files\Hamachi
2008-10-30 21:22 . 2008-10-30 21:22	25,280	--a------	C:\Windows\System32\drivers\hamachi.sys
2008-10-29 20:07 . 2008-10-29 20:08	<DIR>	d--------	C:\Users\Arni\AppData\Roaming\backup
2008-10-27 19:24 . 2008-10-27 19:27	<DIR>	d--------	C:\Users\All Users\Kaspersky Lab
2008-10-27 19:24 . 2008-10-27 19:27	<DIR>	d--------	C:\ProgramData\Kaspersky Lab
2008-10-27 19:24 . 2008-10-27 19:24	<DIR>	d--------	C:\Program Files\Kaspersky Lab
2008-10-27 19:24 . 2008-11-01 22:47	32	--ahs----	C:\Windows\System32\drivers\fidbox2.idx
2008-10-27 19:24 . 2008-11-01 22:47	32	--ahs----	C:\Windows\System32\drivers\fidbox2.dat
2008-10-27 19:24 . 2008-11-01 22:47	32	--ahs----	C:\Windows\System32\drivers\fidbox.idx
2008-10-27 19:24 . 2008-11-01 22:47	32	--ahs----	C:\Windows\System32\drivers\fidbox.dat
2008-10-27 19:18 . 2008-10-27 19:18	<DIR>	d--------	C:\Users\All Users\Kaspersky Lab Setup Files
2008-10-27 19:18 . 2008-10-27 19:18	<DIR>	d--------	C:\ProgramData\Kaspersky Lab Setup Files
2008-10-27 15:21 . 2008-10-27 15:25	<DIR>	d--------	C:\Program Files\Norton AntiVirus
2008-10-27 15:20 . 2008-10-27 15:23	<DIR>	d--------	C:\Program Files\Symantec
2008-10-27 15:20 . 2008-10-27 15:23	123,952	--a------	C:\Windows\System32\drivers\SYMEVENT.SYS
2008-10-27 15:20 . 2008-10-27 15:23	10,563	--a------	C:\Windows\System32\drivers\SYMEVENT.CAT
2008-10-27 15:20 . 2008-10-27 15:23	805	--a------	C:\Windows\System32\drivers\SYMEVENT.INF
2008-10-27 02:18 . 2008-01-02 16:37	180,224	--a------	C:\Windows\System32\igfxres.dll
2008-10-24 23:24 . 2008-10-24 23:26	<DIR>	d--------	C:\Users\Arni\AppData\Roaming\FileZilla
2008-10-24 23:24 . 2008-10-24 23:24	<DIR>	d--------	C:\Program Files\FileZilla FTP Client
2008-10-24 23:12 . 2008-10-24 23:12	<DIR>	d--------	C:\Program Files\Gekko Manager
2008-10-19 14:50 . 2008-10-19 14:50	<DIR>	d--------	C:\Windows\System32\HTML ON
2008-10-19 14:44 . 2008-10-19 14:44	<DIR>	d--------	C:\Program Files\Alleycode
2008-10-19 14:37 . 2008-10-19 14:37	<DIR>	d--------	C:\Program Files\Zajaczek
2008-10-17 18:36 . 2003-08-18 09:37	303,104	--a------	C:\Windows\System32\LEXBCES.EXE
2008-10-17 18:36 . 2003-08-18 12:47	201,216	--a------	C:\Windows\System32\LEXP2P32.DLL
2008-10-17 18:36 . 2003-08-18 12:48	196,096	--a------	C:\Windows\System32\LEX2KUSB.DLL
2008-10-17 18:36 . 2003-08-18 12:48	192,512	--a------	C:\Windows\System32\lexlmpm.dll
2008-10-17 18:36 . 2003-08-18 09:32	174,592	--a------	C:\Windows\System32\LEXPPS.EXE
2008-10-17 18:36 . 2003-08-18 09:34	147,456	--a------	C:\Windows\System32\LEXBCE.DLL
2008-10-17 18:33 . 2008-10-17 18:35	<DIR>	d--------	C:\Users\Arni\{fa545de6-07f4-4735-860c-34ee095cf33d}
2008-10-17 18:22 . 2008-10-17 18:22	<DIR>	d--------	C:\Lxk1100
2008-10-17 17:51 . 2008-10-17 18:37	93	--a------	C:\Windows\lexstat.ini
2008-10-17 17:41 . 2008-10-17 17:42	<DIR>	d--------	C:\Users\Arni\{27ee03ad-1205-4274-8c23-2d4f999122e3}
2008-10-17 17:41 . 1997-04-08 19:08	299,520	--a------	C:\Windows\uninst.exe
2008-10-15 13:10 . 2008-09-18 03:03	2,027,520	--a------	C:\Windows\System32\win32k.sys
2008-10-15 13:10 . 2008-08-26 02:12	290,304	--a------	C:\Windows\System32\drivers\srv.sys
2008-10-11 00:13 . 2008-10-11 00:13	<DIR>	d--------	C:\Program Files\Belt Generator
2008-10-09 19:05 . 2008-10-09 19:05	<DIR>	d--------	C:\Users\All Users\Winamp Toolbar
2008-10-09 19:05 . 2008-10-09 19:05	<DIR>	d--------	C:\ProgramData\Winamp Toolbar
2008-10-09 19:05 . 2008-10-09 19:05	<DIR>	d--------	C:\Program Files\Winamp Toolbar
2008-10-09 19:04 . 2008-10-09 19:04	<DIR>	d--------	C:\Users\All Users\OrbNetworks
2008-10-09 19:04 . 2008-10-09 19:04	<DIR>	d--------	C:\ProgramData\OrbNetworks
2008-10-09 19:04 . 2008-10-09 19:04	<DIR>	d--------	C:\Program Files\Winamp Remote
2008-10-09 19:02 . 2008-10-30 14:13	<DIR>	d--------	C:\Users\Arni\AppData\Roaming\Winamp
2008-10-09 11:04 . 2008-10-09 11:04	<DIR>	d--------	C:\sig
2008-10-09 03:51 . 2008-10-09 03:51	<DIR>	d--------	C:\Windows\Downloaded Installations
2008-10-06 00:06 . 2008-11-03 00:45	<DIR>	d--------	C:\Users\Arni\AppData\Roaming\Hamachi
2008-10-05 16:18 . 2008-10-05 16:18	<DIR>	d--------	C:\Program Files\Chami
2008-10-05 15:53 . 2008-10-05 15:53	<DIR>	d--------	C:\Program Files\ConTEXT
2008-10-05 14:57 . 2008-10-05 15:18	<DIR>	d--------	C:\Users\Arni\AppData\Roaming\HateML
2008-10-05 14:57 . 2008-10-05 14:57	<DIR>	d--------	C:\Program Files\Migajek Software
2008-10-03 19:44 . 2008-10-03 19:44	104,907	--a------	C:\R1003__20_44_44.mp3
2008-10-03 19:43 . 2008-10-03 19:44	63,111	--a------	C:\R1003__20_43_55.mp3

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 19:40	---------	d-----w	C:\Users\Arni\AppData\Roaming\gtk-2.0
2008-11-01 18:08	---------	d-----w	C:\Users\Arni\AppData\Roaming\DNA
2008-11-01 17:41	---------	d-----w	C:\Program Files\Yahoo!
2008-10-31 22:38	---------	d-----w	C:\Users\Arni\AppData\Roaming\skypePM
2008-10-31 22:38	---------	d-----w	C:\Users\Arni\AppData\Roaming\Skype
2008-10-27 18:27	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-10-27 14:25	---------	d-----w	C:\ProgramData\Symantec
2008-10-27 01:17	---------	d-----w	C:\Users\Arni\AppData\Roaming\Cream Software
2008-10-27 01:16	---------	d-----w	C:\Program Files\Acer GameZone
2008-10-27 01:15	---------	d-----w	C:\Users\Arni\AppData\Roaming\EditPlus 3
2008-10-16 09:18	---------	d-----w	C:\Program Files\Windows Mail
2008-10-09 18:05	---------	d-----w	C:\Program Files\Winamp
2008-10-09 02:32	---------	d-----w	C:\Users\Arni\AppData\Roaming\BitTorrent
2008-10-03 19:24	---------	d-----w	C:\Users\Arni\AppData\Roaming\NCH Software
2008-10-03 19:21	---------	d-----w	C:\Users\Arni\AppData\Roaming\NCH Swift Sound
2008-10-03 19:21	---------	d-----w	C:\ProgramData\NCH Swift Sound
2008-10-03 19:21	---------	d-----w	C:\Program Files\NCH Swift Sound
2008-10-02 03:49	826,368	----a-w	C:\Windows\System32\wininet.dll
2008-10-02 03:49	56,320	----a-w	C:\Windows\System32\iesetup.dll
2008-10-02 03:49	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll
2008-10-02 03:48	26,624	----a-w	C:\Windows\System32\ieUnatt.exe
2008-09-29 16:14	---------	d-----w	C:\ProgramData\FLEXnet
2008-09-29 16:09	---------	d-----w	C:\Program Files\QuickTime
2008-09-29 16:08	---------	d-----w	C:\Program Files\Bonjour
2008-09-29 16:07	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-09-29 15:57	---------	d-----w	C:\Program Files\Common Files\Macrovision Shared
2008-09-28 20:16	---------	d-----w	C:\Program Files\Gadu-Gadu
2008-09-28 02:41	---------	d-----w	C:\Program Files\Audacity
2008-09-23 23:30	---------	d-----w	C:\Program Files\MTA San Andreas
2008-09-23 21:00	---------	d-----w	C:\ProgramData\Apple
2008-09-23 21:00	---------	d-----w	C:\Program Files\Apple Software Update
2008-09-19 21:12	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-09-19 20:44	---------	d-----w	C:\Program Files\Google
2008-09-18 04:35	3,505,208	----a-w	C:\Windows\System32\ntkrnlpa.exe
2008-09-18 04:35	3,470,904	----a-w	C:\Windows\System32\ntoskrnl.exe
2008-09-16 18:21	---------	d-----w	C:\Program Files\GTA VC - NFS Undeground
2008-09-07 18:35	---------	d-----w	C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-09-07 18:31	---------	d-----w	C:\ProgramData\NCH Software
2008-09-07 18:23	---------	d-----w	C:\Users\Arni\AppData\Roaming\GHISLER
2008-07-09 01:11	174	--sha-w	C:\Program Files\desktop.ini
2008-03-22 16:42	32	----a-w	C:\Users\All Users\ezsid.dat
2008-03-22 16:42	32	----a-w	C:\ProgramData\ezsid.dat
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domy&para;lne, prawidłowe wpisy nie s&plusmn; pokazane 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 2131392]
"GoD"="C:\Users\Arni\Documents\GoD\GoD.exe" [2008-10-25 2517504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 51048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-08-04 36352]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 151552]

C:\Users\Arni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-10-30 625952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eNetHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Arni^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Arni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-05-22 23:49 151552 C:\Acer\AcerTour\Reminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-03-08 12:38 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2007-06-06 09:06 159744 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-09-26 19:58 289088 C:\Users\Arni\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-01-25 18:47 51048 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-02-14 00:09 486856 D:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2007-04-26 00:33 457216 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-11-14 11:54 2131392 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-01-02 17:06 166424 C:\Windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-01-02 17:07 141848 C:\Windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\isCfgWiz]
--a------ 2008-01-30 19:14 611712 C:\Program Files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
--a------ 2007-07-16 06:51 768520 C:\PROGRA~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
--a------ 2008-04-01 02:54 507904 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2008-02-06 23:49 718704 C:\Program Files\Norton AntiVirus\osCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--a------ 2007-06-22 02:25 155648 C:\Program Files\Acer\Acer Arcade\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-01-02 17:07 133656 C:\Windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-23 22:36 1232896 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:26 22014760 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2008-01-29 16:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
--a------ 2006-11-05 21:48 57344 C:\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-07-31 14:15 1006264 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-11-02 13:34 201728 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-07-06 04:06 4669440 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
--a------ 2007-06-15 09:45 1826816 C:\Windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{1048EC96-5F95-471B-BD1C-8C04C6B0F5EE}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{89786B70-1F30-4052-BEEA-53E5B46AF7A7}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare
"TCP Query User{69A763D6-E234-43FF-A87C-CB9AEACE48C6}D:\\totalcmd\\totalcmd.exe"= UDP:D:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{D5AEA4BF-CA39-4413-8E1B-BA47731879E6}D:\\totalcmd\\totalcmd.exe"= TCP:D:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{EEE8C0D0-58F0-4F4E-AB3D-92B72A5A4E9F}C:\\users\\arni\\downloads\\samp022server.win32\\samp-server.exe"= UDP:C:\users\arni\downloads\samp022server.win32\samp-server.exe:samp-server.exe
"UDP Query User{47DB0E9D-44B2-4B9B-86A9-B0CC18898929}C:\\users\\arni\\downloads\\samp022server.win32\\samp-server.exe"= TCP:C:\users\arni\downloads\samp022server.win32\samp-server.exe:samp-server.exe
"TCP Query User{019D490D-8BAA-4FF3-A733-098781FE93D7}D:\\program files\\bittorrent\\bittorrent.exe"= UDP:D:\program files\bittorrent\bittorrent.exe:?Torrent
"UDP Query User{8CE8ACE6-068E-4330-A9C7-AE8BE3B9BE62}D:\\program files\\bittorrent\\bittorrent.exe"= TCP:D:\program files\bittorrent\bittorrent.exe:?Torrent
"{A302C1D5-3535-4BF8-82ED-4F19F667DD56}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{E0A369FB-122B-403A-8A71-1D818E22F8D2}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{A28CEE32-EB60-49EF-A64C-6D9DE6B1A2CD}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{313F9F86-3A69-440F-9F6C-A19612E37E2C}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{33577111-35AA-4B4B-88FF-1ECD93E5C5D0}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{BDD73D3C-730A-484D-898C-AF9BA59DEFA5}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"TCP Query User{0B16BB1B-A245-4C89-B8A7-0CAB919E301C}C:\\program files\\gadu-gadu\\gg.exe"= UDP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"UDP Query User{7971AAAE-C7E6-47F3-9E6C-AEC2EE3FFFA6}C:\\program files\\gadu-gadu\\gg.exe"= TCP:C:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny
"{80526D25-D8C0-468D-894F-3C8C0868E5E0}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{7C4A923C-4918-4B63-8D9A-8D3670262682}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{754C697A-7090-4DDF-9764-5F673F7C8794}"= Disabled:UDP:C:\Program Files\DNA\btdna.exe:DNA
"{0A1D1762-AAFC-41E6-93D7-3AD80E6EE574}"= Disabled:TCP:C:\Program Files\DNA\btdna.exe:DNA
"TCP Query User{7C5C2D80-A992-448F-8389-2129396F303F}D:\\totalcmd\\totalcmd.exe"= Disabled:UDP:D:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{55789AEA-5FA2-4F14-9816-267A1F9AF24C}D:\\totalcmd\\totalcmd.exe"= Disabled:TCP:D:\totalcmd\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{54E4111C-EA65-445F-9031-6D83FC0425BA}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{455052A6-4D4A-4EA4-9EF9-88CCAC9A816F}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare
"TCP Query User{ED76607E-0D18-4634-AB08-F804306DDE66}C:\\users\\arni\\desktop\\serwer\\samp-server.exe"= UDP:C:\users\arni\desktop\serwer\samp-server.exe:samp-server.exe
"UDP Query User{7DD9D45A-C216-4D47-9A64-D2C6B98CEDCD}C:\\users\\arni\\desktop\\serwer\\samp-server.exe"= TCP:C:\users\arni\desktop\serwer\samp-server.exe:samp-server.exe
"TCP Query User{C29BCA89-2DC5-4D0E-B189-B4C2253E38B7}C:\\users\\arni\\desktop\\serwer\\samp-server.exe"= UDP:C:\users\arni\desktop\serwer\samp-server.exe:samp-server.exe
"UDP Query User{3614AA89-2A27-4E88-B6C3-E7F20B3C8D67}C:\\users\\arni\\desktop\\serwer\\samp-server.exe"= TCP:C:\users\arni\desktop\serwer\samp-server.exe:samp-server.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
"D:\\Program Files\\BitTorrent\\bittorrent.exe"= D:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-02-05 41008]
S2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ	   PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c778688-ef6b-11dc-99a1-001b38596c8c}]
\shell\AutoRun\command - F:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89b9ce76-c7a3-11dc-8a66-001b38596c8c}]
\shell\AutoRun\command - F:\setup.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-SetPanel - C:\Acer\APanel\APanel.cmd


.
------- Skan uzupełniaj&plusmn;cy -------
.
FireFox -: Profile - C:\Users\Arni\AppData\Roaming\Mozilla\Firefox\Profiles\pvoaxf0b.default\
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Yahoo!\common\npyaxmpb.dll
FF -: plugin - C:\Users\Arni\Program Files\DNA\plugins\npbtdna.dll
.
.
------- Skojarzenia plików -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]
Rootkit scan 2008-11-03 00:45:31
Windows 6.0.6000  NTFS

skanowanie ukrytych procesów ... 

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ... 

skanowanie pomy&para;lnie ukończone
ukryte pliki: 0

**************************************************************************
.
Czas ukończenia: 2008-11-03  0:49:10
ComboFix-quarantined-files.txt  2008-11-02 23:49:06

Przed: 10 014 220 288 bytes free
Po: 9,990,598,656 bytes free

309	--- E O F ---	2008-11-01 02:01:29

Proszę o pomoc

0

Do góry

#2 Macsch15

Profesjonalista

3 705 postów

Napisano 03 11 2008 - 23:17

podaj jeszcze log z hijack this

0

Do góry

#3 Kopecki997

Nowy

4 postów

Napisano 03 11 2008 - 23:29

Proszę:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28:07, on 2008-11-03
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://pl.intl.acer.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: <a href="http://www.download.net.pl/1/Winamp/">Winamp</a> Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\<a href="http://www.download.net.pl/1/Winamp/">Winamp</a> Toolbar\winamptb.dll
O2 - BHO: (no name) - {37B85A21-692B-4205-9CAD-2626E4993404} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: <a href="http://www.download.net.pl/1/Winamp/">Winamp</a> Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\<a href="http://www.download.net.pl/1/Winamp/">Winamp</a> Toolbar\winamptb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [<a href="http://www.download.net.pl/1/Winamp/">Winamp</a>Agent] "C:\Program Files\<a href="http://www.download.net.pl/1/Winamp/">Winamp</a>\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7374 bytes

0

Do góry

#4 Macsch15

Profesjonalista

3 705 postów

Napisano 03 11 2008 - 23:47

w hijack

O2 - BHO: (no name) - {37B85A21-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

te powyższe wpisy sfiksuj"
>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked.