Proszę o sprawdzenie log'a, trojanDownloader.Wigon.bs
witam.zamuliło mi kompa prosze o sprawdzenie logów
jak i gdzie sprawdzić ładowanie alternatora + pytanie o akku
moze ktos sprawdzic mi log?prosze
Dysk Twardy: nowy czy "z odzysku"_jak sprawdzić?
Proszę o sprawdzenie Loag z HiJack
Prosze o sprawdzenie. Kompletnie sie na tym niz znam :)
Proszę o sprawdzenie logów z HijackThis
sprawdzie moje logi plx
Bardzo prosze o sprawdzenie Logu :(
chomiki
To jest mój Log i mam prośbe o sprawdzenie jego bo chyba mam robaka(adware) i zrywa mi sie połączenie z netem. POMOCYLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:25, on 2009-07-19
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Nowe Gadu-Gadu\gg.exe
C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com...avilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com...avilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com...avilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Wyszukiwarka na pasku narzędzi AOL - C:\ProgramData\AOL\ieToolbar\resources\pl-PL\local\search.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
--
End of file - 10626 bytes
Fix w HijackThis:
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
Wykonaj pełne skanowanie Malwarebytes' Anti-Malware - usuwasz wszystko co znajdzie i dajesz log na forum
to jest nowy Log po przeskanowaniu tym programem. Znalazł 40 infekcji w tym trojana. Wszystko usunięte. Te dwie pozycje z hijackthis też usunięte. Oto Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:36, on 2009-07-20
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com...avilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google/pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com...avilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com...avilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\Pasek narzędzi AOL 5.0\aoltb.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'USŁUGA SIECIOWA')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Wyszukiwarka na pasku narzędzi AOL - C:\ProgramData\AOL\ieToolbar\resources\pl-PL\local\search.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
--
End of file - 10289 bytes
A to Log z malwarebytes po skanowaniu:
Malwarebytes' Anti-Malware 1.39
Wersja bazy definicji: 2466
Windows 6.0.6001 Service Pack 1
2009-07-20 18:04:20
mbam-log-2009-07-20 (18-04-20).txt
Typ skanowania: Pełne skanowanie (C:\|D:\|E:\|H:\|X:\|)
Przeskanowane obiekty: 259489
Upłynęło: 2 hour(s), 16 minute(s), 40 second(s)
Zainfekowane procesy w pamięci: 0
Zainfekowane moduły pamięci: 0
Zainfekowane klucze rejestru: 18
Zainfekowane wartości rejestru: 1
Zainfekowane pliki rejestru: 0
Zainfekowane foldery: 6
Zainfekowane pliki: 15
Zainfekowane procesy w pamięci:
(Nie wykryto groźnych plików)
Zainfekowane moduły pamięci:
(Nie wykryto groźnych plików)
Zainfekowane klucze rejestru:
HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin.1 (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{37b85a20-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{09571a4b-f1fe-4c60-9760-de6d310c7c31} (Backdoor.Bot) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{345caa15-4f12-4a28-afe9-383625563a83} (Backdoor.Bot) Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f23b1f18-cb1a-47ed-a1fe-b60494a626d0} (Backdoor.Bot) Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) Quarantined and deleted successfully.
Zainfekowane wartości rejestru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) Quarantined and deleted successfully.
Zainfekowane pliki rejestru:
(Nie wykryto groźnych plików)
Zainfekowane foldery:
C:\Program Files\MyGlobalSearch (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\1.bin (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\History (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Settings (Adware.MyWebSearch) Quarantined and deleted successfully.
Zainfekowane pliki:
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache\006951B9 (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache\006954B6 (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache\006956E7.bin (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache\006959E4.bin (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache\00695BC7.bin (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Cache\files.ini (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\History\search (Adware.MyWebSearch) Quarantined and deleted successfully.
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm (Adware.MyWebSearch) Quarantined and deleted successfully.
C:\Windows\HOSTS (Trojan.Agent) Quarantined and deleted successfully.
Ok, daj jeszcze dla pewności log z DDS
To jest Log z DDS>>>>>dość obszerny, a potem ten drugi co wyskoczył( Attach):
1.
DDS (Ver_09-06-26.01) - NTFSx86
Run by Robert at 22:51:54,80 on 2009-07-20
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.48.1045.18.3068.1408 [GMT 2:00]
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
X:\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://google/pl/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=pl_pl&c=83&bd=Pavilion&pf=cnnb
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\pasek narzędzi aol 5.0\aoltb.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\pasek narzędzi aol 5.0\aoltb.dll
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Wyszukiwarka na pasku narzędzi AOL - c:\programdata\aol\ietoolbar\resources\pl-pl\local\search.html
IE: E&ksport do programu Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli DPPWDFLT
================= FIREFOX ===================
FF - ProfilePath - c:\users\robert\appdata\roaming\mozilla\firefox\profiles\vxvnddjs.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/pl/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\robert\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
============= SERVICES / DRIVERS ===============
R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2009-2-19 77004]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-21 335752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_a7e996cd\AEstSrv.exe [2008-10-22 77824]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-7-2 298776]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-18 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-25 361808]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-7-9 603904]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-4-27 599344]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-25 193840]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-4-17 114528]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-2-23 3715072]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-14 43552]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-4-27 40752]
S3 Axtmvflt;Axesstel USB Filter Service;c:\windows\system32\drivers\Axtmvflt.sys [2009-4-6 6144]
S3 Axtmvprt;Axesstel Diagnostic Port;c:\windows\system32\drivers\Axtmvprt.sys [2009-4-6 38784]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet — NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
=============== Created Last 30 ================
2009-07-20 15:44 <DIR> --d----- c:\users\robert\appdata\roaming\Malwarebytes
2009-07-20 15:44 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-20 15:44 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-20 15:44 <DIR> --d----- c:\programdata\Malwarebytes
2009-07-20 15:44 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-20 15:44 <DIR> --d----- c:\progra~2\Malwarebytes
2009-07-19 21:11 <DIR> --d----- c:\program files\Trend Micro
2009-07-19 18:28 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-07-19 18:28 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-07-19 18:27 <DIR> --d----- c:\users\robert\appdata\roaming\SUPERAntiSpyware.com
2009-07-19 18:27 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-19 18:26 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-19 17:58 23 a--sh--- c:\windows\system32\edacded0.dat
2009-07-19 17:58 23 a------- c:\windows\system32\bcdadac7.xml
2009-07-19 17:58 <DIR> --d----- c:\program files\jv16 PowerTools 2009
2009-07-19 15:05 <DIR> --d----- c:\programdata\Google
2009-07-19 15:04 <DIR> --d----- c:\users\robert\Bluetooth Software
2009-07-19 14:54 <DIR> --d----- c:\windows\system32\drivers\disdn
2009-07-15 20:52 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-15 20:52 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-15 20:52 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-15 20:52 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-10 13:38 <DIR> --d----- C:\MFT 14413
2009-07-09 22:52 603,904 a------- c:\windows\system32\TUProgSt.exe
2009-07-09 22:52 27,904 a------- c:\windows\system32\uxtuneup.dll
2009-07-09 22:52 17,152 a------- c:\windows\system32\authuitu.dll
2009-07-09 22:52 360,192 a------- c:\windows\system32\TuneUpDefragService.exe
2009-07-09 22:52 <DIR> --d----- c:\users\robert\appdata\roaming\TuneUp Software
2009-07-09 22:51 <DIR> --d----- c:\program files\TuneUp Utilities 2009
2009-07-09 22:51 <DIR> --d----- c:\programdata\TuneUp Software
2009-07-09 22:51 <DIR> --d----- c:\progra~2\TuneUp Software
2009-07-09 22:50 <DIR> --dsh--- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-09 22:50 <DIR> --dsh--- c:\progra~2\{55A29068-F2CE-456C-9148-C869879E2357}
2009-07-09 22:30 <DIR> --d----- C:\Nostale(PL)
2009-07-09 21:52 <DIR> --d----- c:\programdata\Fighters
2009-07-09 21:52 <DIR> --d----- c:\progra~2\Fighters
2009-07-09 12:22 <DIR> --d----- c:\users\robert\appdata\roaming\ipla
2009-07-09 12:22 <DIR> --d----- c:\programdata\ipla
2009-07-09 12:22 <DIR> --d----- c:\progra~2\ipla
2009-07-05 15:23 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-07-05 15:23 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-05 15:23 <DIR> --d----- c:\program files\iPod
2009-07-05 15:22 <DIR> --d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-05 15:22 <DIR> --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-05 15:22 <DIR> --d----- c:\program files\iTunes
2009-07-05 15:17 <DIR> --d----- c:\programdata\Apple Computer
2009-06-29 14:53 <DIR> --d----- c:\programdata\AVG Security Toolbar
2009-06-29 14:53 <DIR> --d----- c:\progra~2\AVG Security Toolbar
2009-06-27 23:28 <DIR> --d----- c:\program files\NAPI-PROJEKT
2009-06-23 20:01 <DIR> --d----- c:\users\robert\appdata\roaming\OpenFM
2009-06-21 23:12 <DIR> --d----- c:\users\robert\appdata\roaming\Nowe Gadu-Gadu
2009-06-21 23:12 <DIR> --d----- c:\program files\Nowe Gadu-Gadu
==================== Find3M ====================
2009-07-20 18:06 146,198 a------- c:\programdata\nvModes.dat
2009-07-20 18:06 146,198 a------- c:\progra~2\nvModes.dat
2009-07-20 18:04 5,332 a------- c:\windows\bthservsdp.dat
2009-07-20 10:39 662,056 a------- c:\windows\system32\perfh015.dat
2009-07-20 10:39 126,908 a------- c:\windows\system32\perfc015.dat
2009-07-19 15:03 86,016 a------- c:\windows\inf\infpub.dat
2009-07-19 14:52 143,360 a------- c:\windows\inf\infstrng.dat
2009-07-19 14:29 143,360 a------- c:\windows\inf\infstor.dat
2009-07-09 23:36 174 a--sh--- c:\program files\desktop.ini
2009-07-08 09:54 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 11:48 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-02 16:24 4,902 a------- c:\windows\unins000.dat
2009-05-09 07:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-09 07:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-06 11:58 665,600 a------- c:\windows\inf\drvindex.dat
2009-05-06 11:51 319,456 a------- c:\windows\DIFxAPI.dll
2009-05-06 10:18 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-30 14:37 293,376 a------- c:\windows\system32\psisdecd.dll
2009-04-30 14:37 428,544 a------- c:\windows\system32\EncDec.dll
2009-04-23 14:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 14:42 636,928 a------- c:\windows\system32\localspl.dll
2009-03-08 21:39 2,331,174 a------- c:\programdata\Karaoke.exe
2009-03-08 21:39 2,331,174 a------- c:\progra~2\Karaoke.exe
2009-02-20 23:27 2,989,660 a------- c:\programdata\DVD.exe
2009-02-20 23:27 2,989,660 a------- c:\progra~2\DVD.exe
2009-02-05 22:57 2,231,606 a------- c:\programdata\Games.exe
2009-02-05 22:57 2,231,606 a------- c:\progra~2\Games.exe
2009-02-05 22:57 3,063,561 a------- c:\programdata\MobileTV.exe
2009-02-05 22:57 3,063,561 a------- c:\progra~2\MobileTV.exe
2009-02-05 22:57 2,864,396 a------- c:\programdata\MPV.exe
2009-02-05 22:57 2,864,396 a------- c:\progra~2\MPV.exe
2008-08-25 16:31 332,832 a------- c:\windows\inf\perflib\0415\perfi.dat
2008-08-25 16:31 332,832 a------- c:\windows\inf\perflib\0415\perfh.dat
2008-08-25 16:31 37,468 a------- c:\windows\inf\perflib\0415\perfd.dat
2008-08-25 16:31 37,468 a------- c:\windows\inf\perflib\0415\perfc.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
============= FINISH: 22:52:33,86 ===============
2.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-06-26.01)
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2008-10-22 10:10:24
System Uptime: 2009-07-20 18:05:41 (4 hours ago)
Motherboard: Compal | | 30F4
Processor: Intel(R) Core(TM)2 Duo CPU P7350 @ 2.00GHz | CPU | 800/1066mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 170 GiB total, 120,569 GiB free.
D: is FIXED (NTFS) - 116 GiB total, 115,289 GiB free.
E: is FIXED (NTFS) - 8 GiB total, 1,115 GiB free.
H: is FIXED (NTFS) - 55 GiB total, 54,144 GiB free.
X: is FIXED (NTFS) - 116 GiB total, 47,738 GiB free.
==== Disabled Device Manager Items =============
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C0D4\7&211C41CB&0&002345B3E148_C00000001
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771301-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C0D4\7&211C41CB&0&002345B3E148_C00000001
Service:
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C0D4\7&211C41CB&0&002345B3E148_C00000001
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{8E771401-0000-1000-8000-00805F9B34FB}_VID&00010000_PID&C0D4\7&211C41CB&0&002345B3E148_C00000001
Service:
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: Stacja dysków CD-ROM
Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GSA-T50L________________SC04____\5&2A7CE002&0&4.0.0
Manufacturer: (Standardowe stacje dysków CD-ROM)
Name: HL-DT-ST DVDRAM GSA-T50L ATA Device
PNP Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GSA-T50L________________SC04____\5&2A7CE002&0&4.0.0
Service: cdrom
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: Stacja dysków CD-ROM
Device ID: SCSI\CDROM&VEN_BW3746R&PROD_PCA603Z&REV_1.0\5&12717004&0&000000
Manufacturer: (Standardowe stacje dysków CD-ROM)
Name: BW3746R PCA603Z SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_BW3746R&PROD_PCA603Z&REV_1.0\5&12717004&0&000000
Service: cdrom
==== System Restore Points ===================
RP366: 2009-07-19 14:42:52 - Removed Google Earth.
RP367: 2009-07-19 17:23:24 - Windows Update
RP368: 2009-07-19 18:26:59 - Installed SUPERAntiSpyware Free Edition
RP369: 2009-07-20 18:29:52 - Windows Update
==== Installed Programs ======================
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.0 - Polish
Adobe Shockwave Player
Aktualizator Google
Audacity 1.3.6 (Unicode)
AVG Free 8.5
Axesstel Data Modem Driver
CDex extraction audio
CyberLink DVD Suite
CyberLink YouCam
DigitalPersona Personal 3.0.1
EMEA02
ESU for Microsoft Vista
Google Gears
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Quick Launch Buttons 6.40 D1
HP QuickPlay 3.7
HP QuickTouch 1.00 D2
HP Update
HP User Guides 0103
HP Wireless Assistant
HPNetworkAssistant
IDT Audio
iTunes
Java(TM) 6 Update 13
Java(TM) 6 Update 6
JMicron JMB38X Flash Media Controller
jv16 PowerTools 2009
K-Lite Codec Pack 3.5.0 Standard
LabelPrint
LightScribe System Software 1.12.33.2
Malwarebytes' Anti-Malware
MediaCoder 0.7.0.4370
Microsoft .NET Framework 3.5 Language Pack SP1 - plk
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (Polish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Polish) 2007
Microsoft Office Groove MUI (Polish) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (Polish) 2007
Microsoft Office OneNote MUI (Polish) 2007
Microsoft Office Outlook MUI (Polish) 2007
Microsoft Office PowerPoint MUI (Polish) 2007
Microsoft Office PowerPoint Viewer 2007 (Polish)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Polish) 2007
Microsoft Office Proofing (Polish) 2007
Microsoft Office Publisher MUI (Polish) 2007
Microsoft Office Shared MUI (Polish) 2007
Microsoft Office Word MUI (Polish) 2007
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB954430)
My Global Search Bar
NAPIPROJEKT 1.0.6.2
Niezbędnik CD
Nostale Online PL (Remove)
Nowe Gadu-Gadu
NVIDIA Drivers
Opera 9.21
Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
Pakiet zgodności dla systemu Office 2007
Pasek narzędzi AOL 5.0
Power2Go
PowerDirector
Project64 1.6
ProtectSmart Hard Drive Protection
QuickPlay SlingPlayer 0.4.6
Real Alternative 1.60
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Słownik angielsko-polski wersja 2.24
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Skype™ 4.0
Software Informer 1.0 BETA
Sony Ericsson PC Suite 4.010.00
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Tłumacz Komputerowy - Angielski 2
TuneUp Utilities 2009
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Validity Sensors software
VideoLAN VLC media player 0.8.6i
Winamp
Windows Essentials Media Codec Pack 1.0
Windows Live Messenger
WinRAR archiver
==== End Of File ===========================
Jak włączyłem Nowe GG to pojawił mi sie komunikat, że proces hosta przestał działć i system zdarzeń com+ przestał działać. Może usunąć GG??
Nic tu więcej nie widzę.
Opróżnij kwarantannę Malwarebytes.
Przeczyść system oraz rejestr CCleaner
Wyłącz i włącz przywracanie systemu na wszystkich dyskach Instrukcja
Dzieki wielkie za pomoc;>>> Wielki SZACUN
