Blad systemu32- loga

[polak]

mam maly problem nie moge zinstalowac wiekszosc programow caly czas mi
wywala ze blad systemu32

oto log


ComboFix 08-10-31.02 - topol 2008-11-01 18:04:58.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.488 [GMT 1:00]
Uruchomiony z: E:\instalki\antywirus\ComboFix.exe
* Utworzono nowy punkt przywracania
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\08dgu.com
C:\9.cmd
C:\b.exe
C:\nfdmg.com
C:\pnt.com
C:\WINDOWS\system32\Bitkv0.dll
C:\xih9.cmd
E:\08dgu.com
E:\68.exe
E:\9.cmd
E:\b.exe
E:\nfdmg.com
E:\pnt.com
E:\xih9.cmd
F:\08dgu.com
F:\68.exe
F:\9.cmd
F:\b.exe
F:\nfdmg.com
F:\pnt.com
F:\xih9.cmd

.
((((((((((((((((((((((((( Pliki utworzone od 2008-10-01 do 2008-11-01 )))))))))))))))))))))))))))))))
.

2008-11-01 10:34 . 2008-11-01 10:34 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-11-01 10:21 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-11-01 10:19 . 2008-11-01 10:19 <DIR> d-------- C:\Program Files\MSBuild
2008-11-01 10:19 . 2008-11-01 10:19 <DIR> d-------- C:\Program Files\Microsoft Works
2008-11-01 10:18 . 2008-11-01 10:18 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-11-01 10:16 . 2008-11-01 10:16 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-11-01 10:15 . 2008-11-01 10:23 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-11-01 10:14 . 2008-11-01 10:14 <DIR> dr-h----- C:\MSOCache
2008-10-28 19:21 . 2008-10-28 19:21 <DIR> d-------- C:\Program Files\Global Graphics
2008-10-28 19:21 . 2008-06-27 22:28 2,256,896 --a------ C:\WINDOWS\system32\PDFCreatorSV.exe
2008-10-28 19:21 . 2008-06-27 22:28 598,016 --a------ C:\WINDOWS\system32\PDFCreator.cpl
2008-10-28 19:21 . 2008-06-27 22:26 466,944 --a------ C:\WINDOWS\system32\EventConsumer.dll
2008-10-28 19:21 . 2008-06-27 22:28 319,488 --a------ C:\WINDOWS\system32\PDFCreator.dll
2008-10-28 19:21 . 2008-06-27 22:20 282,624 --a------ C:\WINDOWS\system32\niknakXML.dll
2008-10-28 19:21 . 2008-06-27 22:25 143,360 --a------ C:\WINDOWS\system32\PDFCreatorMessages.exe
2008-10-28 19:21 . 2007-07-06 06:37 135,168 --a------ C:\WINDOWS\system32\expat.dll
2008-10-28 19:21 . 2006-05-03 22:24 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2008-10-28 19:21 . 2006-09-18 15:50 28,672 --a------ C:\WINDOWS\system32\JawsMacroUtils.dll
2008-10-22 08:59 . 2008-10-22 14:01 104,123 -r-hs---- C:\xlk9.com
2008-10-21 11:00 . 2008-10-21 11:06 <DIR> d-------- C:\Documents and Settings\topol\Dane aplikacji\EPANET
2008-10-18 10:53 . 2008-10-22 08:59 105,018 -r-hs---- C:\2fiji.com
2008-10-13 12:27 . 2008-10-14 15:49 114,637 -r-hs---- C:\kg2v.com
2008-10-05 20:39 . 2008-10-05 20:39 1,104 --a------ C:\WINDOWS\bestplayer.ini
2008-10-05 20:39 . 2008-10-05 20:39 0 --a------ C:\WINDOWS\bestplayer.bpp
2008-10-05 20:39 . 2008-10-05 20:39 0 --a------ C:\WINDOWS\bestplayer.bbt
2008-10-05 20:33 . 2008-10-05 20:34 <DIR> d-------- C:\BESTplayer
2008-10-05 20:32 . 2008-10-05 20:32 <DIR> d-------- C:\Documents and Settings\topol\Dane aplikacji\BESTplayer

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-01 17:07 --------- d-----w C:\Program Files\neostrada tp
2008-11-01 14:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\TrackMania
2008-11-01 10:06 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-11-01 10:03 --------- d-----w C:\Program Files\HP
2008-11-01 09:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-11-01 09:33 --------- d-----w C:\Program Files\Java
2008-11-01 09:33 --------- d-----w C:\Program Files\EPA SWMM 5.0
2008-11-01 09:32 --------- d-----w C:\Program Files\Winamp
2008-11-01 09:32 --------- d-----w C:\Program Files\Doom 3
2008-10-31 13:36 196,608 ----a-w C:\WINDOWS\system32\drivers\aStandard.bin
2008-10-21 10:00 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2008-10-21 10:00 --------- d-----w C:\Program Files\EPANET2
2008-10-05 19:36 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-09-29 15:32 --------- d-----w C:\Program Files\AC3Filter
2008-09-23 19:47 --------- d-----w C:\Program Files\Eidos
2008-09-15 16:29 --------- d-----w C:\Program Files\Opera
2008-09-11 16:03 --------- d-----w C:\Program Files\DivX
2008-09-10 12:33 96,047 --sh--r C:\39lpji.com
2008-09-10 08:53 --------- d-----w C:\Program Files\Real Alternative
2008-02-07 17:05 56 --sh--r C:\WINDOWS\system32\25F4EBC6D2.sys
2008-07-08 07:58 3,963,864,557 --sha-w C:\WINDOWS\system32\adsntk.sys
2008-02-07 17:05 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2006-08-10 14:48 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 17:53 360832 ea3d7525f41beb321c3f6e2162277e92 C:\WINDOWS\system32\DllCache\tcpip.sys
2007-10-30 17:53 360832 ea3d7525f41beb321c3f6e2162277e92 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( snapshot_2008-11-01_16.29.26.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-01 15:22:04 59,780 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-11-01 16:17:24 59,780 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-11-01 15:22:04 76,208 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-11-01 16:17:24 76,208 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2008-11-01 15:22:04 397,560 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-11-01 16:17:24 397,560 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-11-01 15:22:04 454,178 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-11-01 16:17:24 454,178 ----a-w C:\WINDOWS\system32\perfh015.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2006-12-19 1093632]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-28 68856]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 486856]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-07-24 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\GestMaj.exe" [2004-10-14 32768]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"FastDow"="C:\FastDow\FastDow.exe" [2008-11-01 2259968]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-27 36352]
"PDFCreatorClient"="C:\Program Files\Global Graphics\Jaws PDF Creator 5\PDFClient.exe" [2008-06-27 471040]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-07-24 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-25 805392]
Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2004-02-25 10872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\FastDow\\FastDow.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10752]
R4 atidgllk;atidgllk;C:\Program Files\ASUS\SmartDoctor\atidgllk.sys [2005-10-20 5376]
S1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [ ]
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\c6501.sys [ ]
S3 st3bus28;st3bus28;C:\WINDOWS\system32\DRIVERS\st3bus28.sys [2002-12-28 8416]
S3 st3mp28;st3mp28;C:\WINDOWS\system32\DRIVERS\st3mp28.sys [2002-12-28 95328]
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0036bd06-300b-11dd-b46b-000e50f0076f}]
\Shell\AutoRun\command - I:\xih9.cmd
\Shell\explore\Command - I:\xih9.cmd
\Shell\open\Command - I:\xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b10067a-799c-11dd-b513-000e50f0076f}]
\Shell\AutoRun\command - H:\o.exe
\Shell\explore\Command - H:\o.exe
\Shell\open\Command - H:\o.exe
.
- - - - USUNIĘTO PUSTE WPISY - - - -

SafeBoot-Wingm28.sys


.
------- Skan uzupełniający -------
.
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wm ... Ojg5&lid=2
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: E&ksportuj do programu Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 -: { - C:\Program Files\Messenger\msmsgs.exe
O9 -: {C:\Program Files\Messenger\msmsgs.exe - -
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 18:07:42
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\COMSysAppNla]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\NlaNtmsSvc]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\NlaNtmsSvcHidServ]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\RpcLocatorWmdmPmSN]
"ImagePath"="đ%€|x\01\09 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet008\Services\TermServiceATKKeyboardService]
"ImagePath"="đ%€|x\01\09 srv"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

PROCES: C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\tsd32.dll
C:\WINDOWS\system32\ac3filter.acm
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PDFCreatorMessages.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\PROGRA~1\NEOSTR~1\TaskBarIcon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Czas ukończenia: 2008-11-01 18:10:15 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-11-01 17:09:59
ComboFix2.txt 2008-11-01 15:29:59
ComboFix3.txt 2008-08-16 16:16:37
ComboFix4.txt 2008-06-15 10:12:36
ComboFix5.txt 2008-11-01 16:38:05

Przed: 5 727 354 880 bajtów wolnych
Po: 5,716,938,752 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

266 --- E O F --- 2008-02-11 06:39:41

[polak]

a jeszcze jedno naprawialem bledy windowsa

[huber2t]

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\xlk9.com
C:\2fiji.com
C:\kg2v.com
C:\39lpji.com

Driver::
asusgsb
c65013264

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"updateMgr"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"=-
"NeroFilterCheck"=-
"HP Software Update"=-
"WinampAgent"=-
"GrooveMonitor"=-
"SunJavaUpdateSched"=-
"Kernel and Hardware Abstraction Layer"=-


Plik zapisz jako CFScript.txt.
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu->

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://www.wklej.eu a w poście dajesz tylko link

[polak]

http://www.wklej.eu/index.php?id=8bf79b8bfc

[huber2t]

Log wygląda na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

http://www.instalki.pl/programy/downloa ... ureIT.html