Saser-prosze o sprawdzenie loga

przez **optimus9292** » 04 Sty 2008, 16:48

Od kilku dni mam problemy z kompem pokazuje się błąd C:\Windows\system32\lssas.exe system zostanie wyłączony za około 60s no i komputer się restartuje, czytałem że to najprawdopodobniej saser. Daje Logi
Combofix http://wklej.org/txt/8a70379666 (co mnie bardzo zdziwiło podczas robienia loga system się nie restartował)
Hijack http://wklej.org/txt/afc6ef2601
Silent Runners http://wklej.org/txt/8c7c27514e

przez **pp3088** » 04 Sty 2008, 17:41

Sciągasz ten program - WWDC

Zamieniasz znaczki na zielone.

Po akcji usuwasz w HiJack

O4 - HKLM..Run: [Microsoft Winedows rpdate] zpacdh.exe
O4 - HKLM..RunServices: [Microsoft Windows Updeta] kfgbcg.exe
O4 - HKLM..RunServices: [Microsoft Winedows rpdate] zpacdh.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:BitComettoolsBitCometBHO_1.1.11.30.dll/206 (file missing)

Wklej do Notatnika:

File::
C:\WINDOWS\system32\hqghumea.dll
C:\WINDOWS\system32\cxdsfs.exe
C:\WINDOWS\system32\driversfidbox.dat
C:\WINDOWS\system32\dsfds.pif
C:\WINDOWS\system32\cg.exe
C:\WINDOWS\system32\vinampd.exe
C:\WINDOWS\system32\mccaffe32.exe
C:\WINDOWS\system32\mysnlive.exe
C:\WINDOWS\system\322958199783.dat
C:\WINDOWS\system32\sysrest32.exe
C:\WINDOWS\system32\driversoreans32.sys
C:WINDOWSsystem32azwkpo.exe
C:\WINDOWS\system32\kfgbcg.exe
C:\WINDOWS\system32\zpacdh.exe
C:\WINDOWS\system32\antivir32.exe

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->

Ma się rozpocząć usuwanie. (i powstanie log).
Po restarcie usuń ręcznie folder C: \Qoobox.

przez **optimus9292** » 04 Sty 2008, 18:56

Zrobiłem tak jak kazałeś, a to log z Combofixa

ComboFix 07-12-31.4 - Dom 2008-01-04 17:40:37.5 - NTFSx86

Running from: C:\Documents and Settings\Dom\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dom\Pulpit\CFScript.txt

FILE
C:\WINDOWS\system\322958199783.dat
C:\WINDOWS\system32\antivir32.exe
C:\WINDOWS\system32\cg.exe
C:\WINDOWS\system32\cxdsfs.exe
C:\WINDOWS\system32\driversfidbox.dat
C:\WINDOWS\system32\driversoreans32.sys
C:\WINDOWS\system32\dsfds.pif
C:\WINDOWS\system32\hqghumea.dll
C:\WINDOWS\system32\kfgbcg.exe
C:\WINDOWS\system32\mccaffe32.exe
C:\WINDOWS\system32\mysnlive.exe
C:\WINDOWS\system32\sysrest32.exe
C:\WINDOWS\system32\vinampd.exe
C:\WINDOWS\system32\zpacdh.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\a.bat
C:\WINDOWS\system32\cg.exe
C:\WINDOWS\system32\cxdsfs.exe
C:\WINDOWS\system32\dsfds.pif
C:\WINDOWS\system32\hqghumea.dll
C:\WINDOWS\system32\kfgbcg.exe
C:\WINDOWS\system32\mysnlive.exe
C:\WINDOWS\system32\sysrest32.exe
C:\WINDOWS\system32\vinampd.exe
C:\WINDOWS\system32\zpacdh.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-04 to 2008-01-04 )))))))))))))))))))))))))))))))
.

2008-01-04 13:11 . 2008-01-04 13:12 548,864 --a------ C:\WINDOWS\system32\igfxsrvc32.exe
2008-01-03 21:51 . 2008-01-03 21:51 2,855 --a------ C:\WINDOWS\system32\win32.PIF
2008-01-03 21:50 . 2008-01-03 21:50 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-03 19:06 . 2008-01-03 19:06 393,216 -r-hsc--- C:\WINDOWS\system32\dllcache\msfav32.exe
2008-01-03 19:03 . 2008-01-03 19:03 0 --a------ C:\WINDOWS\system32\ftpupd.exe
2008-01-03 19:00 . 2008-01-03 19:00 1,204,224 ---hs---- C:\WINDOWS\system32\msygl32.exe
2008-01-03 19:00 . 2008-01-04 17:23 0 --a------ C:\adware.exe
2008-01-03 15:52 . 2008-01-03 21:26 73 --a------ C:\WINDOWS\system32\i
2008-01-03 15:48 . 2008-01-03 15:49 <DIR> d-------- C:\Program Files\Silent
2008-01-03 15:43 . 2008-01-03 15:43 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-03 15:42 . 2008-01-03 15:42 <DIR> dr------- C:\Documents and Settings\Administrator\Ulubione
2008-01-03 15:42 . 2008-01-03 15:44 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit
2008-01-03 15:42 . 2008-01-03 15:42 <DIR> d-------- C:\Documents and Settings\Administrator\Menu Start
2008-01-02 14:34 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-30 19:14 . 2007-12-30 19:14 <DIR> d-------- C:\Program Files\D-Tools
2007-12-30 19:14 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-12-30 19:14 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-12-30 19:11 . 2007-12-30 19:11 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-12-28 00:48 . 2007-12-28 10:52 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-28 00:32 . 2007-12-28 00:32 <DIR> d-------- C:\Program Files\GameSpy Arcade
2007-12-25 19:10 . 2007-12-25 19:10 <DIR> d-------- C:\WINDOWS\system32\Nowy folder
2007-12-24 14:09 . 2007-12-24 18:30 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-24 14:09 . 2007-12-24 18:30 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-24 14:08 . 2007-12-24 14:08 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-12-24 14:08 . 2008-01-04 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2007-12-24 14:08 . 2008-01-04 17:52 4,069,664 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-24 14:08 . 2008-01-04 17:52 80,928 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-24 14:08 . 2008-01-04 17:51 56,600 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-24 14:08 . 2008-01-04 17:51 9,680 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-24 14:04 . 2007-12-24 14:04 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2007-12-24 11:34 . 2007-12-24 11:39 20,101 --a------ C:\WINDOWS\system32\cx.exe
2007-12-24 08:32 . 2007-12-24 08:32 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2007-12-24 08:32 . 2007-12-24 08:33 <DIR> d-------- C:\Program Files\TuneUp Utilities 2007
2007-12-24 08:32 . 2007-12-24 08:32 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-24 08:32 . 2007-12-24 08:32 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\TuneUp Software
2007-12-24 08:32 . 2007-12-24 08:32 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\TuneUp Software
2007-12-24 08:32 . 2007-05-16 09:41 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-12-24 08:06 . 2007-12-24 08:14 20,102 --a------ C:\WINDOWS\system32\dfs.exe
2007-12-24 07:13 . 2007-12-29 21:47 <DIR> d-------- C:\Program Files\dfrerter
2007-12-24 07:10 . 2007-12-24 11:18 625,789 --a------ C:\WINDOWS\system32\dfsdfs.exe
2007-12-23 23:51 . 2007-12-24 08:43 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-12-23 23:51 . 2007-12-23 23:51 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\PC Tools
2007-12-23 23:51 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-23 23:51 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-23 23:51 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-23 23:51 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-23 22:54 . 2007-12-23 22:54 20,117 --a------ C:\WINDOWS\system32\cgdfs.exe
2007-12-23 17:56 . 2008-01-03 15:56 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne
2007-12-23 17:56 . 2007-12-23 18:01 <DIR> d-------- C:\Documents and Settings\Administrator\Szablony
2007-12-23 17:56 . 2007-12-23 18:01 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji
2007-12-23 10:41 . 2007-12-27 00:24 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-22 16:48 . 2007-12-22 16:48 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-22 16:48 . 2007-12-22 16:48 <DIR> d-------- C:\Program Files\Ahead
2007-12-22 16:48 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-12-22 16:48 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-12-22 16:48 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-12-22 16:48 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-12-22 16:48 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-12-22 16:48 . 2006-01-12 16:40 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-22 16:48 . 2005-09-01 12:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-12-22 16:48 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-12-22 16:48 . 2005-09-01 12:03 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-12-21 15:26 . 2007-12-21 15:26 269,334 --a------ C:\WINDOWS\system32\epsbat.bmp
2007-12-21 15:19 . 2007-12-21 15:19 269,334 --a------ C:\WINDOWS\system32\ihkred.bmp
2007-12-21 13:29 . 2007-12-21 13:29 269,334 --a------ C:\WINDOWS\system32\ehcfml.bmp
2007-12-21 13:19 . 2007-12-21 13:19 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-12-21 13:14 . 2007-12-21 13:14 269,334 --a------ C:\WINDOWS\system32\cfqtgr.bmp
2007-12-21 12:55 . 2007-12-21 12:55 269,334 --a------ C:\WINDOWS\system32\lcnidojahsnih.bmp
2007-12-21 11:03 . 2007-12-21 11:03 269,334 --a------ C:\WINDOWS\system32\dgnmdkred.bmp
2007-12-21 10:11 . 2007-12-21 10:12 109 --ahs---- C:\WINDOWS\system32\2958199783.dat
2007-12-21 08:11 . 2007-12-21 08:11 269,334 --a------ C:\WINDOWS\system32\nelgbehkn.bmp
2007-12-21 08:09 . 2007-12-21 08:09 269,334 --a------ C:\WINDOWS\system32\apgrmhsrepor.bmp
2007-12-20 23:04 . 2007-12-20 23:04 269,334 --a------ C:\WINDOWS\system32\cbmlofqd.bmp
2007-12-16 17:16 . 2007-12-29 21:50 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-12-16 17:10 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-12-14 21:00 . 2008-01-03 19:46 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\skypePM
2007-12-14 21:00 . 2007-12-14 21:00 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2007-12-14 20:58 . 2008-01-03 19:46 <DIR> d-------- C:\Documents and Settings\Dom\Dane aplikacji\Skype
2007-12-14 20:57 . 2007-12-14 20:57 <DIR> d-------- C:\Program Files\Skype
2007-12-14 20:57 . 2007-12-14 20:57 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-12-13 21:57 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
2007-12-13 21:57 . 2003-08-25 18:06 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
2007-12-13 20:13 . 2007-12-13 21:50 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-12-13 19:27 . 2007-12-14 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype
2007-12-13 18:37 . 2003-12-11 11:15 1,230,336 -ra------ C:\WINDOWS\system32\MSXML4.dll
2007-12-13 18:37 . 2003-12-11 11:15 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll
2007-12-13 18:37 . 2003-12-11 11:15 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll
2007-12-13 18:37 . 2003-12-11 11:15 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll
2007-12-13 18:37 . 2003-12-11 11:15 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll
2007-12-13 18:37 . 2003-12-11 11:15 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll
2007-12-13 18:03 . 2007-12-13 20:13 <DIR> d-------- C:\Program Files\HP
2007-12-10 22:23 . 2007-12-13 20:09 553,479 --a------ C:\WINDOWS\hpdj3740.hi2
2007-12-10 22:23 . 2007-12-13 20:09 10,645 --a------ C:\WINDOWS\hpdj3740.bu2
2007-12-09 22:57 . 2007-12-13 21:51 767,078 --a------ C:\WINDOWS\hpdj3740.hi1
2007-12-09 22:57 . 2007-12-13 21:51 10,901 --a------ C:\WINDOWS\hpdj3740.bu1
2007-12-09 22:50 . 2007-12-13 21:57 8,455 --a------ C:\WINDOWS\hpdj3740.his
2007-12-09 22:50 . 2007-12-13 21:57 1,733 --a------ C:\WINDOWS\hpdj3740.ini
2007-12-09 15:24 . 2007-12-09 15:25 <DIR> d-------- C:\Program Files\BearShare Applications
2007-12-09 15:24 . 2006-11-12 11:39 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
2007-12-08 23:44 . 2007-12-26 23:15 <DIR> d-------- C:\Program Files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 14:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 16:51 --------- d-----w C:\Program Files\Trend Micro
2007-12-10 15:45 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-08 12:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-07 19:21 89,984 ----a-w C:\WINDOWS\system32\drivers\sptd3021.sys
2007-12-07 19:21 664,064 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-07 19:20 --------- d-----w C:\Program Files\SubEdit-Player
2007-12-07 19:17 --------- d-----w C:\Program Files\Winamp
2007-12-07 19:13 --------- d-----w C:\Program Files\Microsoft.NET
2007-12-07 19:13 --------- d-----w C:\Program Files\Microsoft Works
2007-12-07 19:05 --------- d-----w C:\Program Files\ATI Technologies
2007-12-07 18:50 --------- d-----w C:\Program Files\ASUS
2007-12-07 18:48 --------- d-----w C:\Program Files\Analog Devices
2007-12-07 18:43 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-07 18:40 --------- d-----w C:\Program Files\Usługi online
2001-10-26 17:29 502,784 --sh--r C:\WINDOWS\system32\azwkpo.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-02_14.48.55.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-02 02:44:46 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-03 14:43:41 380,928 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-01-03 14:43:41 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-02 02:44:46 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-03 14:43:35 380,928 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-01-03 14:43:35 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2007-12-31 09:43:58 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-03 20:44:15 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-02 13:35:41 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2008-01-04 16:36:19 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
- 2007-12-31 09:43:58 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-01-03 20:44:15 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\index.dat
+ 2008-01-03 20:44:15 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-25 14:46:28 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-04 16:27:41 40,128 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-25 14:46:28 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat
+ 2008-01-04 16:27:42 49,712 ----a-w C:\WINDOWS\system32\perfc015.dat
- 2007-12-25 14:46:28 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-04 16:27:42 311,740 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2007-12-25 14:46:28 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat
+ 2008-01-04 16:27:42 355,830 ----a-w C:\WINDOWS\system32\perfh015.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 11:54 2131392]
"MicroSoft Visual SP2"="igfxsrvc32.exe" [2008-01-04 13:12 548864 C:\WINDOWS\system32\igfxsrvc32.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MicroSoft Visual SP2"="igfxsrvc32.exe" [2008-01-04 13:12 548864 C:\WINDOWS\system32\igfxsrvc32.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-28 21:00 315392]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"WinDLL (msygl32.exe)"="C:\WINDOWS\System32\msygl32.exe" [2008-01-03 19:00 1204224]
"MicroSoft Visual SP2"="igfxsrvc32.exe" [2008-01-04 13:12 548864 C:\WINDOWS\system32\igfxsrvc32.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MicroSoft Visual SP2"="igfxsrvc32.exe" [2008-01-04 13:12 548864 C:\WINDOWS\system32\igfxsrvc32.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"MicroSoft Visual SP2"="igfxsrvc32.exe" [2008-01-04 13:12 548864 C:\WINDOWS\system32\igfxsrvc32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-10-26 18:29 13312]
"Microsoft Windows Updeta"="kfgbcg.exe" []
"HOT FIX"="Gothic.exe" []
"Microsoft Winedows rpdate"="zpacdh.exe" []
"MicroSoft Visual SP2"="igfxsrvc32.exe" [2008-01-04 13:12 548864 C:\WINDOWS\system32\igfxsrvc32.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"MicroSoft Visual SP2"="igfxsrvc32.exe" [2008-01-04 13:12 548864 C:\WINDOWS\system32\igfxsrvc32.exe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bfj36.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fjm72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiVirusPro]
C:\Program Files\AntiVirusPro\AntiVirusPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2001-10-26 18:29 13312 --a------ C:\WINDOWS\System32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmona]
C:\WINDOWS\System32\ctfmona.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
C:\Program Files\Gadu-Gadu\gg.exe /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 08:38 241664 --a------ C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-18 18:55 49152 --a------ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-03-04 16:46 172032 --a------ C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Firewall Layer]
tsqla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MicroSoft Legal Syst3m32]
Syst3m32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Updeta]
kfgbcg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NETIANET]
C:\Program Files\Netia\Net\netianet.exe -auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe /icon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysrest32.exe]
C:\WINDOWS\System32\sysrest32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDLL (mysnlive.exe)]
rundll32.exe C:\WINDOWS\System32\mysnlive.exe,start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDLL (vinampd.exe)]
rundll32.exe C:\WINDOWS\System32\vinampd.exe,start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Logon Application]
C:\WINDOWS\System32\winIogon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WintelUpdate]
C:\otfd.exe

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-12-21 13:19]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2001-10-26 18:30]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys [2007-04-04 14:58]
R4 update.microsoft.com;MicroSoft Visual SP2;"C:\WINDOWS\System32\igfxsrvc32.exe" [2008-01-04 13:12]
S0 Bfj36;Bfj36;C:\WINDOWS\System32\Drivers\Bfj36.sys []
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-17 22:03]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 16:17:58 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 17:52:45
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 17:53:47 - machine was rebooted [Dom]
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-04 16:53:38
C:\qoobox\ComboFix2.txt 2008-01-03 14:56:42
C:\qoobox\ComboFix3.txt 2008-01-02 13:49:22

przez **pp3088** » 04 Sty 2008, 21:56

No nie znowu pełno syfu. Znajdź sobie firewalla i antywirusa. Zrób skan i wtedy logi. Pytanie czy użyłeś WWDC?

przez **optimus9292** » 05 Sty 2008, 17:26

Nie użyłem bo za nic nie szło ustawić tych okienek na zielone, a antywirusa i firewalla to mam i to podobno najlepszego bo Kasperskiego. Dodać następne logi czy dać se spokój bo i tak za chwile znowu będzie zawirusowany

przez **pp3088** » 05 Sty 2008, 21:59

Których dokładnie nie dało się zmienić?

Pokaż nowy log. Jeżeli nie będzie nowych robaków, znaczy, żę tamte są resztkami.

przez **optimus9292** » 05 Sty 2008, 22:32

Enable NetBIOS
Daje log ale tym razem z Hijacka, jak cos to proś o inny=)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:04, on 2008-01-05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\igfxsrvc32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Netia\Net\netianet.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\AcroRd32.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinDLL (msygl32.exe)] rundll32.exe C:\WINDOWS\System32\msygl32.exe,start
O4 - HKLM\..\Run: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKLM\..\RunServices: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKLM\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKCU\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1757981266-1343024091-725345543-1003\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray (User '?')
O4 - HKUS\S-1-5-21-1757981266-1343024091-725345543-1003\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [MicroSoft Visual SP2] igfxsrvc32.exe (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE59346C-5E89-47E8-A922-EC0502647C49}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4914 bytes

Słyszałem że Kaspersy jest najlepszy, ale jak jest jeszcze jakiś godny polecenia to mów bo niedługo kończy mi się okres 30 dniowy i nie wiem czy wykupować licencje

przez **pp3088** » 06 Sty 2008, 01:31

Kaspersky jest dobry, ale nie ma niczego co daje 100% ochronę.

Usuń te pliki:
-C:\WINDOWS\System32\igfxsrvc32.exe
-C:\WINDOWS\System32\msygl32.exe

przez **optimus9292** » 06 Sty 2008, 14:53

Ten pierwszy usunąłem,a tego drugiego to nie ma

przez **bilinek** » 06 Sty 2008, 17:48

Nie znam się na tym za bardzo ale przesyłam dane:

ComboFix 08-01-04.1 - Karczma 2008-01-06 13:06:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.493 [GMT 1:00]
Running from: C:\Documents and Settings\Karczma\Pulpit\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\myglobalsearch
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\temp\RKeula2.rtf
C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml
C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\SSSInst\bin\SSSUninst.exe
C:\Program Files\screensavers.com\SSSInst\temp\dmAB.tmp.exe
C:\Program Files\screensavers.com\Wallpaper\Belize - Half Moon Caye.jpg
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\WINDOWS\exefld
C:\WINDOWS\system32\.exe
C:\WINDOWS\system32\nsk281.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.

2008-01-06 13:06 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 12:42 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-31 18:05 . 2008-01-01 12:54 13,030 --a------ C:\PDOXUSRS.NET
2007-12-31 18:04 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL
2007-12-31 18:04 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL
2007-12-25 00:22 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-12-18 15:46 . 2007-12-18 15:46 319,488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll
2007-12-17 23:24 . 2007-12-17 23:24 <DIR> dr-h----- C:\MSOCache
2007-12-17 00:07 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-12-17 00:03 . 2007-12-17 00:03 <DIR> d-------- C:\Program Files\MSBuild
2007-12-17 00:03 . 2007-12-17 00:03 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-17 00:01 . 2007-12-17 00:01 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-16 23:56 . 2007-12-17 00:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2007-12-13 22:58 . 2007-12-13 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\espionServerData
2007-12-09 23:46 . 2007-12-09 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\FLEXnet
2007-12-09 23:43 . 2007-12-09 23:43 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-12-09 23:39 . 2007-12-09 23:38 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-12-07 10:31 . 2007-12-07 10:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avery
2007-12-07 00:24 . 2007-12-07 00:24 10 --a------ C:\WINDOWS\system32\810429tv4-test.jun
2007-12-06 10:44 . 2007-12-06 13:44 <DIR> d-------- C:\Downloads
2007-12-06 10:44 . 2007-12-06 10:44 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 11:56 --------- d-----w C:\Program Files\Neostrada TP
2008-01-05 10:04 --------- d-----w C:\Documents and Settings\Karczma\Dane aplikacji\uTorrent
2008-01-02 14:07 --------- d-----w C:\Program Files\QuickTime
2008-01-01 21:53 --------- d-----w C:\Program Files\ASTRA32
2008-01-01 11:44 --------- d-----w C:\Program Files\UPSMON
2007-12-28 23:27 --------- d-----w C:\Documents and Settings\Karczma\Dane aplikacji\Skype
2007-12-16 13:10 --------- d-----w C:\Documents and Settings\Karczma\Dane aplikacji\Apple Computer
2007-12-09 22:43 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-07 09:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-29 13:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-26 15:52 --------- d-----w C:\Documents and Settings\Karczma\Dane aplikacji\Corel
2007-11-22 17:22 --------- d-----w C:\Program Files\iTunes
2007-11-22 17:22 --------- d-----w C:\Program Files\iPod
2007-11-22 16:09 --------- d-----w C:\Program Files\Winamp Toolbar
2007-11-22 16:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 23:51 --------- d-----w C:\Program Files\DAEMON Tools Pro
2007-11-12 23:49 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-11-12 23:49 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-11-12 22:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Pro
2007-11-12 22:02 --------- d-----w C:\Documents and Settings\Karczma\Dane aplikacji\DAEMON Tools Pro
2007-11-12 21:43 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-11-12 20:50 --------- d-----w C:\Program Files\VirtualDJ
2007-11-12 20:35 --------- d-----w C:\Program Files\BearShare applications
2007-11-12 15:27 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2007-06-02 18:35 989 -c--a-w C:\Program Files\INSTALL.LOG
2007-03-19 18:13 6,422,611 -c--a-w C:\Program Files\frostwire-4.13.1.6.windows.exe
2002-10-14 08:01 493,377 -c--a-w C:\Program Files\Norton Andre - Free Traders 1 - Księżyc trzech pierścieni.rtf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-18 15:46 319488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{37B85A29-692B-4205-9CAD-2626E4993404}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A}
{4596013B-6C31-408B-A266-DEAE5C086DC2}
{41C29B07-6F91-4966-91BE-2E2841643C83}
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

[HKEY_CLASSES_ROOT\clsid\{41c29b07-6f91-4966-91be-2e2841643c83}]
[HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic.1]
[HKEY_CLASSES_ROOT\TypeLib\{6B4FA1DD-A353-49F8-A650-79C21D6B4824}]
[HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:44 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456]
"Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 15:36 2111176]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-12 01:29 443968]
"MagicSpeedSchedule"="C:\Program Files\Smart PC Solutions\Magic Speed\MagicSpeedSchedule.exe" [2007-04-17 10:29 348160]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 14:08 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2005-04-14 05:35 73728]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-02-13 14:05 7557120]
"nwiz"="nwiz.exe" [2006-02-13 14:05 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-02-13 14:05 86016]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"UPSMON"="C:\Program Files\UPSMON\UPSMON.EXE" [2005-11-25 15:05 429568]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"FineReader7NewsReaderPro"="D:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-09-12 00:15 278528]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]
"WOOTASKBARICON"="C:\Program Files\Neostrada TP\taskbaricon.exe" [2003-10-16 18:07 53248]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-19 00:01 185896]
"Onet.pl AutoUpdate"="C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe" [2006-02-08 15:40 260096]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 15:17 159744]
"RemoteControl"="d:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"postSetupCheck"="C:\WINDOWS\system32\gzmrt.dll" [ ]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Adobe Photo Downloader"="D:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-10-02 14:45 67488]
"GrooveMonitor"="D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22 35328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"msvcc25"="svcchost.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-04-17 20:34:03]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-02-27 14:58:20]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
HP Image Zone - szybkie uruchamianie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;D:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-08-22 06:36]
S2 MSDisk;Network helper Service;"C:\WINDOWS\System32\irdvxc.exe" []
S2 MSWindows;Network Windows Service;"C:\WINDOWS\System32\urdvxc.exe" []
S3 Asushwio;Asushwio;C:\WINDOWS\System32\drivers\Asushwio.sys [2004-04-27 08:26]
S3 KS-959;MA-620 USB Infrared Adapter;C:\WINDOWS\system32\DRIVERS\KS-959.sys [2005-10-22 09:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab7036ce-c105-11db-b863-4d6564696130}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs

.
Contents of the 'Scheduled Tasks' folder
"2007-12-13 16:33:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 13:09:54
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

przez **pp3088** » 06 Sty 2008, 23:10

www.instalki.pl/programy/download/narze ... illBox.php

W polu na ścieżke dajesz:
C:\WINDOWS\system32\pxcpyi64.exe
C:\WINDOWS\system32\810429tv4-test.jun
C:\WINDOWS\System32\svcchost.exe
C:\WINDOWS\System32\urdvxc.exe
C:\WINDOWS\system32\gzmrt.dll

i naciszkasz czerwony X

jak nie działa to z opcji nr. 2 Kill on reboot.

przez **optimus9292** » 07 Sty 2008, 16:25

nie idzie z tym krzyżykiem wyskakuje This file does not seem to exist a tego całego Kill on rebot nie moge znaleźć

przez **pp3088** » 07 Sty 2008, 17:12

This file does not seem to exist=Nie ma tego pliku.

Czy widać jakies polepszenie?

przez **optimus9292** » 07 Sty 2008, 18:16

No w ostatnim czasie nie było już restartowania systemu, a komputer chodzi trochę wolno ale idzie znieść,właściwie to jest o wiele lepiej niż było :grin:

Saser-prosze o sprawdzenie loga

Saser-prosze o sprawdzenie loga

Proszę o sprawdzenie mojgeo "log"

Kto jest na forum