
Uprzedzam ze pisze bez polskich znakow bo tak szybciej.
Pisze za kolege ktoremu probowalem pomoc jednak wysiadam juz i przekaze to Wam

Kolega ma problem kiedy gra. Po graniu powyzej 10 minut komp zamoistnie mu sie resetuje. Wyczyscil procesor tak jak mu kazalem, dal mi log z hijackthisa i na awaryjce wyczyscil syf. Przejechal kompa Spybotem i rejestr EasyCleanerem. Do tego zrobil scan Combofixem. Temperatury ma normalne. Antywirus -> Kaspersky aktualizowany. svchost niezaburzony.... pozamykal porty wwdc i tym drugim programem (nie pamietam nazwy). Po necie buszuje przez Opere.
Ma najnowsze stery do swojej karty, Dx9.0c
W czym lezy problem ? Bo juz nieogarniam.
Zalaczam starego loga z Combofixa, w ktorym to wyraznie widac co wywalil ten program:
ComboFix 08-02-24.4 - Piotrek 2008-02-24 16:25:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.643 [GMT 1:00]
Running from: C:\Documents and Settings\Piotrek\Pulpit\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\video activex access
C:\Program Files\video activex access\ot.ico
C:\Program Files\video activex access\ts.ico
C:\Program Files\video activex access\uninst.exe
C:\Program Files\VirusProtectPro 3.7
C:\Program Files\VirusProtectPro 3.7\VirusProtectPro 3.7.exe
C:\Program Files\VirusProtectPro 3.7\vpp.ini
.
((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 )))))))))))))))))))))))))))))))
.
2008-02-20 21:01 . 2008-02-20 21:01 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-02-20 21:01 . 2008-02-20 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar
2008-02-20 21:00 . 2008-02-20 21:01 <DIR> d-------- C:\Program Files\Winamp Remote
2008-02-20 21:00 . 2008-02-20 21:01 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks
2008-02-20 20:51 . 2008-02-21 18:18 <DIR> d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\Winamp
2008-02-18 12:12 . 2008-02-18 12:12 <DIR> d-------- C:\Program Files\SAGEM
2008-02-18 12:12 . 2004-01-07 08:29 261,964 --a------ C:\WINDOWS\system32\drivers\rtbldep3.bnm
2008-02-17 16:04 . 2004-08-12 04:40 28,672 -ra------ C:\WINDOWS\system32\adinst32.dll
2008-02-14 04:55 . 2008-02-14 04:55 <DIR> d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\InstallShield
2008-02-14 01:35 . 2008-02-24 15:56 <DIR> d-------- C:\Program Files\SpeedFan
2008-02-14 01:35 . 2008-02-14 01:35 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-02-13 15:44 . 2003-07-20 19:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-02-13 15:44 . 2005-01-04 10:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-02-12 23:51 . 2008-02-12 23:51 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-02-12 23:45 . 2008-02-12 23:45 1,814 --a------ C:\WINDOWS\ATICIM.INI
2008-02-12 22:47 . 2008-02-18 14:54 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-12 22:47 . 2008-02-18 14:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-02-12 22:29 . 2008-02-12 22:29 <DIR> d-------- C:\Key
2008-02-12 22:27 . 2008-02-12 22:27 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-02-12 22:27 . 2008-02-24 15:06 5,096,480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-12 22:27 . 2008-02-24 15:01 103,968 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-12 22:27 . 2008-02-23 22:32 68,612 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-12 22:27 . 2008-02-23 22:32 9,692 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-11 03:03 . 2008-02-11 03:03 <DIR> d-------- C:\Documents and Settings\Piotrek\.thumbnails
2008-02-10 23:05 . 2008-02-11 03:45 <DIR> d-------- C:\Documents and Settings\Piotrek\Dane aplikacji\gtk-2.0
2008-02-10 23:04 . 2008-02-11 03:53 <DIR> d-------- C:\Documents and Settings\Piotrek\.gimp-2.4
2008-02-10 04:07 . 2008-02-10 04:07 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-07 21:51 . 2008-02-07 21:53 <DIR> d--h----- C:\Documents and Settings\Piotrek\igLoader Files
2008-02-07 21:50 . 2008-02-07 21:50 442,936 --a------ C:\igLoader_setup.exe
2008-02-07 21:44 . 2008-02-07 21:44 45,056 --a------ C:\WINDOWS\NCUNINST.EXE
2008-02-07 21:43 . 2008-02-07 21:43 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-02-06 22:13 . 2008-02-06 22:14 2,838,440 --a------ C:\Shockwave_Installer_Slim.exe
2008-01-24 18:49 . 2008-01-24 18:49 106,496 --a------ C:\WINDOWS\DIIUnin.exe
2008-01-24 18:49 . 2008-01-24 19:03 26,226 --a------ C:\WINDOWS\DIIUnin.dat
2008-01-24 18:49 . 2008-01-24 18:49 2,829 --a------ C:\WINDOWS\DIIUnin.pif
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 15:06 --------- d-----w C:\Program Files\Neostrada TP
2008-02-24 14:11 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-18 11:12 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-02-18 11:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-24 17:58 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-01-24 17:58 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-01-24 17:58 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-01-19 17:28 --------- d-----w C:\Documents and Settings\Piotrek\Dane aplikacji\Teewars
2008-01-16 18:47 0 ----a-w C:\Documents and Settings\Piotrek\iphist.dat
2008-01-03 22:41 --------- d-----w C:\Documents and Settings\Piotrek\Dane aplikacji\Tibia
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-20 20:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-07 01:08 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:42 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-12-13 17:49 1185120 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-10 15:36 2111176]
"AQQ"="D:\AQQ\AQQ.exe" [2007-02-28 13:18 2351864]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 21:02 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kav"="D:\Kaspersky\avp.exe" [2006-03-24 19:09 139367]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07 53248]
"WinampAgent"="D:\Nowy folder\WinaMP3\Winamp\winampa.exe" [2008-01-15 23:54 37376]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-02-18 12:12:14 962661]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-05-10 11:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HydraVisionDesktopManager]
--a------ 2003-09-15 21:00 270336 C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra------ 2005-04-27 12:22 589824 C:\Program Files\VIA\RAID\raid_tool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-03-26 14:40 794624 C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-04-01 10:52 1368064 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"D:\\Soldat\\Soldat.exe"=
"D:\\AQQ\\AQQ.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"D:\\Kaspersky\\avp.exe"=
"D:\\Real War\\RealWar.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"D:\\Cs 1.6 NON STEAM\\hl.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"11718:TCP"= 11718:TCP:BitComet 11718 TCP
"11718:UDP"= 11718:UDP:BitComet 11718 UDP
S3 dump_wmimmc;dump_wmimmc;D:\muuuu\Mu\GameGuard\dump_wmimmc.sys []
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c25a2b41-ef46-11db-a223-806d6172696f}]
\Shell\AutoRun\command - F:\ASUSACPI.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 16:27:32
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-24 16:28:08
ComboFix-quarantined-files.txt 2008-02-24 15:28:05
.
2008-02-14 02:02:04 --- E O F ---
Konieczny jest SDfix ? Bo nie wiem czy mu dawac to ?
Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:40:18, on 2008-02-24
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Kaspersky\avp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Kaspersky\avp.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
D:\Nowy folder\WinaMP3\Winamp\winampa.exe
D:\AQQ\AQQ.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
D:\Nowy folder\WinaMP3\Winamp\winamp.exe
D:\Nowy folder\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [kav] "D:\Kaspersky\avp.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Nowy folder\WinaMP3\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [AQQ] D:\AQQ\AQQ.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - Startup: Last.fm Helper.lnk = D:\Last.fm\LastFMHelper.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Kaspersky\scieplugin.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD3F2811-26E8-4B18-9F79-F26039FD07D7}: NameServer = 194.204.152.34 217.98.63.164
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - D:\Kaspersky\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe