komputer sam się uruchamia ponowanie :|

**Posty:** 19 · przez **mrpablo** 15 Maj 2007, 11:42

Witam, z góry przepraszam jeśli to nie ten dział.

A więc tak, coś dziwnego dzieje się z moim komputerem. Po około 20min od jego włączenia pojawia się jakiś komunikat o "Zamykanie systemu". Następuje odliczanie od 1min i komputer uruchamia się ponownie. W tym okienku jest napisane, żebym zapisał wszystkie niezapisane zmiany itd.

EDIT
Jest także napisane, że zostaje to zainicjowane przez Zarządzanie NT/ coś tam, coś tam. Podczas tego odliczania nic nie mogę robić, nawet zrzutu ekranu, bo jak próbuje odpalić jakiś program graficzny to jest napisane, że serwer jest zajęty

. O co chodzi? Jak to naprawić?

EDIT2
Dodam jeszcze, że gdy przeskanowałem komputer Kaspersky to znalazł coś takiego:

**Posty:** 18165 · przez **wojtas** 15 Maj 2007, 12:39

sciagnij:

http://www.firewallleaktester.com/tools/wwdc.exe

i zastosuj tak jak na screnie:

http://forum.programosy.pl/prosze-o-sprawdzenie-loga-vt27554.html?highlight=enable

oraz daj logi wedlug opisu:

http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

**Posty:** 19 · przez **mrpablo** 15 Maj 2007, 13:06

Kod: Zaznacz wszystko: Logfile of HijackThis v1.99.1 Scan saved at 12:46:05, on 2007-05-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\tlntsvr.exe C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe C:\Documents and Settings\master\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: 89.161.73.236 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {26934EF7-FDD9-4865-A003-FC96C00E38E8} - C:\WINDOWS\system32\pmnlmli.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [Error Safe] C:\Program Files\Error Safe Free\ers.exe /scan O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Kaspersky] C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKCU\..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min O4 - HKCU\..\Run: [scvhost] c:\windows\system\scvhost.exe O4 - HKCU\..\Run: [Rurb] "C:\WINDOWS\WNSXS~1\smss.exe" -vt yazb O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: UniSpiker-2.6.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll O20 - Winlogon Notify: pmnlmli - C:\WINDOWS\SYSTEM32\pmnlmli.dll O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing) O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

A z tym programem WWDC co mam zrobić? Jak go włączyłem to pojawiło się coś takiego:

**Posty:** 8694 · przez **Red** 15 Maj 2007, 13:08

mrpablo na skrenie masz miec wszystko ustawione na enable,klikasz w przycisk obok czerwonego krzyzyka.....a masz ich 3

http://forum.programosy.pl/prosze-o-sprawdzenie-loga-vt27554.html?highlight=enable

**Posty:** 19 · przez **mrpablo** 15 Maj 2007, 13:34

No teraz mam coś takiego:

Zrobiłem restart i dalej jedno jest żółte.

A z tymi logami ma coś robić?

**Posty:** 8694 · przez **Red** 15 Maj 2007, 13:35

mrpablo napisał(a):Zrobiłem restart i dalej jedno jest żółte.

czasem tak jest ,wiec nie ruszaj tego ,bo i tak się nie zmieni.....

**Posty:** 19 · przez **mrpablo** 15 Maj 2007, 13:44

Czyli już wszystko będzie normalnie działać czy ma coś jeszcze zrobić??? Bo póki co jeszcze nie było tego komunikatu :banan:

.
EDIT
A jednak dalej jest problem

. Pisało tam jeszcze:

Proces systemowy
C:\WINDOWS\system32\services.exe
coś tam, coś tam dalej

**Posty:** 8694 · przez **Red** 15 Maj 2007, 13:49

masz syf niestety ,do usuniecia:

O2 - BHO: (no name) - {26934EF7-FDD9-4865-A003-FC96C00E38E8} - C:\WINDOWS\system32\pmnlmli.dll
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O4 - HKLM\..\Run: [Error Safe] C:\Program Files\Error Safe Free\ers.exe /scan
O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min
O4 - HKCU\..\Run: [scvhost] c:\windows\system\scvhost.exe>>nie pomyl wpisu
O4 - HKCU\..\Run: [Rurb] "C:\WINDOWS\WNSXS~1\smss.exe" -vt yazb
O20 - Winlogon Notify: pmnlmli - C:\WINDOWS\SYSTEM32\pmnlmli.dll
O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing)
O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll

obowiązkowo zastosuj:

http://forum.programosy.pl/trudne-przypadki-i-metody-usuwania-vt41947.html
z opcji 2

oraz

http://www.atribune.org/downloads/VundoFix.exe

http://securityresponse.symantec.com/avcenter/FixVundo.exe

**Posty:** 19 · przez **mrpablo** 15 Maj 2007, 14:27

No to już pousuwałem te logi czy jak to się zwie. Zrobiłem skan tym SmitFraudFix, powstał mi plik tekstowy rapport i co dalej? Mam zrobić Clean? Delate Truseted Zone? Bo wiesz sam link do tutoriala nic nie mówi... mam robić wszystko po kolei?

**Posty:** 8694 · przez **Red** 15 Maj 2007, 14:31

mrpablo napisał(a):Mam zrobić Clean? Delate Truseted Zone? Bo wiesz sam link do tutoriala nic nie mówi...

masz go uruchomic z opcji 2

**Posty:** 19 · przez **mrpablo** 15 Maj 2007, 14:51

Pojawiło się oczyszczanie dysku, potem pytanie "Do you want clean regisrty?" (czy jakoś tak) to dałem Yes. Ale dalej nie wiem czy już wszystko gra sciana

.

Nie wiem czy mam tego trojana Vundo czy nie? Usuwać go czy nie? Sick...

**Posty:** 8694 · przez **Red** 15 Maj 2007, 14:56

jasne ze masz

**Posty:** 19 · przez **mrpablo** 15 Maj 2007, 17:49

Dalej to samo ku*** mać, jak uruchomić ten VudnoFix???????? Zrobiłem skan FixVundo i było napisane, że nie ma virusa!! A komunikat dalej się pojawia!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

EDIT
Teraz to mi nic nie działa, nawet GG i Media playera nie mogę włączyć - jest zaj******.

Pojawiał się też taki (podobny) komunikat:

Ale już sie nie pojawia... Ale tamten drugi dalej jest i komp dalej się sam restartuje :evil:

.

**Posty:** 18165 · przez **wojtas** 15 Maj 2007, 20:51

zastosuj:

smitfraudfix z opcji 2:

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

oraz te skanery po kilka razy w awaryjnym

VundoFix
http://www.atribune.org/ccount/click.php?id=4

VirtumundoBeGone
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

FixVundo
http://securityresponse.symantec.com/avcenter/FixVundo.exe

mrpablo napisał(a):jak uruchomić ten VudnoFix

klikasz myszka 2 razy i dajesz remove vundo

po tych skanach daj nowe logi z hijacka i silent ruuners

http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

**Posty:** 19 · przez **mrpablo** 16 Maj 2007, 19:57

Po instalacji tego VundoFix w katalogu mam takie pliki i nie wiem na który mam kliknąć 2 razy :oops:

.

A jak zrobiłem skan ty FixVundo to było napisane, że nie ma tego virusa na moim kompie.
Teraz komputer sam się resetuje co jakiś czas bez tamtego komunikatu, OMG :cry:

.

**Posty:** 18165 · przez **wojtas** 16 Maj 2007, 19:59

daj nowe logi z hijacka i silent runners

http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

oraz z :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

**Posty:** 19 · przez **mrpablo** 16 Maj 2007, 20:21

Proszę bardzo:

Logfile of HijackThis v1.99.1
Scan saved at 19:59:34, on 2007-05-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\ochrona\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 89.161.73.236
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Kaspersky] C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min
O4 - HKCU\..\Run: [Rurb] "C:\WINDOWS\WNSXS~1\smss.exe" -vt yazb
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: UniSpiker-2.6.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_28.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing)
O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

oraz...

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"PowerBar" = "(empty string)" [file not found]
"NBJ" = "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" ["Ahead Software AG"]
"Error Safe" = ""C:\Program Files\Error Safe Free\ers.exe" /min" [file not found]
"Rurb" = ""C:\WINDOWS\WNSXS~1\smss.exe" -vt yazb" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"RemoteControl" = ""C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Nero AG"]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"ISUSPM Startup" = ""C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup" ["Macrovision Corporation"]
"ISUSScheduler" = ""C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" ["Macrovision Corporation"]
"Kaspersky" = "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe" [file not found]
"DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."]
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"AVP" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"" ["Kaspersky Lab"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Nero AG"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "My Phones"
-> {HKLM...CLSID} = "My Phones"
\InProcServer32\(Default) = "C:\Program Files\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{2F25CF20-C569-11D1-B94C-00608CB45480}" = "TextPad"
-> {HKLM...CLSID} = "TextPad"
\InProcServer32\(Default) = "C:\Program Files\TextPad 4\System\shellext.dll" [file not found]
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer"
-> {HKCU...CLSID} = (no title provided)
\InProcServer32\(Default) = ""C:\Program Files\OpenOffice.ux.pl 2.0\program\shlxthdl.dll"" ["Sun Microsystems, Inc."]
"{6DEA92E9-8682-4b6a-97DE-354772FE5727}" = "Autodesk DWF Preview"
-> {HKLM...CLSID} = "ACDWFTHMBPRXY"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Autodesk Shared\AcDwfThmbPrxy16.dll" ["Autodesk"]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]
"{2F5AC606-70CF-461C-BFE1-734234536262}" = "WindowBlinds CPL Extension"
-> {HKLM...CLSID} = "DisplayCplExt Class"
\InProcServer32\(Default) = "C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbui.dll" ["Stardock.Net, Inc"]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statystyki ochrony WWW"
-> {HKLM...CLSID} = "Statystyki ochrony WWW"
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"0aMCPClient" = "{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"
-> {HKLM...CLSID} = "MCPShellInstantiator Class"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\stardock\MCPCore.dll" ["Stardock"]
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "wbsys.dll" ["Stardock.Net, Inc"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]
<<!>> MCPClient\DLLName = "C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll" ["Stardock"]
<<!>> WBSrv\DLLName = "C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll" ["Stardock Corporation"]
<<!>> winrvc32\DLLName = "winrvc32.dll" [file not found]
<<!>> wudb\DLLName = "C:\WINDOWS\system32\wudb.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" [file not found]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
HexWorkshopContextMenu\(Default) = "{DB34D5DC-D41A-482E-A5EF-8FA0F88761DA}"
-> {HKLM...CLSID} = "Hex Workshop Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\BreakPoint Software\Hex Workshop 4.2\hwext.dll" ["BreakPoint Software, Inc."]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
TextPad\(Default) = "{2F25CF20-C569-11D1-B94C-00608CB45480}"
-> {HKLM...CLSID} = "TextPad"
\InProcServer32\(Default) = "C:\Program Files\TextPad 4\System\shellext.dll" [file not found]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll" ["Kaspersky Lab"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\master\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp"

Startup items in "master" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\master\Menu Start\Programy\Autostart
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"UniSpiker-2.6" -> shortcut to: "C:\Program Files\ivo\UniSpiker-2.6\uni_spiker-2.6.exe" [null data]

Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{37B85A29-692B-4205-9CAD-2626E4993404}"
-> {HKLM...CLSID} = "My Global Search Bar"
\InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" [file not found]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{37B85A29-692B-4205-9CAD-2626E4993404}"
-> {HKLM...CLSID} = "My Global Search Bar"
\InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" [file not found]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{37B85A29-692B-4205-9CAD-2626E4993404}" = (no title provided)
-> {HKLM...CLSID} = "My Global Search Bar"
\InProcServer32\(Default) = "C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL" [file not found]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statystyki ochrony WWW"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll" ["Kaspersky Lab"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statystyki ochrony WWW"

Miscellaneous IE Hijack Points
------------------------------

HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data)
The Internet Explorer version cannot be found!

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
The contents of IERESET.INF cannot be reliably checked!

Added lines (compared with English-language version):
[Strings]: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[Strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

Missing lines (compared with English-language version):
[Strings]: 2 lines

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
Autodesk Licensing Service, Autodesk Licensing Service, ""C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"" ["Autodesk"]
Kaspersky Anti-Virus 6.0, AVP, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r" ["Kaspersky Lab"]

----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 208 seconds.
---------- (total run time: 269 seconds)

Oj sorka, właśnie sam zauważyłem, że ucięty - już PORRAWIONE
Zaraz dodam jeszcze z tego ComboFixa.

**Posty:** 18165 · przez **wojtas** 16 Maj 2007, 20:23

silent jest uciety popraw i daj loga z:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

**Posty:** 19 · przez **mrpablo** 16 Maj 2007, 20:44

"master" - 2007-05-16 20:14:11 Dodatek Service Pack 2
ComboFix 07-05.13.2.V - Running from: ""

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\byxyvur.dll
C:\WINDOWS\system32\gebabax.dll
C:\WINDOWS\system32\qomkkki.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml
C:\Program Files\screensavers.com\Installer\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\Program Files\screensavers.com
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\WINDOWS\WNSXS~1
C:\qoobox\purity\C\WINDOWS\WNSXS~1\smss.exe~
C:\qoobox\purity\C\WINDOWS\WNSXS~1\W?nSxS

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_NM
-------\LEGACY_NPF
-------\nm
-------\NPF
-------\pe386

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-16 ))))))))))))))))))))))))))))))))))

2007-05-15 19:26 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-05-15 19:26 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-15 19:26 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-05-15 17:23 196,608 --a------ C:\WINDOWS\system32\ssleay32.dll
2007-05-15 17:23 1,040,384 --a------ C:\WINDOWS\system32\libeay32.dll
2007-05-15 15:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Spybot - Search & Destroy
2007-05-15 15:25 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-15 14:05 2,940 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-15 13:07 <DIR> d-------- C:\Program Files\ochrona
2007-05-14 23:19 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-05-14 23:19 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-05-14 23:18 5,531,936 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-14 23:18 15,136 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-05-14 23:18 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Kaspersky Lab
2007-05-14 23:04 71,680 --a------ C:\WINDOWS\g142796.exe
2007-05-14 22:42 71,680 --a------ C:\WINDOWS\g262656.exe
2007-05-14 22:15 71,680 --a------ C:\WINDOWS\g143140.exe
2007-05-14 21:45 71,680 --a------ C:\WINDOWS\g31861359.exe
2007-05-14 21:23 71,680 --a------ C:\WINDOWS\g30541578.exe
2007-05-14 21:01 71,680 --a------ C:\WINDOWS\g29219625.exe
2007-05-14 20:39 71,680 --a------ C:\WINDOWS\g27886718.exe
2007-05-14 20:17 71,680 --a------ C:\WINDOWS\g26566265.exe
2007-05-14 19:55 71,680 --a------ C:\WINDOWS\g25245890.exe
2007-05-14 19:33 71,680 --a------ C:\WINDOWS\g23925562.exe
2007-05-14 19:11 71,680 --a------ C:\WINDOWS\g22605296.exe
2007-05-14 18:51 71,680 --a------ C:\WINDOWS\g21404656.exe
2007-05-14 18:29 71,680 --a------ C:\WINDOWS\g20084406.exe
2007-05-14 18:07 71,680 --a------ C:\WINDOWS\g18764062.exe
2007-05-14 17:45 71,680 --a------ C:\WINDOWS\g17450578.exe
2007-05-14 17:23 71,680 --a------ C:\WINDOWS\g16119921.exe
2007-05-14 17:01 71,680 --a------ C:\WINDOWS\g14799265.exe
2007-05-14 16:39 71,680 --a------ C:\WINDOWS\g13479843.exe
2007-05-14 16:17 71,680 --a------ C:\WINDOWS\g12158593.exe
2007-05-14 15:55 71,680 --a------ C:\WINDOWS\g10837843.exe
2007-05-14 15:33 71,680 --a------ C:\WINDOWS\g9517953.exe
2007-05-14 15:11 71,680 --a------ C:\WINDOWS\g8198000.exe
2007-05-14 14:51 71,680 --a------ C:\WINDOWS\g6996921.exe
2007-05-14 14:29 71,680 --a------ C:\WINDOWS\g5676046.exe
2007-05-14 14:07 71,680 --a------ C:\WINDOWS\g4355312.exe
2007-05-14 13:45 71,680 --a------ C:\WINDOWS\g3034812.exe
2007-05-14 13:23 71,680 --a------ C:\WINDOWS\g1714734.exe
2007-05-14 13:01 71,680 --a------ C:\WINDOWS\g394281.exe
2007-05-14 08:24 71,680 --a------ C:\WINDOWS\g1355906.exe
2007-05-14 08:04 71,680 --a------ C:\WINDOWS\g154687.exe
2007-05-14 00:58 71,680 --a------ C:\WINDOWS\g3514921.exe
2007-05-14 00:38 71,680 --a------ C:\WINDOWS\g2314546.exe
2007-05-14 00:16 71,680 --a------ C:\WINDOWS\g994359.exe
2007-05-13 23:55 71,680 --a------ C:\WINDOWS\g6884984.exe
2007-05-13 23:33 71,680 --a------ C:\WINDOWS\g5573203.exe
2007-05-13 23:11 71,680 --a------ C:\WINDOWS\g4241437.exe
2007-05-13 22:49 71,680 --a------ C:\WINDOWS\g2920531.exe
2007-05-13 22:29 71,680 --a------ C:\WINDOWS\g1719390.exe
2007-05-13 22:03 71,680 --a------ C:\WINDOWS\g158218.exe
2007-05-13 21:10 71,680 --a------ C:\WINDOWS\g159843.exe
2007-05-13 20:07 71,680 --a------ C:\WINDOWS\g34138203.exe
2007-05-13 19:45 71,680 --a------ C:\WINDOWS\g32817812.exe
2007-05-13 19:23 71,680 --a------ C:\WINDOWS\g31497546.exe
2007-05-13 19:01 71,680 --a------ C:\WINDOWS\g30176984.exe
2007-05-13 18:41 71,680 --a------ C:\WINDOWS\g28976156.exe
2007-05-13 18:19 71,680 --a------ C:\WINDOWS\g27655812.exe
2007-05-13 17:57 71,680 --a------ C:\WINDOWS\g26335531.exe
2007-05-13 17:35 71,680 --a------ C:\WINDOWS\g25015515.exe
2007-05-13 17:15 71,680 --a------ C:\WINDOWS\g23814796.exe
2007-05-13 16:53 71,680 --a------ C:\WINDOWS\g22494593.exe
2007-05-13 16:33 71,680 --a------ C:\WINDOWS\g21295656.exe
2007-05-13 16:13 71,680 --a------ C:\WINDOWS\g20093000.exe
2007-05-13 15:51 71,680 --a------ C:\WINDOWS\g18772609.exe
2007-05-13 15:29 71,680 --a------ C:\WINDOWS\g17452296.exe
2007-05-13 15:07 71,680 --a------ C:\WINDOWS\g16132046.exe
2007-05-13 14:47 71,680 --a------ C:\WINDOWS\g14931000.exe
2007-05-13 14:25 71,680 --a------ C:\WINDOWS\g13610796.exe
2007-05-13 13:55 71,680 --a------ C:\WINDOWS\g11809734.exe
2007-05-13 13:33 71,680 --a------ C:\WINDOWS\g10488203.exe
2007-05-13 13:11 71,680 --a------ C:\WINDOWS\g9168281.exe
2007-05-13 12:51 71,680 --a------ C:\WINDOWS\g7965875.exe
2007-05-13 12:29 71,680 --a------ C:\WINDOWS\g6645343.exe
2007-05-13 12:07 71,680 --a------ C:\WINDOWS\g5327656.exe
2007-05-13 11:45 71,680 --a------ C:\WINDOWS\g4004718.exe
2007-05-13 11:23 71,680 --a------ C:\WINDOWS\g2682000.exe
2007-05-13 11:01 71,680 --a------ C:\WINDOWS\g1360406.exe
2007-05-13 10:41 71,680 --a------ C:\WINDOWS\g157859.exe
2007-05-13 08:51 71,680 --a------ C:\WINDOWS\g278593.exe
2007-05-13 00:41 71,680 --a------ C:\WINDOWS\g25005781.exe
2007-05-13 00:19 71,680 --a------ C:\WINDOWS\g23685531.exe
2007-05-12 23:59 71,680 --a------ C:\WINDOWS\g22484531.exe
2007-05-12 23:37 71,680 --a------ C:\WINDOWS\g21164750.exe
2007-05-12 23:15 71,680 --a------ C:\WINDOWS\g19844125.exe
2007-05-12 22:53 71,680 --a------ C:\WINDOWS\g18523578.exe
2007-05-12 22:31 71,680 --a------ C:\WINDOWS\g17203343.exe
2007-05-12 22:11 71,680 --a------ C:\WINDOWS\g16003078.exe
2007-05-12 21:48 71,680 --a------ C:\WINDOWS\g14682343.exe
2007-05-12 21:26 71,680 --a------ C:\WINDOWS\g13361875.exe
2007-05-12 21:05 71,680 --a------ C:\WINDOWS\g12042203.exe
2007-05-12 20:42 71,680 --a------ C:\WINDOWS\g10721187.exe
2007-05-12 20:20 71,680 --a------ C:\WINDOWS\g9400937.exe
2007-05-12 20:00 71,680 --a------ C:\WINDOWS\g8200031.exe
2007-05-12 19:38 71,680 --a------ C:\WINDOWS\g6879750.exe
2007-05-12 19:28 <DIR> d-------- C:\Program Files\Ganymede
2007-05-12 19:16 71,680 --a------ C:\WINDOWS\g5559515.exe
2007-05-12 18:54 71,680 --a------ C:\WINDOWS\g4239234.exe
2007-05-12 18:32 71,680 --a------ C:\WINDOWS\g2918890.exe
2007-05-12 18:10 71,680 --a------ C:\WINDOWS\g1598515.exe
2007-05-12 17:48 71,680 --a------ C:\WINDOWS\g277062.exe
2007-05-12 16:10 71,680 --a------ C:\WINDOWS\g157531.exe
2007-05-12 13:13 71,680 --a------ C:\WINDOWS\g10099421.exe
2007-05-12 13:13 33,792 --a------ C:\WINDOWS\system32\wudb.dll
2007-05-12 13:12 26,678 --a------ C:\WINDOWS\system32\pmnlmli.dll.vir
2007-05-09 00:06 <DIR> d-------- C:\Program Files\Joost
2007-05-09 00:06 <DIR> d-------- C:\DOCUME~1\master\DANEAP~1\Joost
2007-05-08 00:28 69,632 --a------ C:\WINDOWS\system32\xmltok.dll
2007-05-08 00:28 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2007-05-05 20:36 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-05-05 20:36 26,096 --a------ C:\WINDOWS\system32\xmlinst.exe
2007-05-05 20:15 <DIR> d-------- C:\WINDOWS\Cache
2007-05-05 19:56 <DIR> d-------- C:\DOCUME~1\master\.thumbnails
2007-05-05 19:54 <DIR> d-------- C:\DOCUME~1\master\.gimp-2.2
2007-05-05 19:53 <DIR> d-------- C:\Program Files\GIMP-2.0
2007-05-05 12:05 <DIR> d-------- C:\DOCUME~1\master\DANEAP~1\Opera
2007-04-28 23:49 <DIR> d-------- C:\Program Files\e frontier
2007-04-28 22:27 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2007-04-28 22:27 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2007-04-28 22:27 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2007-04-28 22:27 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL
2007-04-28 22:27 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2007-04-28 14:33 3,120 --a------ C:\WINDOWS\system32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
2007-04-28 14:33 <DIR> d-------- C:\DOCUME~1\master\DANEAP~1\e frontier
2007-04-28 14:27 <DIR> d-------- C:\Program Files\Manga Studio 3.0 EX Demo
2007-04-27 14:47 <DIR> d-------- C:\Program Files\Audacity
2007-04-27 14:39 34 -rahs---- C:\WINDOWS\system32\WWYMBOOT.DLL
2007-04-27 14:39 <DIR> d-------- C:\Program Files\AST
2007-04-27 14:17 <DIR> d-------- C:\Program Files\aipro
2007-04-25 15:01 <DIR> d-------- C:\WINDOWS\speech
2007-04-25 15:00 <DIR> d-------- C:\Program Files\ivo
2007-04-24 11:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Google
2007-04-22 13:06 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-22 13:06 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-22 13:06 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-04-22 13:06 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-04-22 11:27 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-04-22 11:26 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-04-22 11:26 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-04-20 15:43 <DIR> d-------- C:\Program Files\VirtualDub-1.6.17
2007-04-17 17:27 <DIR> d-------- C:\Program Files\CamStudio

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. ... attempting disinfection
pe386 ...... driver unloaded successfully.
ADS removed - system32: deleted 79094 bytes in 1 streams.

2007-05-14 21:05:41 -------- d-----w C:\DOCUME~1\master\DANEAP~1\OpenOffice.ux.pl2
2007-05-14 18:51:58 -------- d-----w C:\Program Files\mIRC
2007-05-13 19:12:45 -------- d---a-w C:\Program Files\flashFXP
2007-05-12 17:29:19 -------- d-----w C:\DOCUME~1\master\DANEAP~1\GanymedeNet
2007-05-07 22:29:00 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-07 08:46:01 -------- d-----w C:\Program Files\Ahead
2007-05-05 19:24:02 -------- d-----w C:\Program Files\Winamp
2007-05-05 18:36:51 -------- d-----w C:\Program Files\Ubisoft
2007-04-22 20:55:40 -------- d-----w C:\Program Files\XBC
2007-04-22 11:01:02 -------- d-----w C:\Program Files\Windows NT
2007-04-21 16:55:58 -------- d-----w C:\Program Files\Apple Software Update
2007-04-21 15:22:27 -------- d-----w C:\Program Files\WinPcap
2007-04-19 12:16:10 -------- d-----w C:\Program Files\iTunes
2007-04-15 19:32:36 -------- d-----w C:\Program Files\WinAce
2007-04-06 14:34:43 -------- d-----w C:\Program Files\BearShare
2007-04-01 13:04:45 -------- d-----w C:\DOCUME~1\master\DANEAP~1\Apple Computer
2007-04-01 13:04:03 -------- d-----w C:\Program Files\QuickTime
2007-03-31 15:19:01 -------- d-----w C:\Program Files\K700Dateimanager
2007-03-25 08:16:46 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat
2007-03-25 08:16:46 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat
2007-03-22 06:32:57 -------- d-----w C:\Program Files\Common Files\Ahead
2007-03-19 16:27:38 -------- d-----w C:\Program Files\Kaspersky Lab
2007-03-17 13:45:36 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-15 17:03:56 -------- d-----w C:\Program Files\SpywareBlaster
2007-03-09 18:52:52 200,768 ----a-w C:\WINDOWS\system32\klogon.dll
2007-03-08 15:38:47 579,072 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:38:47 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:38:47 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:37:33 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-07 01:21:11 5,766 ----a-w C:\WINDOWS\mozver.dat
2007-03-06 10:58:50 -------- d-----w C:\Program Files\CatchTheSperm2
2007-02-28 22:25:35 6,268 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2007-02-09 12:52:31 56 --sh--r C:\WINDOWS\system32\A2D3AE6D8C.sys
2007-02-08 13:59:57 4 ----a-w C:\WINDOWS\system32\proc1395793746.bin
2007-02-05 20:19:48 185,856 ----a-w C:\WINDOWS\system32\upnphost.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 00:47]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"Kaspersky"="C:\\\\Program Files\\\\Kaspersky Lab\\\\Kaspersky Anti-Virus Personal\\\\kav.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [])
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-12 22:05]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 18:35]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-06-10 16:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30]
"Kaspersky"="C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus Personal\\kav.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 20:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"="" [])
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2003-07-21 19:21]
"Error Safe"="C:\Program Files\Error Safe Free\ers.exe" []
"Rurb"="C:\WINDOWS\WNSXS~1\smss.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"PowerBar"=""
"NBJ"="C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe"
"Error Safe"="\"C:\\Program Files\\Error Safe Free\\ers.exe\" /min"
"Rurb"="\"C:\\WINDOWS\\WNSXS~1\\smss.exe\" -vt yazb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}"="C:\PROGRA~1\COMMON~1\stardock\MCPCore.dll" [2005-05-10 14:31]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrvc32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wudb

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="wbsys.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ersd.sys

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^all users^menu start^programy^autostart^raconfig.lnk
C:\WINDOWS\system32\RaConfig.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
WudfServiceGroup WUDFSvc\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070515-135915-306
O4 - HKLM\..\Run: [Error Safe] C:\Program Files\Error Safe Free\ers.exe /scan
backup-20070515-135915-786
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
backup-20070515-135915-120
O4 - HKCU\..\Run: [scvhost] c:\windows\system\scvhost.exe

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-16 20:21:34
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ?X?????????????????????????????????????????????????????????????|p??|????m??|?`?w????????@X????@?8?@?????@X??c"?s???s??????@?????N'?s<W7?L|?s????????????u??s????????c"?s???s??????@?8?@?N'?s?W7??$@?8?@?8?@??????????W7??B7????s?B7??V7??B7??B7?0i?s????????HW7????

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 2007-05-16 20:22:34 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-16 20:22

Mam nadzieję, że to to

.

**Posty:** 18165 · przez **wojtas** 16 Maj 2007, 21:06

Użyj WWDC :
http://www.firewallleaktester.com/wwdc.htm
Zmień opcje z disable na enable. Uruchom ponownie komputer.
Tak powinny wyglądać porty (NetBIOS może być żółty) :
http://www.firewallleaktester.com/images_site/wwdc.jpg

sciagnij gmera:

http://gmer.net/gmer.zip

Uruchom Gmera, w zakładce Procesy wybierz Gmer awaryjny co objawi się samoczynnym resetem kompa i startem Gmera. Wtedy:

>>> zakładka Procesy i przez opcję Pliki ręcznie skasuj:

C:\WINDOWS\system32\A2D3AE6D8C.sys
C:\WINDOWS\system32\WWYMBOOT.DLL
C:\WINDOWS\system32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
C:\qoobox
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\g142796.exe
C:\WINDOWS\g262656.exe
C:\WINDOWS\g143140.exe
C:\WINDOWS\g31861359.exe
C:\WINDOWS\g30541578.exe
C:\WINDOWS\g29219625.exe
C:\WINDOWS\g27886718.exe
C:\WINDOWS\g26566265.exe
C:\WINDOWS\g25245890.exe
C:\WINDOWS\g23925562.exe
C:\WINDOWS\g22605296.exe
C:\WINDOWS\g21404656.exe
C:\WINDOWS\g20084406.exe
C:\WINDOWS\g18764062.exe
C:\WINDOWS\g17450578.exe
C:\WINDOWS\g16119921.exe
C:\WINDOWS\g14799265.exe
C:\WINDOWS\g13479843.exe
C:\WINDOWS\g12158593.exe
C:\WINDOWS\g10837843.exe
C:\WINDOWS\g9517953.exe
C:\WINDOWS\g8198000.exe
C:\WINDOWS\g6996921.exe
C:\WINDOWS\g5676046.exe
C:\WINDOWS\g4355312.exe
C:\WINDOWS\g3034812.exe
C:\WINDOWS\g1714734.exe
C:\WINDOWS\g394281.exe
C:\WINDOWS\g1355906.exe
C:\WINDOWS\g154687.exe
C:\WINDOWS\g3514921.exe
C:\WINDOWS\g2314546.exe
C:\WINDOWS\g994359.exe
C:\WINDOWS\g6884984.exe
C:\WINDOWS\g5573203.exe
C:\WINDOWS\g4241437.exe
C:\WINDOWS\g2920531.exe
C:\WINDOWS\g1719390.exe
C:\WINDOWS\g158218.exe
C:\WINDOWS\g159843.exe
C:\WINDOWS\g34138203.exe
C:\WINDOWS\g32817812.exe
C:\WINDOWS\g31497546.exe
C:\WINDOWS\g30176984.exe
C:\WINDOWS\g28976156.exe
C:\WINDOWS\g27655812.exe
C:\WINDOWS\g26335531.exe
C:\WINDOWS\g25015515.exe
C:\WINDOWS\g23814796.exe
C:\WINDOWS\g22494593.exe
C:\WINDOWS\g21295656.exe
C:\WINDOWS\g20093000.exe
C:\WINDOWS\g18772609.exe
C:\WINDOWS\g17452296.exe
C:\WINDOWS\g16132046.exe
C:\WINDOWS\g14931000.exe
C:\WINDOWS\g13610796.exe
C:\WINDOWS\g11809734.exe
C:\WINDOWS\g10488203.exe
C:\WINDOWS\g9168281.exe
C:\WINDOWS\g7965875.exe
C:\WINDOWS\g6645343.exe
C:\WINDOWS\g5327656.exe
C:\WINDOWS\g4004718.exe
C:\WINDOWS\g2682000.exe
C:\WINDOWS\g1360406.exe
C:\WINDOWS\g157859.exe
C:\WINDOWS\g278593.exe
C:\WINDOWS\g25005781.exe
C:\WINDOWS\g23685531.exe
C:\WINDOWS\g22484531.exe
C:\WINDOWS\g21164750.exe
C:\WINDOWS\g19844125.exe
C:\WINDOWS\g18523578.exe
C:\WINDOWS\g17203343.exe
C:\WINDOWS\g16003078.exe
C:\WINDOWS\g14682343.exe
C:\WINDOWS\g13361875.exe
C:\WINDOWS\g12042203.exe
C:\WINDOWS\g10721187.exe
C:\WINDOWS\g9400937.exe
C:\WINDOWS\g8200031.exe
C:\WINDOWS\g6879750.exe
C:\Program Files\Ganymede
C:\WINDOWS\g5559515.exe
C:\WINDOWS\g4239234.exe
C:\WINDOWS\g2918890.exe
C:\WINDOWS\g1598515.exe
C:\WINDOWS\g277062.exe
C:\WINDOWS\g157531.exe
C:\WINDOWS\g10099421.exe
C:\WINDOWS\system32\wudb.dll
C:\WINDOWS\system32\pmnlmli.dll.vir

potem skasuj wpisy:

O4 - HKCU\..\Run: [Error Safe] "C:\Program Files\Error Safe Free\ers.exe" /min
O4 - HKCU\..\Run: [Rurb] "C:\WINDOWS\WNSXS~1\smss.exe" -vt yazb
O20 - Winlogon Notify: winrvc32 - winrvc32.dll (file missing)
O20 - Winlogon Notify: wudb - C:\WINDOWS\system32\wudb.dll

wklej do notatnika:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{37B85A29-692B-4205-9CAD-2626E4993404}"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{37B85A29-692B-4205-9CAD-2626E4993404}"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{37B85A29-692B-4205-9CAD-2626E4993404}"=-

w notatniku u góry>>>plik zapisz jako>>>Zmien rozszerzenie z TXT na Wszystkie pliki *.* >>> Zapisz pod nazwą FIX.REG

Klikasz dwa razy na powstały plik fix i dodajesz go do rejestru....

potem 3 nowe logi wrzuc na jakis serwer

komputer sam się uruchamia ponowanie :|

komputer sam się uruchamia ponowanie :|

Kto jest na forum