Samoczynne zamykanie systemu

**Posty:** 7956 · przez **Magik** 09 Sie 2008, 01:35

Matteo napisał(a):Wywaliłem to w hj w trybie awaryjnym ale przy właczaniu combofixa pisze nadal że edycja rejestru zablokowana

hmm

a sprobuj zrobic taki myk

wklej do notatnika

Kod: Zaznacz wszystko: REGISTRY:: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1] [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1]

Plik zapisz jako CFScript.txt, przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

wklej do notatnika

Kod: Zaznacz wszystko: Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=- "DisableRegistryTools"=- [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"=- "DisableRegistryTools"=- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"=-

zapisz jako fix.reg i odpal

**Posty:** 133 · przez **Matteo** 09 Sie 2008, 11:59

Niestety CFScript.txt wkleiłem ale nic to nie dało nadal edycja rejestru zablokowana. Komp coraz bardziej muli.
Chyba się powoli poddaje, usuwam w hj ten wpis co blokuje rejestr właczam kompoa w trybie normalnym i ten wpis tam znowu jest

Kilka razy tak robiłem i zawsze wpis wraca. Przez to sie zawiesza combofix.

Ostatnie co wygenerował to jakaś masakra:

Kod: Zaznacz wszystko: ComboFix 08-08-08.05 - Matteo 2008-08-09 10:59:16.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.223 [GMT 2:00] Running from: C:\Documents and Settings\Matteo\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\Matteo\Pulpit\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\Microsoft\backup.ftp C:\WINDOWS\system32\Microsoft\backup.tftp . ---- Previous Run ------- . C:\WINDOWS\system32\Microsoft\backup.ftp C:\WINDOWS\system32\Microsoft\backup.tftp . ((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 ))))))))))))))))))))))))))))))) . 2008-08-09 00:50 . 2008-08-09 00:50 97,792 -r-hs---- C:\WINDOWS\system32\soundman.exe 2008-08-09 00:13 . 2008-08-09 00:57 326 --a------ C:\WINDOWS\system32\drivers\fwdrv.err 2008-08-08 23:45 . 2008-08-08 23:45 <DIR> d-------- C:\Program Files\Sunbelt Software 2008-08-08 13:00 . 2008-08-08 13:00 <DIR> d-------- C:\WINDOWS\ERUNT 2008-08-08 12:59 . 2008-08-09 11:13 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne 2008-08-08 12:59 . 2008-07-08 18:51 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione 2008-08-08 12:59 . 2008-07-08 17:58 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony 2008-08-08 12:59 . 2008-08-09 11:14 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit 2008-08-08 12:59 . 2008-07-08 18:51 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty 2008-08-08 12:59 . 2008-07-08 18:51 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start 2008-08-08 12:59 . 2008-07-08 18:51 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji 2008-08-08 12:59 . 2008-08-08 12:59 <DIR> d-------- C:\Documents and Settings\Administrator 2008-08-08 12:55 . 2008-08-09 01:05 <DIR> d-------- C:\SDFix 2008-08-05 14:31 . 2002-08-29 01:32 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-07-15 20:58 . 2008-07-15 20:58 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-07-13 15:37 . 2008-07-13 15:37 <DIR> d---s---- C:\Documents and Settings\Matteo\UserData 2008-07-12 14:31 . 2008-07-12 14:31 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-07-12 14:31 . 2008-07-12 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems 2008-07-10 15:19 . 2008-07-10 15:19 <DIR> d-------- C:\Program Files\WMV9_VCM 2008-07-10 14:46 . 2008-07-10 14:46 <DIR> d-------- C:\Documents and Settings\Matteo\Dane aplikacji\XCPCSync.OEM 2008-07-10 14:42 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuengine.dll 2008-07-10 14:42 . 2003-08-25 18:06 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll 2008-07-10 14:30 . 1998-06-18 01:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2008-07-10 14:30 . 1998-05-05 22:00 57,344 --------- C:\WINDOWS\system32\VBAME.DLL 2008-07-10 14:29 . 2008-07-10 14:29 <DIR> d-------- C:\Program Files\Common Files\XCPCSync.OEM 2008-07-10 14:00 . 2008-07-10 14:00 <DIR> d-------- C:\Documents and Settings\Matteo\Dane aplikacji\AdobeUM 2008-07-10 13:55 . 2008-07-10 13:55 <DIR> d-------- C:\Documents and Settings\Mateo\Moje dokumenty 2008-07-10 13:55 . 2008-07-10 13:55 <DIR> d-------- C:\Documents and Settings\Mateo 2008-07-10 13:33 . 2008-07-10 13:33 1,103 --a------ C:\WINDOWS\bestplayer.ini 2008-07-10 13:33 . 2008-07-10 13:33 0 --a------ C:\WINDOWS\bestplayer.bpp 2008-07-10 13:33 . 2008-07-10 13:33 0 --a------ C:\WINDOWS\bestplayer.bbt . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-09 09:17 4,155,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-09 09:14 176,416 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-08-09 08:50 42,496 ----a-w C:\WINDOWS\system32\ftp.exe 2008-08-09 08:50 16,896 ----a-w C:\WINDOWS\system32\tftp.exe 2008-08-09 08:50 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-08-08 23:23 63,680 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-08 23:23 21,620 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-08-08 09:34 133,632 ----a-w C:\WINDOWS\system32\sfc_os.dll 2008-08-06 17:07 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-07-24 11:09 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-07-12 12:32 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-10 22:00 --------- d-----w C:\Program Files\Gadu-Gadu 2008-07-10 12:45 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-10 12:26 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-08 18:03 --------- d-----w C:\Documents and Settings\Matteo\Dane aplikacji\Gadu-Gadu 2008-07-08 18:00 --------- d-----w C:\Program Files\Tlen.pl 2008-07-08 17:31 --------- d-----w C:\Documents and Settings\Matteo\Dane aplikacji\Tlen.pl 2008-07-08 16:50 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-07-08 16:38 --------- d-----w C:\Program Files\Kaspersky Lab 2008-07-08 16:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-07-08 16:21 --------- d-----w C:\Program Files\Realtek 2008-07-08 16:11 --------- d-----w C:\Program Files\Intel 2008-07-08 16:02 558,142 ----a-w C:\WINDOWS\java\Packages\5NXRHJLN.ZIP 2008-07-08 16:02 155,995 ----a-w C:\WINDOWS\java\Packages\I9R3R5F7.ZIP 2008-07-08 16:02 --------- d-----w C:\Program Files\microsoft frontpage 2008-07-08 16:01 --------- d-----w C:\Program Files\Usługi online . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 C:\Documents and Settings\Matteo\Menu Start\Programy\Autostart\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Shell"="Explorer.exe %WINDIR%\\system32\\soundman.exe" "SFCDisable"=dword:ffffff9d [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2006-05-09 16:08] R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2006-05-09 16:08] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys [2007-12-13 13:28] S3 siusbmod;siusbmod;C:\WINDOWS\System32\DRIVERS\siusbmod.sys [2005-11-30 17:12] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-09 11:15:16 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Abiosdsk] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\abp480n5] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPI] "ImagePath"="System32\DRIVERS\ACPI.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPIEC] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\actser] "ImagePath"="system32\drivers\actser.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Adobe LM Service] "ImagePath"="\"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu160m] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aec] "ImagePath"="system32\drivers\aec.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AFD] "ImagePath"="\SystemRoot\System32\drivers\afd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Aha154x] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78u2] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78xx] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Alerter] "ServiceDll"="%SystemRoot%\system32\alrsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AliIde] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amsint] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\asc] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\asc3350p] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\asc3550] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atapi] "ImagePath"="System32\DRIVERS\atapi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Atdisk] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Atmarpc] "ImagePath"="System32\DRIVERS\atmarpc.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioSrv] "ServiceDll"="%SystemRoot%\System32\audiosrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\audstub] "ImagePath"="System32\DRIVERS\audstub.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AVP] "ImagePath"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -r" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BattC] "MofImagePath"="System32\Drivers\battc.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Beep] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\catchme] "ImagePath"="\??\C:\DOCUME~1\Matteo\USTAWI~1\Temp\catchme.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cbidf2k] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cd20xrnt] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Cdaudio] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Cdfs] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Cdrom] "ImagePath"="System32\DRIVERS\cdrom.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Changer] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CiSvc] "ImagePath"="%SystemRoot%\system32\cisvc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ClipSrv] "ImagePath"="%SystemRoot%\system32\clipsrv.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CmdIde] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\COMSysApp] "ImagePath"="C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ContentFilter] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ContentIndex] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Cpqarray] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CryptSvc] "ServiceDll"="%SystemRoot%\System32\cryptsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dac2w2k] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dac960nt] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dhcp] "ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Disk] "ImagePath"="System32\DRIVERS\disk.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dmadmin] "ImagePath"="%SystemRoot%\System32\dmadmin.exe /com" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dmboot] "ImagePath"="System32\drivers\dmboot.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dmio] "ImagePath"="System32\drivers\dmio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dmload] "ImagePath"="System32\drivers\dmload.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dmserver] "ServiceDll"="%SystemRoot%\System32\dmserver.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DMusic] "ImagePath"="system32\drivers\DMusic.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dpti2o] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ERSvc] "ServiceDll"="%SystemRoot%\System32\ersvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Eventlog] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem] "ServiceDll"="C:\WINDOWS\System32\es.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fastfat] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FastUserSwitchingCompatibility] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fdc] "ImagePath"="System32\DRIVERS\fdc.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fips] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Flpydisk] "ImagePath"="System32\DRIVERS\flpydisk.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fs_Rec] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ftdisk] "ImagePath"="System32\DRIVERS\ftdisk.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\fwdrv] "ImagePath"="\SystemRoot\system32\drivers\fwdrv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Gpc] "ImagePath"="System32\DRIVERS\msgpc.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HdAudAddService] "ImagePath"="system32\drivers\HdAudio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HDAudBus] "ImagePath"="System32\DRIVERS\HDAudBus.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\helpsvc] "ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidServ] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpn] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omgmt] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omp] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i8042prt] "ImagePath"="System32\DRIVERS\i8042prt.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Imapi] "ImagePath"="System32\DRIVERS\imapi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ImapiService] "ImagePath"="%systemroot%\system32\imapi.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\inetaccs] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ini910u] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Inport] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IntcAzAudAddService] "ImagePath"="system32\drivers\RtkHDAud.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IntelIde] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpFilterDriver] "ImagePath"="System32\DRIVERS\ipfltdrv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpInIp] "ImagePath"="System32\DRIVERS\ipinip.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpNat] "ImagePath"="System32\DRIVERS\ipnat.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPSec] "ImagePath"="System32\DRIVERS\ipsec.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IRENUM] "ImagePath"="System32\DRIVERS\irenum.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ISAPISearch] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\isapnp] "ImagePath"="System32\DRIVERS\isapnp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Kbdclass] "ImagePath"="System32\DRIVERS\kbdclass.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\khips] "ImagePath"="\SystemRoot\system32\drivers\khips.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kl1] "ImagePath"="System32\drivers\kl1.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\klif] "ImagePath"="\??\C:\WINDOWS\System32\drivers\klif.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\klim5] "ImagePath"="System32\DRIVERS\klim5.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kmixer] "ImagePath"="system32\drivers\kmixer.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KPF4] "ImagePath"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KSecDD] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lanmanserver] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lanmanworkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lbrtfdc] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ldap] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LicenseService] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LmHosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Messenger] "ServiceDll"="%SystemRoot%\System32\msgsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mnmdd] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mnmsrvc] "ImagePath"="C:\WINDOWS\System32\mnmsrvc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Modem] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mouclass] "ImagePath"="System32\DRIVERS\mouclass.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MountMgr] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mraid35x] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxDAV] "ImagePath"="System32\DRIVERS\mrxdav.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxSmb] "ImagePath"="System32\DRIVERS\mrxsmb.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC] "ImagePath"="C:\WINDOWS\System32\msdtc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Msfs] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSIServer] "ImagePath"="%systemroot%\system32\msiexec.exe /V" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mup] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDIS] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisTapi] "ImagePath"="System32\DRIVERS\ndistapi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ndisuio] "ImagePath"="System32\DRIVERS\ndisuio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisWan] "ImagePath"="System32\DRIVERS\ndiswan.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDProxy] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBIOS] "ImagePath"="System32\DRIVERS\netbios.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBT] "ImagePath"="System32\DRIVERS\netbt.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetDDE] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetDDEdsdm] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Nla] "ServiceDll"="%SystemRoot%\System32\mswsock.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Npfs] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ntfs] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NtLmSsp] "ImagePath"="%SystemRoot%\System32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NtmsSvc] "ServiceDll"="%SystemRoot%\system32\ntmssvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Null] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nv] "ImagePath"="System32\DRIVERS\nv4_mini.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NVSvc] "ImagePath"="%SystemRoot%\System32\nvsvc32.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFlt] "ImagePath"="System32\DRIVERS\nwlnkflt.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFwd] "ImagePath"="System32\DRIVERS\nwlnkfwd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parport] "ImagePath"="System32\DRIVERS\parport.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PartMgr] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ParVdm] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCI] "ImagePath"="System32\DRIVERS\pci.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCIDump] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCIIde] "ImagePath"="System32\DRIVERS\pciide.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Pcmcia] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDCOMP] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDFRAME] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDRELI] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDRFRAME] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\perc2] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\perc2hib] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfDisk] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfNet] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfOS] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfProc] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PolicyAgent] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PptpMiniport] "ImagePath"="System32\DRIVERS\raspptp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Processor] "ImagePath"="System32\DRIVERS\processr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSched] "ImagePath"="System32\DRIVERS\psched.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ptilink] "ImagePath"="System32\DRIVERS\ptilink.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql1080] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ql10wnt] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql12160] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql1240] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql1280] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAcd] "ImagePath"="System32\DRIVERS\rasacd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rasl2tp] "ImagePath"="System32\DRIVERS\rasl2tp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasPppoe] "ImagePath"="System32\DRIVERS\raspppoe.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Raspti] "ImagePath"="System32\DRIVERS\raspti.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rdbss] "ImagePath"="System32\DRIVERS\rdbss.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPDD] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdpdr] "ImagePath"="System32\DRIVERS\rdpdr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPNP] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPWD] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDSessMgr] "ImagePath"="C:\WINDOWS\system32\sessmgr.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\redbook] "ImagePath"="System32\DRIVERS\redbook.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteAccess] "ServiceDll"="%SystemRoot%\System32\mprdim.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32\regsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcLocator] "ImagePath"="%SystemRoot%\System32\locator.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcSs] "ServiceDll"="%SystemRoot%\System32\rpcss.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RSVP] "ImagePath"="%SystemRoot%\System32\rsvp.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCardDrv] "ImagePath"="%SystemRoot%\System32\SCardSvr.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCardSvr] "ImagePath"="%SystemRoot%\System32\SCardSvr.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Schedule] "ServiceDll"="%SystemRoot%\system32\schedsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Secdrv] "ImagePath"="System32\DRIVERS\secdrv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\seclogon] "ServiceDll"="%SystemRoot%\System32\seclogon.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\serenum] "ImagePath"="System32\DRIVERS\serenum.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serial] "ImagePath"="System32\DRIVERS\serial.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sfloppy] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Simbad] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\siusbmod] "ImagePath"="System32\DRIVERS\siusbmod.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sparrow] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\splitter] "ImagePath"="system32\drivers\splitter.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Spooler] "ImagePath"="%SystemRoot%\system32\spoolsv.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sr] "ImagePath"="system32\DRIVERS\sr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srservice] "ServiceDll"="C:\WINDOWS\System32\srsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Srv] "ImagePath"="System32\DRIVERS\srv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\stisvc] "ServiceDll"="%SystemRoot%\system32\wiaservc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swenum] "ImagePath"="System32\DRIVERS\swenum.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swmidi] "ImagePath"="system32\drivers\swmidi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SwPrv] "ImagePath"="C:\WINDOWS\System32\dllhost.exe /Processid:{CB47A5D7-0A1B-43A3-8780-A7129A7966EC}" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\symc810] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\symc8xx] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sym_hi] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sym_u3] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sysaudio] "ImagePath"="system32\drivers\sysaudio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysmonLog] "ImagePath"="%SystemRoot%\system32\smlogsvc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip] "ImagePath"="System32\DRIVERS\tcpip.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDPIPE] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDTCP] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermDD] "ImagePath"="System32\DRIVERS\termdd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Themes] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TlntSvr] "ImagePath"="C:\WINDOWS\System32\tlntsvr.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TosIde] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrkWks] "ServiceDll"="%SystemRoot%\system32\trkwks.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSDDD] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Udfs] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ultra] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Update] "ImagePath"="System32\DRIVERS\update.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uploadmgr] "ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UPS] "ImagePath"="%SystemRoot%\System32\ups.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBCM] "ImagePath"="System32\DRIVERS\Sacm2A.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbehci] "ImagePath"="System32\DRIVERS\usbehci.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbhub] "ImagePath"="System32\DRIVERS\usbhub.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBSTOR] "ImagePath"="System32\DRIVERS\USBSTOR.SYS" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbuhci] "ImagePath"="System32\DRIVERS\usbuhci.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ViaIde] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VolSnap] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsbus] "ImagePath"="System32\DRIVERS\vsb.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vserial] "ImagePath"="System32\DRIVERS\vserial.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VSS] "ImagePath"="%SystemRoot%\System32\vssvc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W32Time] "ServiceDll"="%systemroot%\system32\w32time.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W3SVC] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarp] "ImagePath"="System32\DRIVERS\wanarp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WDICA] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wdmaud] "ImagePath"="system32\drivers\wdmaud.sys" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winsock] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinSock2] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinTrust] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmdmPmSp] "ServiceDll"="C:\WINDOWS\System32\mspmspsv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wmi] "ServiceDll"="%SystemRoot%\System32\advapi32.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiApRpl] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiApSrv] "ImagePath"="C:\WINDOWS\System32\wbem\wmiapsrv.exe" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wscsvc] [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wuauserv] "ServiceDll"="C:\WINDOWS\System32\wuauserv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WZCSVC] "ServiceDll"="%SystemRoot%\System32\wzcsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{AE5F1177-53AE-4937-ADE2-979C0D1438FF}] . Completion time: 2008-08-09 11:20:21 ComboFix-quarantined-files.txt 2008-08-09 09:20:10 ComboFix2.txt 2008-08-08 12:14:40 Pre-Run: 12,633,059,328 bajtów wolnych Post-Run: 12,632,489,984 bajtów wolnych 565

Czekam jeszcze na jakis genialny pomysł ale powoli szykuję płytkę z windowsem.
Moze ktoś chociaz poleci jakiegos dobrego antywira żeby nie było potem jak teraz, chociaz cały czas miałem kaspersky internet security 7.0.1.325 i te syfy i tak weszły.

Czekam jeszcze troche na pomysły jakieś a potem format jak nic nie pomoże

**Posty:** 18165 · przez **wojtas** 09 Sie 2008, 12:07

te plik/i :

C:\WINDOWS\system32\soundman.exe

przesaknuj tu

http://virusscan.jotti.org/
http://www.virustotal.com/

i daj raporty ze skanow

Jeśli nie będzie widoczny, to najpierw usuń atrybuty ochronne:
>>Start>>Panel Sterowania>>Opcje Folderów>>Widok>>usuń zaznaczenie przy "Ukryj chronione pliki systemowe">
>zaznacz przy "Pokaż ukryte pliki">>Zastosuj>>OK.

wklej do notatnika:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"DisableRegistryTools"=–
"DisableRegedit"=–

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"DisableRegistryTools"=–
"DisableRegedit"=–

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> Uruchom plik FIX.REG

**Posty:** 133 · przez **Matteo** 09 Sie 2008, 13:33

File: soundman.exe
Status:
INFECTED/MALWARE
MD5: f5378bb810d42f18aaf108b52735593e
Packers detected:
-

Scan taken on 09 Aug 2008 11:28:49 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found VirTool.Win32.DelfInject.AF
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found Troj/Agent-HKD
VirusBuster
Found nothing
VBA32
Found nothing

Last file scanned at least one scanner reported something about: x0.cmd (MD5: 530c6f4dca2a9187e621241f725f55f1, size: 91134 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir TR/Vundo.Gen
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Ikarus Trojan.Vundo
Kaspersky Anti-Virus Trojan-GameThief.Win32.OnLineGames.atom
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus Sus/UnkPacker
VirusBuster X
VBA32 Trojan.Win32.Vaklik.coh

Mam na dzieje że czytelne bo ze screenem to godzine bym sie meczył bo tak komp muli.
Widac skaner cos znalazł w tym.
Robie dalej bo niestety tyle to trwało przy tym zamuleniu.

edit fix.reg nie dopala bo edycja rejestru zablokowana

**Posty:** 8001 · przez **Okocza** 09 Sie 2008, 13:41

C:\WINDOWS\system32\soundman.exe

możesz usunąć ten plik... wróć z logiem z sdfixa

**Posty:** 133 · przez **Matteo** 09 Sie 2008, 14:04

Nie chciał dać się usunąć ale killbox-em go potraktowałem i usunięty.
SDfix:

Kod: Zaznacz wszystko: [b]SDFix: Version 1.214 [/b] Run by Administrator on 2008-08-09 at 13:56 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: C:\WINDOWS\system32\Microsoft\backup.ftp Found C:\WINDOWS\system32\Microsoft\backup.tftp Found [b]Checking files[/b]: [b]Dummy[/b]: C:\WINDOWS\system32\Microsoft\backup.ftp C:\WINDOWS\system32\Microsoft\backup.tftp C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\tftp.exe C:\WINDOWS\system32\dllcache\ftp.exe C:\WINDOWS\system32\dllcache\tftp.exe Files copied to SDFix\Backups Restoring files if backups are found [b]Final Check[/b]: [b]Dummy[/b]: C:\WINDOWS\system32\Microsoft\backup.ftp C:\WINDOWS\system32\Microsoft\backup.tftp C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\tftp.exe C:\WINDOWS\system32\dllcache\ftp.exe C:\WINDOWS\system32\dllcache\tftp.exe Restoring Default Security Values Restoring Default Hosts File Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-09 13:59:31 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes ... IPC error: 2 Nie można odnaleźć określonego pliku. scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 "appinit_dlls"="" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: [b]Finished![/b]

Wyskakiwało to co zwykle czyli ze edycja rejestru zablokowana ale log jest.

edit, komp chodzi już lepiej, po włączeniu kerio już nie alarmuje że blokuje połącznie soundmana.
Ale edycja rejestru nadal niedostępna, menadżer zadan też mam "wyłączony przez administratora".

Komp muli gdy wchodzę w windows/system 32 a chciałem zajrzeć czy napewno soundmana nie ma, bo w hijack pokazany jest jako uruchomiony, nawet 2 sa.
Co dalej?

**Posty:** 18165 · przez **wojtas** 09 Sie 2008, 14:40

start>uruchom>regedit > jesli mozesz wejsc to :

przejdz do klucza

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

DisableRegistryTools
DisableRegedit
potem do:

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]

DisableRegistryTools
DisableRegedit

po kasuj pogrubione i reset kompa...

**Posty:** 133 · przez **Matteo** 09 Sie 2008, 15:00

Nie da się wejść: "edycja rejestru została wyłączona przez administratora sieci"

**Posty:** 18165 · przez **wojtas** 09 Sie 2008, 15:08

klikamy na Start, Uruchom. Wpisujemy polecenie gpedit.msc i klikamy na Ok. 2. Następnie w dziale Konfiguracja użytkownika znajdujemy i rozwijamy gałąź Szablony administracyjne, klikamy na System i w prawej części okna wyszukujemy Zapobiegaj dostępowi do narzędzi edycji rejestru. 3. Klikamy dwukrotnie na tę opcję. W zakładce Ustawienia, po czym zaznaczamy Wyłączone. Zmiany zatwierdzamy, klikając na przycisk Ok.

lub wklej do notatnika:

; Aby odblokować edytor Rejestru - Regedit należy zaznaczyć
; plik inf w eksploratorze, otworzyć menu kontekstowe pliku
; (prawy klawisz myszy lub Shift+F10)
; i wybrać opcję "Zainstaluj"

; (C) Copyright 2004
; by Piotr Palusiński

[version]
signature="$CHICAGO$"

[DefaultInstall]
DelReg = Del_DisableRegistryTools.Reg

[Del_DisableRegistryTools.Reg]
HKCU,%Location%,DisableRegistryTools
HKCU,%Location%,DisableRegedit
HKLM,%Location%,DisableRegistryTools
HKLM,%Location%,DisableRegedit

[Strings]
Location="SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"

zapisz np . gg.inf i prawym przyciskiem i zainstaluj... reset kompa i sprawdz czy dziala

**Posty:** 133 · przez **Matteo** 09 Sie 2008, 15:27

"zapobiegaj dostepowi do narzedzi edycji rejestru"
nie widzę tego tutaj:

W innych folderach tez nie widać

UDAŁO SIĘ

ostatni sposób z plikiem inf zadziałał. Potrafię już wejść do rejestru.

Czyli co teraz, combofix-a odpalić lub sdfix ktore przedtem o ten rejestr się rzucały?

edit. combofix:

Kod: Zaznacz wszystko: ComboFix 08-08-08.05 - Matteo 2008-08-09 15:46:56.6 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.263 [GMT 2:00] Running from: C:\Documents and Settings\Matteo\Pulpit\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\Microsoft\backup.ftp C:\WINDOWS\system32\Microsoft\backup.tftp . ((((((((((((((((((((((((( Files Created from 2008-07-09 to 2008-08-09 ))))))))))))))))))))))))))))))) . 2008-08-09 15:10 . 2008-08-09 15:10 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-08-09 13:51 . 2008-08-09 13:53 <DIR> d-------- C:\!KillBox 2008-08-09 00:13 . 2008-08-09 13:44 652 --a------ C:\WINDOWS\system32\drivers\fwdrv.err 2008-08-08 23:45 . 2008-08-08 23:45 <DIR> d-------- C:\Program Files\Sunbelt Software 2008-08-08 13:00 . 2008-08-08 13:00 <DIR> d-------- C:\WINDOWS\ERUNT 2008-08-08 12:59 . 2008-08-09 16:01 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne 2008-08-08 12:59 . 2008-07-08 18:51 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione 2008-08-08 12:59 . 2008-07-08 17:58 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony 2008-08-08 12:59 . 2008-08-09 11:14 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit 2008-08-08 12:59 . 2008-07-08 18:51 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty 2008-08-08 12:59 . 2008-07-08 18:51 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start 2008-08-08 12:59 . 2008-07-08 18:51 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji 2008-08-08 12:59 . 2008-08-08 12:59 <DIR> d-------- C:\Documents and Settings\Administrator 2008-08-08 12:55 . 2008-08-09 14:05 <DIR> d-------- C:\SDFix 2008-08-05 14:31 . 2002-08-29 01:32 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-07-15 20:58 . 2008-07-15 20:58 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-07-13 15:37 . 2008-07-13 15:37 <DIR> d---s---- C:\Documents and Settings\Matteo\UserData 2008-07-12 14:31 . 2008-07-12 14:31 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-07-12 14:31 . 2008-07-12 14:31 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Adobe Systems 2008-07-10 15:19 . 2008-07-10 15:19 <DIR> d-------- C:\Program Files\WMV9_VCM 2008-07-10 14:46 . 2008-07-10 14:46 <DIR> d-------- C:\Documents and Settings\Matteo\Dane aplikacji\XCPCSync.OEM 2008-07-10 14:42 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuengine.dll 2008-07-10 14:42 . 2003-08-25 18:06 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll 2008-07-10 14:30 . 1998-06-18 01:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL 2008-07-10 14:30 . 1998-05-05 22:00 57,344 --------- C:\WINDOWS\system32\VBAME.DLL 2008-07-10 14:29 . 2008-07-10 14:29 <DIR> d-------- C:\Program Files\Common Files\XCPCSync.OEM 2008-07-10 14:00 . 2008-07-10 14:00 <DIR> d-------- C:\Documents and Settings\Matteo\Dane aplikacji\AdobeUM 2008-07-10 13:55 . 2008-07-10 13:55 <DIR> d-------- C:\Documents and Settings\Mateo\Moje dokumenty 2008-07-10 13:55 . 2008-07-10 13:55 <DIR> d-------- C:\Documents and Settings\Mateo 2008-07-10 13:33 . 2008-07-10 13:33 1,103 --a------ C:\WINDOWS\bestplayer.ini 2008-07-10 13:33 . 2008-07-10 13:33 0 --a------ C:\WINDOWS\bestplayer.bpp 2008-07-10 13:33 . 2008-07-10 13:33 0 --a------ C:\WINDOWS\bestplayer.bbt . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-09 14:02 4,209,440 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-09 14:01 178,464 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-08-09 13:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-08-09 13:36 64,232 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-09 13:36 21,836 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-08-09 11:45 42,496 ----a-w C:\WINDOWS\system32\ftp.exe 2008-08-09 11:45 16,896 ----a-w C:\WINDOWS\system32\tftp.exe 2008-08-08 09:34 133,632 ----a-w C:\WINDOWS\system32\sfc_os.dll 2008-08-06 17:07 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2008-07-24 11:09 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2008-07-12 12:32 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-10 22:00 --------- d-----w C:\Program Files\Gadu-Gadu 2008-07-10 12:45 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-10 12:26 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-08 18:03 --------- d-----w C:\Documents and Settings\Matteo\Dane aplikacji\Gadu-Gadu 2008-07-08 18:00 --------- d-----w C:\Program Files\Tlen.pl 2008-07-08 17:31 --------- d-----w C:\Documents and Settings\Matteo\Dane aplikacji\Tlen.pl 2008-07-08 16:50 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-07-08 16:38 --------- d-----w C:\Program Files\Kaspersky Lab 2008-07-08 16:37 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2008-07-08 16:21 --------- d-----w C:\Program Files\Realtek 2008-07-08 16:11 --------- d-----w C:\Program Files\Intel 2008-07-08 16:02 558,142 ----a-w C:\WINDOWS\java\Packages\5NXRHJLN.ZIP 2008-07-08 16:02 155,995 ----a-w C:\WINDOWS\java\Packages\I9R3R5F7.ZIP 2008-07-08 16:02 --------- d-----w C:\Program Files\microsoft frontpage 2008-07-08 16:01 --------- d-----w C:\Program Files\Usługi online . ((((((((((((((((((((((((((((( snapshot@2008-08-09_11.17.57.39 ))))))))))))))))))))))))))))))))))))))))) . - 2008-08-08 22:15:11 376,832 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-08-09 11:55:24 516,096 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT - 2008-08-08 22:15:11 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-08-09 11:55:24 8,192 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat - 2008-08-09 08:50:15 42,496 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe + 2008-08-09 11:45:23 42,496 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe - 2008-08-09 08:50:15 16,896 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe + 2008-08-09 11:45:23 16,896 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 19:05 13312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22 7700480] "NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22 86016] "SmartSync - ScheduleSync"="D:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE" [2005-10-21 16:20 45056] "SDFix"="C:\SDFix\RunThis.bat" [2008-08-07 16:27 728707] "nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe] "Skrót do strony właściwości High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe] "SoundMan"="SOUNDMAN.EXE" [2004-10-13 08:01 77824 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2004-10-13 10:17 2742272 C:\WINDOWS\ALCWZRD.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-20 19:05 13312] C:\Documents and Settings\Matteo\Menu Start\Programy\Autostart\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys [2006-05-09 16:08] R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys [2006-05-09 16:08] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys [2007-12-13 13:28] S3 siusbmod;siusbmod;C:\WINDOWS\System32\DRIVERS\siusbmod.sys [2005-11-30 17:12] . - - - - ORPHANS REMOVED - - - - HKLM-Run-soundman.exe - C:\WINDOWS\system32\soundman.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Matteo\Dane aplikacji\Mozilla\Firefox\Profiles\4jc5xaw4.default\ FF -: plugin - D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\browser\nppdf32.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-09 16:02:15 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-09 16:07:28 ComboFix-quarantined-files.txt 2008-08-09 14:07:11 ComboFix2.txt 2008-08-09 09:20:34 ComboFix3.txt 2008-08-08 12:14:40 Pre-Run: 12,628,611,072 bajtów wolnych Post-Run: 12,621,402,112 bajtów wolnych 144

przy sdfix po tym jak przeszedł już do trybu normalnego "niebieski ekran".
Tak więc tylko ten log powyżej na teraz mam.

i to jeszcze:

Kod: Zaznacz wszystko: ******************************************************************************** * * * FixIEDef Log * * Version 1.5.3.6065 * * * ******************************************************************************** Created at 16:28:11 on Saturday, August 09, 2008 Time Zone : Logged On User : Matteo Operating System : Microsoft Windows XP Professional Dodatek Service Pack. 1 OS Version : 5.1.2600 System Langauge : Polish Keyboard Layout : Polish Processor : X86 Intel(R) Pentium(R) 4 CPU 2.66GHz System Drive : C:\ Windows Directory : C:\WINDOWS System Directory : C:\WINDOWS\System32 Total Physical Memory : 523760 KB Free Physical Memory : 315428 KB Total Virtual Memory : 2097024 KB Free Virtual Memory : 2023936 KB Boot State : Normal boot -------------------------------------------------------------------------------- !!! Files that have been deleted !!! No malicious files found -------------------------------------------------------------------------------- !!! Directories that have been removed !!! No malicious directories to be removed -------------------------------------------------------------------------------- !!! Registry entries that have been removed !!! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "KernelFaultCheck" ================================================================================ All Done :) ShadowPuterDude Safe Surfing!!!

**Posty:** 18165 · przez **wojtas** 09 Sie 2008, 19:39

naprawimy menadzer...

wklej do notatnika:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:00000000
"**del.DisableTaskMgr"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"DisableTaskMgr"=dword:00000000

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> Uruchom plik FIX.REG

**Posty:** 133 · przez **Matteo** 09 Sie 2008, 20:22

Menedżer zadań już działa. Jednak widzę ze komp chodzi troche wolniej niż przed tymi wszystkimi akcjami.
Jeśli logi czyste to nie wiem dlaczego. Zrobiłem oczyszczanie przez AFT- Cleaner i szukam dobrego antywirusa który nie pozwoli więcej na takie akcje. Moj kaspersky internet security już martwy bo trial sie skonczył, teraz tylko kerio awaryjnie zainstalowałem. Jednak juz z kasperskym sie to działo ze system sie zamykał więc sam nie wiem na jakiego się zdecydować.
Jeśli może ktoś polecić jak najlepiej sie zabezpieczyć to byłbym wdzięczny.
Kiedyś miałem avast+ kerio i tez wiry wchodziły jak chciały.

**Posty:** 7956 · przez **Magik** 09 Sie 2008, 20:24

Matteo napisał(a):Jeśli może ktoś polecić jak najlepiej sie zabezpieczyć to byłbym wdzięczny.
Kiedyś miałem avast+ kerio i tez wiry wchodziły jak chciały.

takie polaczenie jak Nod+Comodo.........

Avast napisze po raz enty--> to sito

Matteo napisał(a):Menedżer zadań już działa. Jednak widzę ze komp chodzi troche wolniej niż przed tymi wszystkimi akcjami.
Jeśli logi czyste to nie wiem dlaczego

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

zrob juz bez ATF

**Posty:** 684 · przez **djarta** 09 Sie 2008, 20:26

Dodatkowo:
Scan ---> http://www.kaspersky.pl/virusscanner.html ( uruchom przez IE)
:wink:

**Posty:** 133 · przez **Matteo** 09 Sie 2008, 21:25

Zrobiłem j.w i komp dalej muli. Gdy wchodze w panel sterowania to musze czekac kilkanaście sekund zanim się otworzy, tak samo folder system32. Zamiast skanera online złapałem na chwile kluczyk do mojego kasperskyego i robie skana C:/. jednak strasznie powoli działa czas zakonczenia to juz za kilka dni i dalej rośnie

Na moje oko to nie jest normalne żeby panel sterowania się otwierał kilkanaście sek, i jeszcze jak chce zamknąć "program nie odpowiada", tak samo system32.
Coś tu nie gra jeszcze chyba.

**Posty:** 8001 · przez **Okocza** 09 Sie 2008, 21:27

jaki masz komputer :?:

konfig kompa i markę i moc zasilacza :?:

**Posty:** 133 · przez **Matteo** 09 Sie 2008, 21:34

Dodam że 2 dni temu poza restartami i wyłączaniem systemu komp chodził idealnie tzn szybko. Dopiero gdy zacząłem skany robic i tego wira wywalać to tak zwolnił jak teraz jest.
Nic specjalnego Pentium 4 2,66 Ghz, 512 ram, geforce 6200, zasilacz modecom feel 300W lub 350W (trudno powiedziec bo naklejka markerem poprawiana ale taki juz przyszedł ze sklepu, wiem ze to shit ale testowałem napięcia everestem to było w miarę ok).

**Posty:** 8001 · przez **Okocza** 09 Sie 2008, 21:37

wklej te napięcia... :1:

bo coś nie moge uwierzyć żeby na Feelu było ok z napieciami...

**Posty:** 133 · przez **Matteo** 09 Sie 2008, 21:44

Tak to wygląda:

**Posty:** 8001 · przez **Okocza** 09 Sie 2008, 21:46

Inaczej, jaka wersja Feel'a :?:

I II czy III :?:

poza tym miałbyś możliwość pożyczenia Tagana, Chiefteca, Amacroxa lub choćby Fortrona 350W :?:

i przetestowania :?:

dodatkowo przedmuchaj komputer z kurzu..