Wolny start i zamykanie windows

**Posty:** 7 · przez **Pluma** 14 Gru 2008, 16:58

Witam

mam pewien problem też z iexplorer. Zaznaczam że jestem zielony w te sprawy. problem polega na tym, że przy starcie kompa system ładuje się bardzo powoli, potem pracuje raczej normalnie chociaż bywa, że się muli. Natomiast przy zamykaniu systemu informuje mnie że trwa zamyanie programu iexplorer.exe oraz pokazuje okienko z informacją że nie może uruchomić SUPPOR~1.exe ponieważ stacja jest właśnie zamykana i po dłuższej chwili zamyka cały komputer

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:08:38, on 2008-12-14 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\vVX1000.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\xxx\Ustawienia lokalne\Temporary Internet Files\Content.IE5\1YT3C2QS\HiJackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.is.net.pl/auto.pac R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [16dart] C:\DOCUME~1\xxx\DANEAP~1\IDOLDO~1\Supportroad.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.117.128.162/activex/AxisCamControl.cab O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://www.e-tarnow.pl/modules/tarnow_k ... 63ctrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5B51DEBF-027F-49DC-89D4-EFD0A5B6A5D0}: NameServer = 217.144.192.2,217.144.192.33 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 9385 bytes

Kod: Zaznacz wszystko: ComboFix 08-12-13.03 - Piotr Ryba 2008-12-14 15:39:00.1 - NTFSx86 Uruchomiony z: d:\zapas\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\resycled c:\windows\Downloaded Program Files\setup.inf c:\windows\system32\251851 D:\resycled E:\resycled . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_POWERMANAGER ((((((((((((((((((((((((( Pliki utworzone od 2008-11-14 do 2008-12-14 ))))))))))))))))))))))))))))))) . 2008-12-13 15:13 . 2008-12-13 15:21 <DIR> d-------- c:\program files\trend micro 2008-12-13 11:31 . 2008-12-13 15:39 <DIR> d-------- c:\program files\F-Group 2008-12-11 18:26 . 2008-12-11 18:26 <DIR> d-------- c:\program files\iPod 2008-12-11 18:25 . 2008-12-11 18:26 <DIR> d-------- c:\program files\iTunes 2008-12-11 18:25 . 2008-12-11 18:26 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-11 18:22 . 2008-12-11 18:22 <DIR> d-------- c:\program files\QuickTime 2008-12-10 22:08 . 2008-12-13 16:43 2,206 --a------ c:\windows\system32\wpa.dbl 2008-12-08 19:09 . 2008-12-08 19:09 <DIR> d-------- c:\program files\The Learning Company 2008-12-08 19:09 . 2008-12-08 19:09 196 --a------ c:\windows\_delis43.ini 2008-12-08 19:08 . 2008-12-08 19:08 0 --a------ c:\windows\SETUP32.INI 2008-12-07 09:17 . 2008-12-07 09:17 <DIR> d-------- c:\program files\Idoldownload 2008-12-07 09:17 . 2008-12-07 09:17 <DIR> d-------- c:\documents and settings\xxx\Dane aplikacji\Idoldownload 2008-12-07 09:17 . 2008-12-07 09:17 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Grid Blue Memo Site 2008-12-01 17:41 . 2008-12-01 17:41 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant 2008-11-15 22:44 . 2008-11-15 22:50 <DIR> d-------- c:\documents and settings\xxx\Dane aplikacji\vlc 2008-11-15 17:41 . 2008-11-15 17:41 <DIR> d-------- c:\program files\Juz w szkole klasa 3a 2008-11-15 17:41 . 2008-11-15 17:41 <DIR> d-------- c:\program files\Common Files\YDP . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-14 14:13 --------- d-----w c:\documents and settings\xxx\Dane aplikacji\skypePM 2008-12-13 22:53 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2008-12-13 21:55 --------- d-----w c:\program files\DC++ 2008-12-13 15:33 --------- d-----w c:\program files\CCleaner 2008-12-13 10:40 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\AntiVir PersonalEdition classic 2008-12-11 17:21 --------- d-----w c:\program files\Common Files\Apple 2008-12-08 21:55 --------- d-----w c:\documents and settings\xxx\Dane aplikacji\Skype 2008-12-05 06:20 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-04 15:59 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-11-09 14:57 --------- d-----w c:\program files\Team17 Software Ltd 2008-11-09 14:52 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-10-31 14:52 --------- d-----w c:\program files\HP 2008-10-25 16:19 --------- d-----w c:\documents and settings\xxx\Dane aplikacji\Winamp 2008-10-25 16:12 --------- d-----w c:\program files\Winamp 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-09 21:19 499,712 ----a-w c:\windows\system32\msvcp71.dll 2008-10-09 21:19 348,160 ----a-w c:\windows\system32\msvcr71.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys 2008-03-05 15:58 32 -c--a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat 2001-11-23 04:08 712,704 -c--a-r c:\windows\inf\OTHER\AUDIO3D.DLL 2008-09-12 15:08 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008091220080913\index.dat . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "16dart"="c:\docume~1\xxx\DANEAP~1\IDOLDO~1\Supportroad.exe" [2008-12-07 622592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064] "WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2004-08-25 147456] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912] "VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-09 185896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-08-19 113664] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\memo site kind that] --a------ 2008-12-14 15:43 1306624 c:\documents and settings\All Users\Dane aplikacji\Grid Blue Memo Site\LOVE PLAY.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\DC++\\DCPlusPlus.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Gadu-Gadu\\ggphone\\ggphone.exe"= "d:\\GRY\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "d:\\GRY\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "e:\\Team17 Software Ltd\\WormsForts\\WF.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2006-03-07 22336] R1 avgntdd;avgntdd;c:\windows\system32\DRIVERS\avgntdd.sys [2006-03-07 45376] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2006-11-02 16:51:58 13560] R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2004-09-01 9984] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f004f00-c4c9-11da-a6e6-00138f0afc8a}] \Shell\AutoRun\command - H:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f004f02-c4c9-11da-a6e6-00138f0afc8a}] \Shell\AutoRun\command - J:\autorun.exe \Shell\readme\command - notepad czytajto.txt \Shell\Setup\command - J:\install.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{182ba922-93b1-11dc-8592-00138f0afc8a}] \Shell\AutoRun\command - G:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{182ba925-93b1-11dc-8592-00138f0afc8a}] \Shell\AutoRun\command - J:\autorun.exe \Shell\readme\command - notepad czytajto.txt \Shell\Setup\command - J:\install.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fcfac78-93ae-11dc-858e-00138f0afc8a}] \Shell\AutoRun\command - G:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fcfac7a-93ae-11dc-858e-00138f0afc8a}] \Shell\AutoRun\command - I:\autorun.exe \Shell\directx\command - i:\directx9\dxsetup.exe \Shell\setup\command - I:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fcfac7b-93ae-11dc-858e-00138f0afc8a}] \Shell\AutoRun\command - J:\autorun.exe \Shell\readme\command - notepad czytajto.txt \Shell\Setup\command - J:\install.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c74773fa-92e9-11dc-857d-00138f0afc8a}] \Shell\AutoRun\command - G:\autorun.exe . Zawartość folderu 'Zaplanowane zadania' 2008-12-14 c:\windows\Tasks\AC475A839194CD2F.job - c:\docume~1\xxx\daneap~1\idoldo~1\Film Proxy Intra.exe [2008-12-07 09:17] 2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-CubeDesktop - (no file) HKLM-Run-Cmaudio - cmicnfg.cpl HKLM-RunServices-WinProfile - sndcfg16.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.onet.pl/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {5B51DEBF-027F-49DC-89D4-EFD0A5B6A5D0} = 217.144.192.2,217.144.192.33 FF - ProfilePath - c:\documents and settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\n740qrk3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.wp.pl/ FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-14 15:42:27 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(720) c:\windows\system32\Ati2evxx.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\AntiVir PersonalEdition Classic\sched.exe c:\program files\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\windows\system32\rundll32.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\Internet Explorer\iexplore.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Czas ukończenia: 2008-12-14 15:47:41 - komputer został uruchomiony ponownie [Piotr Ryba] ComboFix-quarantined-files.txt 2008-12-14 14:47:36 Przed: 5 793 398 784 bajtów wolnych Po: 5,840,551,936 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 239 --- E O F --- 2008-12-11 19:24:33

**Posty:** 18165 · przez **wojtas** 14 Gru 2008, 22:52

skasuj w hijacku:

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKCU\..\Run: [16dart] C:\DOCUME~1\xxx\DANEAP~1\IDOLDO~1\Supportroad.exe

Otworz notatnik i wklej w nim to:

File::
c:\windows\Tasks\AC475A839194CD2F.job

Folder::
c:\documents and settings\All Users\Dane aplikacji\Grid Blue Memo Site
c:\docume~1\xxx\DANEAP~1\IDOLDO~1
c:\program files\Idoldownload
c:\documents and settings\xxx\Dane aplikacji\Idoldownload

DirLook::
c:\documents and settings\All Users\Dane aplikacji\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

**Posty:** 7 · przez **Pluma** 15 Gru 2008, 23:29

to ten log

Kod: Zaznacz wszystko: ComboFix 08-12-13.03 - Piotr Ryba 2008-12-15 22:23:57.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.511.117 [GMT 1:00] Uruchomiony z: d:\zapas\bezpieczeństwo\ComboFix.exe Użyto następujących komend :: d:\zapas\bezpieczeństwo\CFScript.txt * Utworzono nowy punkt przywracania FILE :: c:\windows\Tasks\AC475A839194CD2F.job . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Idoldownload c:\windows\Tasks\AC475A839194CD2F.job . ((((((((((((((((((((((((( Pliki utworzone od 2008-11-15 do 2008-12-15 ))))))))))))))))))))))))))))))) . 2008-12-13 15:13 . 2008-12-13 15:21 <DIR> d-------- c:\program files\trend micro 2008-12-13 11:31 . 2008-12-13 15:39 <DIR> d-------- c:\program files\F-Group 2008-12-11 18:26 . 2008-12-11 18:26 <DIR> d-------- c:\program files\iPod 2008-12-11 18:25 . 2008-12-11 18:26 <DIR> d-------- c:\program files\iTunes 2008-12-11 18:25 . 2008-12-11 18:26 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-11 18:22 . 2008-12-11 18:22 <DIR> d-------- c:\program files\QuickTime 2008-12-10 22:08 . 2008-12-13 16:43 2,206 --a------ c:\windows\system32\wpa.dbl 2008-12-08 19:09 . 2008-12-08 19:09 <DIR> d-------- c:\program files\The Learning Company 2008-12-08 19:09 . 2008-12-08 19:09 196 --a------ c:\windows\_delis43.ini 2008-12-08 19:08 . 2008-12-08 19:08 0 --a------ c:\windows\SETUP32.INI 2008-12-01 17:41 . 2008-12-01 17:41 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\HP Product Assistant 2008-11-15 22:44 . 2008-11-15 22:50 <DIR> d-------- c:\documents and settings\xxx\Dane aplikacji\vlc 2008-11-15 17:41 . 2008-11-15 17:41 <DIR> d-------- c:\program files\Juz w szkole klasa 3a 2008-11-15 17:41 . 2008-11-15 17:41 <DIR> d-------- c:\program files\Common Files\YDP . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-15 21:18 --------- d-----w c:\program files\DC++ 2008-12-15 16:21 --------- d-----w c:\documents and settings\xxx\Dane aplikacji\skypePM 2008-12-15 15:47 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-14 19:31 --------- d-----w c:\documents and settings\xxx\Dane aplikacji\Skype 2008-12-14 18:28 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\AntiVir PersonalEdition classic 2008-12-13 22:53 --------- d---a-w c:\documents and settings\All Users\Dane aplikacji\TEMP 2008-12-13 15:33 --------- d-----w c:\program files\CCleaner 2008-12-11 17:21 --------- d-----w c:\program files\Common Files\Apple 2008-12-04 15:59 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-11-09 14:57 --------- d-----w c:\program files\Team17 Software Ltd 2008-11-09 14:52 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-10-31 14:52 --------- d-----w c:\program files\HP 2008-10-25 16:19 --------- d-----w c:\documents and settings\xxx\Dane aplikacji\Winamp 2008-10-25 16:12 --------- d-----w c:\program files\Winamp 2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2008-10-23 12:42 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-16 20:33 826,368 ----a-w c:\windows\system32\wininet.dll 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll 2008-10-09 21:19 499,712 ----a-w c:\windows\system32\msvcp71.dll 2008-10-09 21:19 348,160 ----a-w c:\windows\system32\msvcr71.dll 2008-10-03 10:04 247,326 ----a-w c:\windows\system32\strmdll.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll 2008-09-15 15:27 1,846,656 ----a-w c:\windows\system32\win32k.sys 2008-03-05 15:58 32 -c--a-w c:\documents and settings\All Users\Dane aplikacji\ezsid.dat 2001-11-23 04:08 712,704 -c--a-r c:\windows\inf\OTHER\AUDIO3D.DLL 2008-09-12 15:08 32,768 --sha-w c:\windows\system32\config\systemprofile\Ustawienia lokalne\Historia\History.IE5\MSHist012008091220080913\index.dat . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\All Users\Dane aplikacji\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} ---- 2008-07-04 13:35 54632 --a------ c:\documents and settings\All Users\Dane aplikacji\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe 2008-04-24 08:25 11168 --a------ c:\documents and settings\All Users\Dane aplikacji\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\gearaspiwdmx86.cat 2008-04-17 13:12 319456 --a------ c:\documents and settings\All Users\Dane aplikacji\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll 2008-04-17 13:12 2761 --a------ c:\documents and settings\All Users\Dane aplikacji\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\GEARAspiWDM.inf 2008-04-17 13:12 15464 --a------ c:\documents and settings\All Users\Dane aplikacji\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspiWDM.sys 2008-04-17 13:12 107368 --a------ c:\documents and settings\All Users\Dane aplikacji\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-03 94208] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064] "WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2004-08-25 147456] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912] "VX1000"="c:\windows\vVX1000.exe" [2007-04-10 709992] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-09 185896] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-08-19 113664] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 282624] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\DC++\\DCPlusPlus.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Gadu-Gadu\\ggphone\\ggphone.exe"= "d:\\GRY\\Microsoft Games\\Age of Empires III\\age3.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "d:\\GRY\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "e:\\Team17 Software Ltd\\WormsForts\\WF.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [2006-03-07 22336] R1 avgntdd;avgntdd;c:\windows\system32\DRIVERS\avgntdd.sys [2006-03-07 45376] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2006-11-02 16:51:58 13560] R3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2004-09-01 9984] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f004f00-c4c9-11da-a6e6-00138f0afc8a}] \Shell\AutoRun\command - H:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f004f02-c4c9-11da-a6e6-00138f0afc8a}] \Shell\AutoRun\command - J:\autorun.exe \Shell\readme\command - notepad czytajto.txt \Shell\Setup\command - J:\install.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fcfac78-93ae-11dc-858e-00138f0afc8a}] \Shell\AutoRun\command - G:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fcfac7a-93ae-11dc-858e-00138f0afc8a}] \Shell\AutoRun\command - I:\autorun.exe \Shell\directx\command - i:\directx9\dxsetup.exe \Shell\setup\command - I:\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fcfac7b-93ae-11dc-858e-00138f0afc8a}] \Shell\AutoRun\command - J:\autorun.exe \Shell\readme\command - notepad czytajto.txt \Shell\Setup\command - J:\install.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c74773fa-92e9-11dc-857d-00138f0afc8a}] \Shell\AutoRun\command - G:\autorun.exe . Zawartość folderu 'Zaplanowane zadania' 2008-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-RunServices-WinProfile - sndcfg16.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.onet.pl/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {5B51DEBF-027F-49DC-89D4-EFD0A5B6A5D0} = 217.144.192.2,217.144.192.33 FF - ProfilePath - c:\documents and settings\xxx\Dane aplikacji\Mozilla\Firefox\Profiles\n740qrk3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.wp.pl/ FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-15 22:26:27 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\[u]0[/u]00.fcl" . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(716) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2008-12-15 22:27:53 ComboFix-quarantined-files.txt 2008-12-15 21:27:23 Przed: 5 758 713 856 bajtów wolnych Po: 5,770,469,376 bajtów wolnych 203 --- E O F --- 2008-12-11 19:24:33

**Posty:** 8001 · przez **Okocza** 16 Gru 2008, 15:07

Pluma,

Wykonaj to co jest podane w tym temacie

1. tym programem przejdź komputer)
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd.

**Posty:** 7 · przez **Pluma** 16 Gru 2008, 19:55

Dzięki

zrobiłem prawie wszystko, nie zapuszczałem HDcleanera bo nie dał się ściągnąć, ale nieszkodzi bo system, zamykanie i otwieranie znacznie przyśpieszyły. Screena z zakładki uruchamianie nie wkładam bo sam ją już nieco przeczyściłem.