Znika pasek, ikony białe -log prośba

**Posty:** 235 · przez an 04 Paź 2008, 22:31

Być może to mania prześladowcza, bo nie sadzę że "rybki", ale komp zaczął dziwnie działać - zniknął cały pasek - zostały jakieś kwadraty, a ikony skakały i zrobiły się białe. Po restarcie niby OK, ale profilaktycznie ....bardzo proszę o zerknięcie w logi.

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:54:58, on 2008-10-04 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\SiS VGA Utilities\SiSTray.exe C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\IPLA\IPLA.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Users\An\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com/index2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe O4 - HKLM\..\Run: [TouchPadHotKey] C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [IPLA!] C:\Program Files\IPLA\IPLA.exe /autorun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WirelessSelector.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- End of file - 5001 bytes

i drugi:

Kod: Zaznacz wszystko: ComboFix 08-10-04.01 - An 2008-10-04 21:04:47.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1250.1.1033.18.229 [GMT 1:00] Running from: C:\Users\An\Downloads\ComboFix.exe [color=RED][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-04 20:08 --------- d-----w C:\Users\An\AppData\Roaming\Skype 2008-10-04 19:52 --------- d-----w C:\Users\An\AppData\Roaming\skypePM 2008-10-04 19:51 --------- d-----w C:\Users\An\AppData\Roaming\OpenOffice.org2 2008-10-04 08:54 --------- d-----w C:\Users\An\AppData\Roaming\Aquatica 3D 2008-09-14 13:13 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-14 13:13 --------- d-----w C:\Program Files\Super X Studios 2008-09-14 13:11 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-30 18:33 --------- d-----w C:\Users\An\AppData\Roaming\GanymedeNet 2008-08-27 15:34 --------- d-----w C:\Users\An\AppData\Roaming\Good Keywords v2 2008-08-27 15:31 --------- d-----w C:\Program Files\Softnik Technologies 2008-08-23 18:39 56 ---ha-w C:\Users\All Users\ezsidmv.dat 2008-08-23 18:39 56 ---ha-w C:\ProgramData\ezsidmv.dat 2008-08-23 18:37 --------- d-----w C:\ProgramData\Skype 2008-08-23 18:37 --------- d-----w C:\Program Files\Skype 2008-08-23 18:37 --------- d-----w C:\Program Files\Common Files\Skype 2008-08-22 21:32 --------- d-----w C:\Program Files\Wanadoo 2008-08-22 21:12 33 ----a-w C:\Windows\system32\drivers\adidsl.cfg 2008-08-22 21:10 --------- d-----w C:\Users\An\AppData\Roaming\InstallShield 2008-08-22 21:10 --------- d-----w C:\Program Files\SAGEM 2008-08-19 21:51 --------- d-----w C:\Program Files\AC3Filter 2008-08-19 21:42 --------- d-----w C:\Program Files\NAPI-PROJEKT 2008-08-19 21:42 --------- d-----w C:\Program Files\ALLPlayer 2008-08-19 21:36 --------- d-----w C:\Program Files\Micro DVD Player 2008-08-19 21:33 --------- d-----w C:\Program Files\Xvid 2008-08-07 07:24 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-04 18:59 --------- d-----w C:\Users\An\AppData\Roaming\Mobipocket 2008-07-29 18:25 319,456 ----a-w C:\Windows\DIFxAPI.dll 2008-07-29 18:25 315,392 ----a-w C:\Windows\HideWin.exe 2008-07-29 18:16 174 --sha-w C:\Program Files\desktop.ini 2008-07-29 14:33 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-07-29 14:29 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-07-29 14:29 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-07-29 14:29 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-07-29 14:27 9,845,248 ----a-w C:\Windows\System32\NlsData000a.dll 2008-07-29 14:24 1,585,664 ----a-w C:\Windows\System32\setupapi.dll 2008-07-29 14:22 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-07-29 14:21 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL 2008-07-29 14:21 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-07-29 14:21 223,232 ----a-w C:\Windows\System32\WMASF.DLL 2008-07-29 14:21 2,048 ----a-w C:\Windows\System32\asferror.dll 2008-07-29 14:20 14,848 ----a-w C:\Windows\System32\wshrm.dll 2008-07-29 14:19 11,776 ----a-w C:\Windows\System32\sbunattend.exe 2008-07-29 14:18 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll 2008-07-29 14:18 788,992 ----a-w C:\Windows\System32\rpcrt4.dll 2008-07-29 14:18 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe 2008-07-29 14:17 1,327,104 ----a-w C:\Windows\System32\quartz.dll 2008-07-29 14:14 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-07-29 14:14 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-07-29 14:12 750,080 ----a-w C:\Windows\System32\qmgr.dll 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 21:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 19:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-07-29 1232896] "IPLA!"="C:\Program Files\IPLA\IPLA.exe" [2008-07-22 2182392] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-11 21741864] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 C:\Windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 869936] "SiSTray"="C:\Program Files\SiS VGA Utilities\SiSTray.exe" [2007-08-14 552960] "TouchPadHotKey"="C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe" [2007-08-13 364544] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 C:\Windows\RtHDVCpl.exe] "Skytel"="Skytel.exe" [2007-08-03 C:\Windows\SkyTel.exe] C:\Users\An\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-30 113664] WirelessSelector.lnk - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe [2008-07-29 650752] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 R0 CLFS;Common Log (CLFS);C:\Windows\system32\CLFS.sys [2008-07-29 224824] R0 Ecache;ReadyBoost Caching Driver;C:\Windows\system32\drivers\ecache.sys [2006-11-02 132200] R0 FileInfo;File Information FS MiniFilter;C:\Windows\system32\drivers\fileinfo.sys [2006-11-02 56424] R0 msisadrv;ISA/EISA Class Driver;C:\Windows\system32\drivers\msisadrv.sys [2007-09-07 13928] R0 spldr;Security Processor Loader Driver;C:\Windows\system32\drivers\spldr.sys [2006-11-02 18536] R0 volmgr;Volume Manager Driver;C:\Windows\system32\drivers\volmgr.sys [2007-09-07 50280] R0 volmgrx;Dynamic Volume Manager;C:\Windows\system32\drivers\volmgrx.sys [2006-11-02 290408] R1 DfsC;Dfs Client Driver;C:\Windows\system32\Drivers\dfsc.sys [2006-11-02 74752] R1 nsiproxy;NSI proxy service;C:\Windows\system32\drivers\nsiproxy.sys [2006-11-02 16384] R1 RDPENCDD;RDP Encoder Mirror Driver;C:\Windows\system32\drivers\rdpencdd.sys [2006-11-02 6144] R1 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\Windows\system32\DRIVERS\smb.sys [2006-11-02 66048] R1 tdx;NetIO Legacy TDI Support Driver;C:\Windows\system32\DRIVERS\tdx.sys [2006-11-02 68096] R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\Windows\system32\DRIVERS\wanarp.sys [2007-09-07 61952] R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 BFE;Base Filtering Engine;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 DPS;Diagnostic Policy Service;C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 EMDMgmt;ReadyBoost;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 FDResPub;Function Discovery Resource Publication;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 gpsvc;Group Policy Client;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 iphlpsvc;IP Helper;C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\Windows\system32\DRIVERS\lltdio.sys [2006-11-02 47104] R2 luafv;UAC File Virtualization;C:\Windows\system32\drivers\luafv.sys [2006-11-02 83456] R2 MMCSS;Multimedia Class Scheduler;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 MpsSvc;Windows Firewall;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 netprofm;Network List Service;C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 NlaSvc;Network Location Awareness;C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 nsi;Network Store Interface Service;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 PcaSvc;Program Compatibility Assistant Service;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 PEAUTH;PEAUTH;C:\Windows\system32\drivers\peauth.sys [2006-11-02 878080] R2 ProfSvc;User Profile Service;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 slsvc;Software Licensing;C:\Windows\system32\SLsvc.exe [2007-09-07 2605568] R2 SysMain;Superfetch;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 TabletInputService;Tablet PC Input Service;C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 tcpipreg;TCP/IP Registry Compatibility;C:\Windows\system32\drivers\tcpipreg.sys [2006-11-02 27648] R2 UxSms;Desktop Window Manager Session Manager;C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 WerSvc;Windows Error Reporting Service;C:\Windows\System32\svchost.exe [2006-11-02 22016] R2 Wlansvc;WLAN AutoConfig;C:\Windows\system32\svchost.exe [2006-11-02 22016] R2 WPDBusEnum;Portable Device Enumerator Service;C:\Windows\system32\svchost.exe [2006-11-02 22016] R3 Appinfo;Application Information;C:\Windows\system32\svchost.exe [2006-11-02 22016] R3 bowser;Bowser;C:\Windows\system32\DRIVERS\bowser.sys [2006-11-02 69632] R3 DXGKrnl;LDDM Graphics Subsystem;C:\Windows\system32\drivers\dxgkrnl.sys [2007-09-07 619008] R3 iScsiPrt;iScsiPort Driver;C:\Windows\system32\DRIVERS\msiscsi.sys [2006-11-02 168552] R3 KeyIso;CNG Key Isolation;C:\Windows\system32\lsass.exe [2006-11-02 7680] R3 monitor;Microsoft Monitor Class Function Driver Service;C:\Windows\system32\DRIVERS\monitor.sys [2006-11-02 41984] R3 mpsdrv;Windows Firewall Authorization Driver;C:\Windows\system32\drivers\mpsdrv.sys [2007-09-07 63488] R3 mrxsmb10;SMB 1.x MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb10.sys [2006-11-02 211456] R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\Windows\system32\DRIVERS\mrxsmb20.sys [2008-07-29 58368] R3 NativeWifiP;NativeWiFi Filter;C:\Windows\system32\DRIVERS\nwifi.sys [2006-11-02 154112] R3 SiS6350;SiS6350;C:\Windows\system32\DRIVERS\SISGRKMD.sys [2007-08-14 456568] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-07-04 47616] R3 srv2;srv2;C:\Windows\system32\DRIVERS\srv2.sys [2008-07-29 130048] R3 srvnet;srvnet;C:\Windows\system32\DRIVERS\srvnet.sys [2008-07-29 84992] R3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2008-07-29 27136] R3 tunnel;Microsoft IPv6 Tunnel Miniport Adapter Driver;C:\Windows\system32\DRIVERS\tunnel.sys [2007-09-07 23040] R3 umbus;UMBus Enumerator Driver;C:\Windows\system32\DRIVERS\umbus.sys [2006-11-02 34816] R3 WdiSystemHost;Diagnostic System Host;C:\Windows\System32\svchost.exe [2006-11-02 22016] S2 ELOADER;General Purpose USB Driver (adildr.sys);C:\Windows\system32\Drivers\adildr.sys [2007-02-07 56088] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936] S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\Windows\system32\drivers\brfiltlo.sys [2006-11-02 13568] S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\Windows\system32\drivers\brfiltup.sys [2006-11-02 5248] S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\Windows\system32\drivers\brusbser.sys [2006-11-02 11904] S3 CertPropSvc;Certificate Propagation;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 DFSR;DFS Replication;C:\Windows\system32\DFSR.exe [2006-11-02 2089984] S3 E1G60;Intel(R) PRO/1000 NDIS 6 Adapter Driver;C:\Windows\system32\DRIVERS\E1G60I32.sys [2006-11-02 117760] S3 fdPHost;Function Discovery Provider Host;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 Filetrace;FileTrace;C:\Windows\system32\drivers\filetrace.sys [2006-11-02 27648] S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 MsRPC;MsRPC;C:\Windows\system32\drivers\MsRPC.sys [2006-11-02 160872] S3 p2pimsvc;Peer Networking Identity Manager;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 p2psvc;Peer Networking Grouping;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 pla;Performance Logs & Alerts;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 PNRPsvc;Peer Name Resolution Protocol;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 QWAVE;Quality Windows Audio Video Experience;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 SCPolicySvc;Smart Card Removal Policy;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 SDRSVC;Windows Backup;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 SessionEnv;Terminal Services Configuration;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\Windows\system32\drivers\sffp_mmc.sys [2007-09-07 12800] S3 SLUINotify;SL UI Notification Service;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 TBS;TPM Base Services;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 THREADORDER;Thread Ordering Server;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 tssecsrv;Terminal Services Security Filter Driver;C:\Windows\system32\DRIVERS\tssecsrv.sys [2006-11-02 23552] S3 UI0Detect;Interactive Services Detection;C:\Windows\system32\UI0Detect.exe [2006-11-02 35840] S3 uliagpkx;Uli AGP Bus Filter;C:\Windows\system32\drivers\uliagpkx.sys [2007-09-07 58472] S3 wcncsvc;Windows Connect Now - Config Registrar;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 WcsPlugInService;Windows Color System;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 WdiServiceHost;Diagnostic Service Host;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 Wecsvc;Windows Event Collector;C:\Windows\system32\svchost.exe [2006-11-02 22016] S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 WinRM;Windows Remote Management (WS-Management);C:\Windows\System32\svchost.exe [2006-11-02 22016] S3 WPCSvc;Parental Controls;C:\Windows\system32\svchost.exe [2006-11-02 22016] S4 adp94xx;adp94xx;C:\Windows\system32\drivers\adp94xx.sys [2006-11-02 420968] S4 adpahci;adpahci;C:\Windows\system32\drivers\adpahci.sys [2006-11-02 297576] S4 arcsas;arcsas;C:\Windows\system32\drivers\arcsas.sys [2006-11-02 67688] S4 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\Windows\system32\drivers\brserid.sys [2006-11-02 71808] S4 BrSerWdm;Brother WDM Serial driver;C:\Windows\system32\drivers\brserwdm.sys [2006-11-02 62336] S4 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\Windows\system32\drivers\brusbmdm.sys [2006-11-02 12160] S4 circlass;Consumer IR Devices;C:\Windows\system32\drivers\circlass.sys [2006-11-02 35328] S4 Crusoe;Transmeta Crusoe Processor Driver;C:\Windows\system32\drivers\crusoe.sys [2006-11-02 38912] S4 elxstor;elxstor;C:\Windows\system32\drivers\elxstor.sys [2006-11-02 316520] S4 HpCISSs;HpCISSs;C:\Windows\system32\drivers\hpcisss.sys [2006-11-02 37480] S4 iaStorV;Intel RAID Controller Vista;C:\Windows\system32\drivers\iastorv.sys [2006-11-02 232040] S4 IPMIDRV;IPMIDRV;C:\Windows\system32\drivers\ipmidrv.sys [2006-11-02 65536] S4 iteraid;ITERAID_Service_Install;C:\Windows\system32\drivers\iteraid.sys [2006-11-02 35944] S4 LSI_FC;LSI_FC;C:\Windows\system32\drivers\lsi_fc.sys [2006-11-02 65640] S4 LSI_SAS;LSI_SAS;C:\Windows\system32\drivers\lsi_sas.sys [2006-11-02 65640] S4 LSI_SCSI;LSI_SCSI;C:\Windows\system32\drivers\lsi_scsi.sys [2006-11-02 65640] S4 megasas;megasas;C:\Windows\system32\drivers\megasas.sys [2006-11-02 28776] S4 mpio;Microsoft Multi-Path Bus Driver;C:\Windows\system32\drivers\mpio.sys [2006-11-02 78952] S4 msahci;msahci;C:\Windows\system32\drivers\msahci.sys [2007-09-07 25784] S4 msdsm;Microsoft Multi-Path Device Specific Module;C:\Windows\system32\drivers\msdsm.sys [2006-11-02 80488] S4 nfrd960;nfrd960;C:\Windows\system32\drivers\nfrd960.sys [2006-11-02 45160] S4 ntrigdigi;N-trig HID Tablet Driver;C:\Windows\system32\drivers\ntrigdigi.sys [2006-11-02 20608] S4 nvstor;nvstor;C:\Windows\system32\drivers\nvstor.sys [2006-11-02 40040] S4 ql2300;QLogic Fibre Channel Miniport Driver;C:\Windows\system32\drivers\ql2300.sys [2006-11-02 900712] S4 ql40xx;QLogic iSCSI Miniport Driver;C:\Windows\system32\drivers\ql40xx.sys [2006-11-02 106088] S4 SiSRaid4;SiSRaid4;C:\Windows\system32\drivers\sisraid4.sys [2006-11-02 71784] S4 uliahci;uliahci;C:\Windows\system32\drivers\uliahci.sys [2006-11-02 235112] S4 ulsata2;ulsata2;C:\Windows\system32\drivers\ulsata2.sys [2006-11-02 115816] S4 usbcir;eHome Infrared Receiver (USBCIR);C:\Windows\system32\drivers\usbcir.sys [2006-11-02 68608] S4 ViaC7;VIA C7 Processor Driver;C:\Windows\system32\drivers\viac7.sys [2006-11-02 39424] S4 vsmraid;vsmraid;C:\Windows\system32\drivers\vsmraid.sys [2006-11-02 112232] S4 WacomPen;Wacom Serial Pen HID Driver;C:\Windows\system32\drivers\wacompen.sys [2006-11-02 20608] S4 Wd;Microsoft Watchdog Timer Driver;C:\Windows\system32\drivers\wd.sys [2006-11-02 19560] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc WerSvcGroup REG_MULTI_SZ wersvc swprv REG_MULTI_SZ swprv regsvc REG_MULTI_SZ RemoteRegistry wcssvc REG_MULTI_SZ WcsPlugInService DcomLaunch REG_MULTI_SZ PlugPlay DcomLaunch wdisvc REG_MULTI_SZ WdiServiceHost sdrsvc REG_MULTI_SZ sdrsvc secsvcs REG_MULTI_SZ WinDefend HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs AeLookupSvc wercplsupport Themes CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT AudioSrv FastUserSwitchingCompatibility Nla NWCWorkstation SRService Wmi WmdmPmSp TermService wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr iphlpsvc seclogon AppInfo msiscsi MMCSS ProfSvc EapHost winmgmt schedule SessionEnv browser hkmsvc *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI . Contents of the 'Scheduled Tasks' folder 2008-10-04 C:\Windows\Tasks\User_Feed_Synchronization-{B6927AE1-C018-4E1F-A5BC-25811EFC97C0}.job - C:\Windows\system32\msfeedssync.exe [2006-11-02 10:45] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\An\AppData\Roaming\Mozilla\Firefox\Profiles\avfvhhru.default\ FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPWORDS.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-04 21:08:27 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\Users\An\AppData\Local\Temp\~DF6D0A.tmp C:\Users\An\AppData\Local\Temp\~DF6D10.tmp C:\Users\An\AppData\Local\Temp\~DF6DF3.tmp C:\Users\An\AppData\Local\Temp\~DF6EC5.tmp C:\Users\An\AppData\Local\Temp\~DF6F03.tmp C:\Users\An\AppData\Local\Temp\~DF710E.tmp C:\Users\An\AppData\Local\Temp\~DF7155.tmp C:\Users\An\AppData\Local\Temp\~DF71BC.tmp scan completed successfully hidden files: 8 ************************************************************************** . Completion time: 2008-10-04 21:10:31 ComboFix-quarantined-files.txt 2008-10-04 20:10:24 Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application. Post-Run: 9,436,524,544 bytes free 350 --- E O F --- 2008-10-03 08:34:38

Nie wiem, czy dobrze załączone...

**Posty:** 7956 · przez **Magik** 05 Paź 2008, 01:36

te wpisy dajesz w Hijacku na fix w trybie awaryjnym

Kod: Zaznacz wszystko: O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe C:\Program Files\SiS VGA Utilities\SiSTray.exe

bo to syfik jest

wklej do notatnika

Kod: Zaznacz wszystko: Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

zapisz jako fix.reg i odpal

**Posty:** 235 · przez an 05 Paź 2008, 12:07

1)Wpis w trybie awaryjnym usunęłam.
2)Zaznaczyłam, wkleiłam do notatnika, zapisałam jako fix.reg, pojawił się jako Fix, odpaliłam i klops - komunikat:
Cannot import.......
This specified file is not a registry script.You can only import binary registry files..

Wszystko chyba zrobiłam jak trzeba, wiec nie wiem, co nie tak...

**Posty:** 7956 · przez **Magik** 05 Paź 2008, 12:53

maly edit, bo robilem to w nocy

Kod: Zaznacz wszystko: Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

zapisz jako fix.reg i odpal

**Posty:** 235 · przez an 05 Paź 2008, 16:44

ok, udało się, chociaż nie mam bladego pojęcia, co zrobiłam..
Nie wiem czemu, nie mogłam przyznać pochwały - wiec dziękuję za pomoc w taki sposób.pozdrawiam.

**Posty:** 7956 · przez **Magik** 05 Paź 2008, 16:50

an napisał(a):ok, udało się, chociaż nie mam bladego pojęcia, co zrobiłam..

spoko...ja po prostu za pierwszym razem pod koniec blednie napisalem 4 wpisy..

Pozdrawiam