Dziwne problemy need help

wonz · 9 Październik 2007 21:23

witam

od wczoraj zaczely mi sie dziac magiczne rzeczy z kompem … sa to restarty co jakis czas i wylaczanie sie gg gdy pruboje nawiazac jakas rozmowe poznizej daje logi HJ i prosze o pomoc

z gory dzieki

Logfile of HijackThis v1.99.1 Scan saved at 23:23:33, on 2007-10-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Razer\razerhid.exe C:\Program Files\mks_vir_2007\bin\mkstray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\mks_vir_2007\bin\MksFwall.exe C:\Program Files\mks_vir_2007\bin\MksPC.exe C:\Program Files\mks_vir_2007\bin\mksupdate.exe C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\RbtProt\sgsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\Razer\razertra.exe C:\Program Files\Razer\razerofa.exe C:\Program Files\Mozilla Firefox\firefox.exe G:\programy\HijJackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM…\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run O4 - HKLM…\Run: [razer] C:\Program Files\Razer\razerhid.exe O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [PDF Converter Registry Controller] “C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe” O4 - HKLM…\Run: [mkstray] C:\Program Files\mks_vir_2007\bin\mkstray.exe O4 - HKLM…\Run: [smartSync - ScheduleSync] C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE O4 - HKLM…\Run: [Dimondback] C:\Program Files\Razer\Diamondback\razerhid.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” O4 - HKCU…\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe O4 - HKCU…\Run: [Odkurzacz-MCD] C:\DOCUME~1\szymon\USTAWI~1\Temp\Rar$EX00.063\odk_mcd.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\mkslsp.dll O17 - HKLM\System\CCS\Services\Tcpip…{AF7AB969-1F83-4D72-AD36-A18F62FA4A03}: NameServer = 213.199.207.2 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: MksFwall - MKS Sp z o.o. - C:\Program Files\mks_vir_2007\bin\MksFwall.exe O23 - Service: MksPC - Unknown owner - C:\Program Files\mks_vir_2007\bin\MksPC.exe O23 - Service: MksUpdate - MKS Sp. z o. o. - C:\Program Files\mks_vir_2007\bin\mksupdate.exe O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\mks_vir_2007\bin\mks_scan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: SoftGuard Service (SG_Service) - Unknown owner - C:\Program Files\Common Files\RbtProt\sgsrv.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Gutek · 9 Październik 2007 22:24

usuń wpis HJT

Daj log z ComboFix

wonz · 9 Październik 2007 23:06

aha i zanim dalem loga na forum to na wlasna reke usunolem z rejestru wpis z plikami agent.exe i cos w stylu uaservices7.exe

ComboFix 07-10-09.3 - szymon 2007-10-10 1:03:05.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.495 [GMT 2:00] Running from: C:\Documents and Settings\szymon\Pulpit\Firefox dl\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))) . 2007-10-09 23:39 2007-10-04 15:34 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2007-10-04 15:32 2007-10-04 15:32 2007-10-04 15:31 2007-10-04 15:28 2007-10-04 15:28 2007-10-03 22:47 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-10-03 22:47 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-10-03 22:47 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-10-03 22:47 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-10-03 22:47 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-10-03 22:47 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-10-03 22:47 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2007-10-03 22:47 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-10-03 22:47 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-10-01 19:53 2007-10-01 18:34 2007-09-26 17:36 53,248 --a------ C:\WINDOWS\system32\CSVer.dll 2007-09-26 17:17 2007-09-26 17:17 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-09 14:55 --------- d-----w C:\Documents and Settings\szymon\Dane aplikacji\uTorrent 2007-10-08 14:32 --------- d-----w C:\Documents and Settings\szymon\Dane aplikacji\Skype 2007-10-06 00:14 --------- d-----w C:\Program Files\HLSW 2007-10-04 13:21 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-04 13:16 --------- d-----w C:\Program Files\vso 2007-10-04 13:16 --------- d-----w C:\Program Files\Canon 2007-09-26 15:17 --------- d-----w C:\Program Files\InterActual 2007-08-21 22:03 --------- d-----w C:\Program Files\TimeOff 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2006-05-15 18:45 1 ----a-w C:\Documents and Settings\szymon\SI.bin 2005-08-04 10:53 36 ----a-w C:\Documents and Settings\szymon\klextlock.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTStartup”=“C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe” [2001-12-20 02:00] “razer”=“C:\Program Files\Razer\razerhid.exe” [2005-05-17 19:21] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2005-11-23 00:44] “Resume copy”=“copyfstq.exe” [2006-01-23 01:50 C:\WINDOWS\copyfstq.exe] “nwiz”=“nwiz.exe” [2007-04-19 13:26 C:\WINDOWS\system32\nwiz.exe] “PDF Converter Registry Controller”=“C:\Program Files\ScanSoft\PDF Converter\RegistryController.exe” [2003-09-09 13:25] “mkstray”=“C:\Program Files\mks_vir_2007\bin\mkstray.exe” [2007-07-04 19:04] “SmartSync - ScheduleSync”=“C:\PROGRA~1\MOBILE~1\SMARTS~1\SCHEDU~1.EXE” [2006-02-02 16:50] “Dimondback”=“C:\Program Files\Razer\Diamondback\razerhid.exe” [2007-01-18 09:48] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-04-19 13:26] “NvMediaCenter”=“NvMCTray.dll” [2007-04-19 13:26 C:\WINDOWS\system32\nvmctray.dll] “GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “NBJ”=“C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” [2004-09-07 12:55] “Steam”="" [] “AQQ”=“C:\PROGRA~1\WapSter\AQQ\AQQ.exe” [] [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” /background [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan] @=“service” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Acrobat Assistant.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Acrobat Assistant.lnk backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^MagicTune3.5.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\MagicTune3.5.lnk backup=C:\WINDOWS\pss\MagicTune3.5.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^RtlWake.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\RtlWake.lnk backup=C:\WINDOWS\pss\RtlWake.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SteelSecurity] “C:\Program Files\BullGuard Ltd.\SteelSecurity\SteelSecurity.exe” R0 mksidsa;mksidsa;C:\WINDOWS\system32\mksidsa.sys R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS\system32\drivers\sfsync03.sys R1 mksfwallf;mksfwallf;??\C:\WINDOWS\system32\mksfwallf.sys R1 mksfwallt;mksfwallt;??\C:\WINDOWS\system32\mksfwallt.sys R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys R2 Kmm4xNT;Kmm4xNT;C:\WINDOWS\system32\drivers\Kmm4xNT.sys R2 MksFwall;MksFwall;“C:\Program Files\mks_vir_2007\bin\MksFwall.exe” R2 MksPC;MksPC;“C:\Program Files\mks_vir_2007\bin\MksPC.exe” R2 MksUpdate;MksUpdate;“C:\Program Files\mks_vir_2007\bin\mksupdate.exe” R2 SG_Service;SoftGuard Service;C:\Program Files\Common Files\RbtProt\sgsrv.exe R3 actser;actser;C:\WINDOWS\system32\drivers\actser.sys R3 mksidsf;mksidsf;??\C:\WINDOWS\system32\mksidsf.sys R3 MksMonFd;MksMonFd;??\C:\Program Files\mks_vir_2007\bin\MksMonFd.sys R3 Razerlow;Razerlow USB Filter Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys R3 vsbus;Virtual Serial Bus Enumerator;C:\WINDOWS\system32\DRIVERS\vsb.sys S3 efipsk;efipsk;??\C:\DOCUME~1\szymon\USTAWI~1\Temp\efipsk.sys S3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys S3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys S3 LUsbKbd;LUsbKbd;C:\WINDOWS\system32\Drivers\LUsbKbd.Sys S3 MksMonEn;MksMonEn;??\C:\Program Files\mks_vir_2007\bin\MksMonEn.sys S3 MksMonEv;MksMonEv;??\C:\Program Files\mks_vir_2007\bin\MksMonEv.sys S3 rtl8180;rtl8180;C:\WINDOWS\system32\DRIVERS\Bel6001.sys S3 SjyPkt;SjyPkt;??\C:\WINDOWS\System32\Drivers\SjyPkt.sys S3 sony_ssm.sys;sony_ssm.sys;??\C:\DOCUME~1\szymon\USTAWI~1\Temp\sony_ssm.sys S3 susbser;BenQ Siemens USB Device for Legacy Serial Communication;C:\WINDOWS\system32\DRIVERS\susbser.sys S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 vserial;ELTIMA Virtual Serial Ports Driver;C:\WINDOWS\system32\DRIVERS\vserial.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {02ec7d40-af9b-11db-b3ab-00111e110317}] Auto\command - D:\activexdebugger32.exe f AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f explore\Command - D:\activexdebugger32.exe f open\Command - D:\activexdebugger32.exe f play\command - “G:\programy\Win DVD\WinDVD.exe” %1 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {6cc9fb46-076b-11dc-9202-00111e110317}] AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {8087c600-1ab1-11dc-923b-00111e110317}] AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {a6f80103-9f51-11db-b37c-00111e110317}] AutoRun\command - D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {a6f80104-9f51-11db-b37c-00111e110317}] Auto\command - H:\activexdebugger32.exe f AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe f explore\Command - H:\activexdebugger32.exe f open\Command - H:\activexdebugger32.exe f [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {b796e8cb-18bb-11dc-9236-00111e110317}] AutoRun\command - D:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ {cc22ce12-6f20-11db-b2e9-00111e110317}] AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-10 01:04:32 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???h???s???w? ? w???w???w4???.??w4???4???TA?s4???&7???6~??6~???U? 6~??6~???X?_???C@???s???s???&7?A??s?&7??C@?x???`|?w???@ scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-10 1:05:05 . — E O F —

Monczkin · 10 Październik 2007 07:12

Przeczytaj punkt 2.6 i 2.14 regulaminu i popraw temat i posta.

Gutek · 10 Październik 2007 22:10

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG >>> kliknij dwa razy na utworzony plik FIX.REG i potwierdź dodanie do rejestru >>> restart.

Zobacz jeszcze w ten dziennik zdarzeń:

Start>>>Uruchom>>>eventvwr i jakie są błędy

wonz · 11 Październik 2007 13:02

nie moge dodac tego wpisu do rejestru bo wyskakuje komunikat "okreslony plik nie jest skryptem rejestru. Mozna importowac tylko binarne pliki rejestru z wewnatrz edytora rejestru.

co do tych bledow to jest ich tam kilkanascie stron i nie wiem czego tam szukac