Witam

Mam problem. Komputer się samoczynnie restartuje. Drugi objaw to to że nie chce się uruchomić za pierwszym razem (dysk nie pracuje) i dopiero po restarcie albo kilku załapie.

Wstawiam Logi z Hijacka i Combo

Dziękuje i Pozdrawiam

Logfile of HijackThis v1.99.1

Scan saved at 20:31:22, on 2008-03-18

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.20733)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\DOCUME~1\User\USTAWI~1\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\3.bin\A5SRCHAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\3.bin\A5SRCHAS.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM…\Run: [skyTel] SkyTel.EXE

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe”

O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier - Szybkie uruchomienie.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O11 - Options group: [TABS] Tabbed Browsing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O17 - HKLM\System\CCS\Services\Tcpip…{F2FAC589-B7F5-47A9-B8C8-B0E0399638B2}: NameServer = 192.168.6.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE

O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

ComboFix 08-03-17.1 - User 2008-03-18 20:36:31.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1576 [GMT 1:00]

Running from: C:\Documents and Settings\User\Pulpit\ComboFix.exe

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

.

((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))

.

2008-03-17 19:12 . 2008-03-17 19:12

2008-03-09 17:55 . 2008-03-09 18:06

2008-03-09 17:52 . 2008-03-09 18:04

2008-03-09 17:49 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2008-03-09 17:49 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll

2008-03-09 17:49 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll

2008-03-09 17:49 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll

2008-03-09 17:49 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll

2008-03-09 17:49 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll

2008-03-09 17:49 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll

2008-03-09 17:49 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll

2008-03-09 17:49 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll

2008-03-09 17:36 . 2008-03-09 17:42

2008-03-09 17:08 . 2008-03-09 17:08

2008-03-09 17:01 . 2008-03-09 17:01

2008-03-09 17:01 . 2008-03-09 17:01

2008-03-09 17:01 . 2008-03-09 17:01 31 --a------ C:\avalon.ini

2008-03-09 16:55 . 2008-03-09 16:55

2008-03-09 16:51 . 2008-03-09 16:51

2008-03-09 16:47 . 2008-03-09 16:50

2008-03-07 21:46 . 2008-03-07 21:46 9,297 --a------ C:\Program1.RPT

2008-03-05 20:59 . 2008-03-05 20:59

2008-03-02 16:47 . 2008-03-09 16:59

2008-03-02 12:11 . 2008-03-02 12:11

2008-02-29 22:28 . 2008-02-29 22:28

2008-02-28 21:40 . 2008-02-28 21:51

2008-02-28 21:40 . 2008-02-28 21:40

2008-02-28 21:40 . 1998-10-07 13:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe

2008-02-25 21:46 . 2008-02-25 21:46

2008-02-25 19:00 . 2007-10-09 01:01 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-02-25 19:00 . 2007-10-09 01:01 1,036,288 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-02-25 18:56 . 2007-10-25 17:44 8,488,960 --------- C:\WINDOWS\system32\dllcache\shell32.dll

2008-02-25 18:55 . 2007-04-02 07:37 546,304 --------- C:\WINDOWS\system32\dllcache\hhctrl.ocx

2008-02-25 18:52 . 2007-07-09 14:20 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-09 16:45 --------- d-----w C:\Program Files\Empire Interactive

2008-03-09 16:44 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-03-02 11:11 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-02-17 16:24 --------- d-----w C:\Program Files\Alwil Software

2008-02-17 16:05 --------- d-----w C:\Program Files\AskTBar

2008-02-09 10:13 --------- d-----w C:\Program Files\NovaLogic

2008-02-09 10:06 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\InstallShield

2008-02-08 21:37 --------- d-----w C:\Program Files\Eset

2008-02-08 21:11 --------- d-----w C:\Program Files\Project Zoo

2008-02-08 21:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ProjectZoo

2008-02-08 20:54 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Ankh

2008-02-08 20:47 --------- d-----w C:\Program Files\SCi Games

2008-02-07 19:07 --------- d-----w C:\Program Files\Common Files\Adobe

2008-01-24 20:01 --------- d-----w C:\Program Files\VID_0E8FPID_0012

2008-01-24 19:54 --------- d-----w C:\Program Files\HP

2008-01-24 19:54 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\HP

2008-01-24 19:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP

2008-01-24 19:52 --------- d-----w C:\Program Files\Common Files\Sonic Shared

2008-01-24 19:52 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Sonic

2008-01-24 19:51 --------- d-----w C:\Program Files\Common Files\HP

2008-01-24 19:48 --------- d-----w C:\Program Files\Hewlett-Packard

2008-01-24 19:48 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard

2008-01-23 20:21 --------- d-----w C:\Program Files\JoWood

2008-01-23 12:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2008-01-23 12:06 --------- d-----w C:\Program Files\MSBuild

2008-01-23 12:06 --------- d-----w C:\Program Files\Microsoft.NET

2008-01-23 12:06 --------- d-----w C:\Program Files\Microsoft Works

2008-01-23 12:04 --------- d-----w C:\Program Files\Microsoft Visual Studio 8

2008-01-23 11:29 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Activision

2008-01-23 11:21 --------- d-----w C:\Program Files\Activision

2008-01-23 10:43 --------- d-----w C:\Program Files\Futuremark

2008-01-23 10:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink

2008-01-23 10:30 --------- d-----w C:\Program Files\CyberLink

2008-01-23 10:28 --------- d-----w C:\Program Files\MarBit

2008-01-23 10:11 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys

2008-01-23 10:11 298,104 ----a-w C:\WINDOWS\system32\imon.dll

2008-01-23 10:11 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys

2008-01-23 10:11 --------- d-----w C:\Program Files\Codec

2008-01-23 09:58 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-01-23 09:58 --------- d-----w C:\Program Files\Realtek

2008-01-23 09:52 --------- d-----w C:\Program Files\Intel

2008-01-22 10:29 --------- d-----w C:\Program Files\Usługi online

2008-01-22 10:27 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-01-11 05:55 44,544 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll

2007-12-19 22:40 347,136 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll

2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys

2006-02-19 02:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll

.

------- Sigcheck -------

2007-07-10 14:06 642560 ce594e18fe0d0af804f1f3694921ce62 C:\WINDOWS\system32\user32.dll

2007-10-18 23:19 2145280 6c264e21d3bd7082b43fc016d760c1d1 C:\WINDOWS\system32\ntoskrnl.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 03:44 15360]

“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe” [2008-03-17 19:12 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“SkyTel”=“SkyTel.EXE” [2007-08-03 05:22 1826816 C:\WINDOWS\SkyTel.exe]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-12-05 01:41 8523776]

“nwiz”=“nwiz.exe” [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-12-05 01:41 81920]

“RTHDCPL”=“RTHDCPL.EXE” [2007-09-27 06:20 16844800 C:\WINDOWS\RTHDCPL.exe]

“nod32kui”=“C:\Program Files\Eset\nod32kui.exe” [2008-01-23 11:11 949376]

“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2005-12-07 22:57 30208]

“LanguageShortcut”=“C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [2006-04-13 11:09 49152]

“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47 31016]

“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 02:41 49152]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 22:16 39792]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00 79224]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 03:44 15360]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

“nltide_2”=“regsvr32 /s /n /i:U shell32” []

“nltide_3”=“advpack.dll” [2007-12-07 02:58 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\User\Menu Start\Programy\Autostart\

Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

HP Photosmart Premier - Szybkie uruchomienie.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“DisableStatusMessages”= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“NoSMMyPictures”= 1 (0x1)

“NoSMConfigurePrograms”= 1 (0x1)

“NoSMHelp”= 1 (0x1)

[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]

“NoSMMyPictures”= 1 (0x1)

“NoSMConfigurePrograms”= 1 (0x1)

“NoSMHelp”= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusDisableNotify”=dword:00000001

“AntiVirusOverride”=dword:00000001

“FirewallOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE”=

“C:\Program Files\Microsoft Office\Office12\GROOVE.EXE”=

“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

“C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hposid01.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe”=

“C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe”=

“C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe”=

“C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe”=

“C:\Program Files\Mad Tracks\MadTracks.exe”=

“C:\Program Files\Commandos II\comm2.exe”=

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-11-01 08:56]

R3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

R3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{9fca2bc6-c997-11dc-8896-001d603ae810}]

\Shell\AutoRun\command - F:\PortableApps\StartPortableApps.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-18 20:37:46

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]

• C:\Program Files\Eset\pr_imon.dll

.

Completion time: 2008-03-18 20:38:02

.

2008-03-16 15:56:01 — E O F —

Może przyczyną tych restartów nie jest infekcja

Może i nie jest ale nie wiem co może być

wpisy

usuń HijackThisem >> Fix checked

pobierz Combofix http://www.searchengines.pl/index.php?showtopic=86306&st=0&p=395642entry395642 ale nie włączaj

otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix