Problem z BOOT.INI i svrhost.exe

MasterCharyy · 5 Grudzień 2007 12:47

niedwano zaistalowalem system mechanic 7 cos tam porobil ze teraz normalnie nie wlacza sie windows . w msconfig caly czas jest uruchamianie selektywne a nie uruchamianie normalne gdy chce przelaczyc wyskakuje blad msconfig.exe

Chcialem dac naprawe widowsa przez chdsk /r zarzadalo hasla nacisnelem enter i okazalo sie ze blede haslo ale ja nigdy takiego nie ustawialem w trybie awaryjnym mam do wyboru administrator ( na haslo) i moj profil tutaj sa logi:

przy czym zaznaczam ze :

O23 - Service: Windows WorkGroup (svrhost) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\svrhost.exe- gdy wchodze w konkretny plik nie ma tam svrhost.exe i nie mam co usunac w trybie awaryjnym . zkorzystalem z pomocy FIX zeby wchodzic na dyski podwojnym kliknieciem juz dziala ale caly czas jest problem z BOOT.INI

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:41:10, on 2007-12-05 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\System32\Ati2evxx.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\windows\system32\Ati2evxx.exe C:\windows\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\windows\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\ATKKBService.exe C:\PROGRAMY DO DYSKU\Dklite\DKService.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\System32\PnkBstrA.exe C:\windows\System32\svchost.exe C:\Winamp\winampa.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM…\Run: [WinampAgent] C:\Winamp\winampa.exe O4 - HKLM…\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU…\Run: [NBJ] “C:\Program Files\Ahead\Nero BackItUp\NBJ.exe” O4 - HKCU…\Run: [Gadu-Gadu] “C:\GG\Gadu-Gadu\gg.exe” /tray O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar … vSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar … /cabsa.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Unknown owner - C:\antywiry\a-squared Free\a2service.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AVG Anti-Spyware Guard - Unknown owner - C:\antywiry\AVG Anti-Spyware 7.5\guard.exe (file missing) O23 - Service: Diskeeper - Executive Software International, Inc. - C:\PROGRAMY DO DYSKU\Dklite\DKService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\antywiry\Spyware Doctor\svcntaux.exe (file missing) O23 - Service: Spyware Doctor Service (sdCoreService) - Unknown owner - C:\antywiry\Spyware Doctor\swdsvc.exe (file missing) O23 - Service: Windows WorkGroup (svrhost) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\svrhost.exe – End of file - 5299 bytes

Gutek · 5 Grudzień 2007 14:03

Pobierz program SDFix

MasterCharyy · 5 Grudzień 2007 22:02

SDFix: Version 1.117 Run by Chary on 2007-12-05 at 22:55 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting… Service xpdx - Deleted after Reboot Normal Mode: Checking Files: Trojan Files Found: C:\windows\wr.txt - Deleted C:\windows\system32\xpdx.sys - Deleted Removing Temp Files… ADS Check: C:\windows No streams found. C:\windows\system32 No streams found. C:\windows\system32\svchost.exe No streams found. C:\windows\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-05 22:57:49 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden services & system hive … [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000000 “khjeh”=hex:d1,0a,f3,13,14,ce,aa,ce,1f,2c,79,28,a5,88,7a,13,eb,6c,ad,9a,12,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000000 “khjeh”=hex:d1,0a,f3,13,14,ce,aa,ce,1f,2c,79,28,a5,88,7a,13,eb,6c,ad,9a,12,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000000 “khjeh”=hex:d1,0a,f3,13,14,ce,aa,ce,1f,2c,79,28,a5,88,7a,13,eb,6c,ad,9a,12,… [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] “s1”=dword:2df9c43f “s2”=dword:110480d0 “h0”=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000000 “khjeh”=hex:d1,0a,f3,13,14,ce,aa,ce,1f,2c,79,28,a5,88,7a,13,eb,6c,ad,9a,12,… [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] “h0”=dword:00000000 “khjeh”=hex:d1,0a,f3,13,14,ce,aa,ce,1f,2c,79,28,a5,88,7a,13,eb,6c,ad,9a,12,… scanning hidden registry entries … [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c] “Order”=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,… scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" “C:\DOCUME~1\Chary\USTAWI~1\Temp\win74E.tmp.exe”=“C:\DOCUME~1\Chary\USTAWI~1\Temp\win74E.tmp.exe:*:Enabled:win74E.tmp” “C:\WINDOWS\TEMP\win28.tmp.exe”=“C:\WINDOWS\TEMP\win28.tmp.exe:*:Enabled:win28.tmp” “C:\WINDOWS\TEMP\win47.tmp.exe”=“C:\WINDOWS\TEMP\win47.tmp.exe:*:Enabled:win47.tmp” “C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe”=“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger” [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] “%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" “C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe”=“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger” Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Mon 24 Sep 2007 657,408 A.SH. — “C:!KillBox\svrhost.exe” Tue 20 Aug 2002 1,511,453 …H. — “C:\Program Files\Messenger\msmsgs.exe” Mon 27 Feb 2006 57,344 A.SH. — “C:\Program Files\Outlook Express\MSIMN.EXE” Wed 25 Apr 2007 5,371,704 A…H. — “C:\Program Files\Picasa2\setup.exe” Sat 28 Sep 2002 4,639 A.SH. — “C:\Program Files\Windows Media Player\mplayer2.exe” Sat 1 Feb 2003 73,728 A.SH. — “C:\Program Files\Windows Media Player\wmplayer.exe” Mon 1 Oct 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\02ec37ec946ef377971d8300cdcd818f\BIT24.tmp” Tue 25 Sep 2007 0 A…H. — “C:\WINDOWS\SoftwareDistribution\Download\2120c9238873cb198fa7cec9b000fc7c\BIT2.tmp” Finished!

Ta czynnosc wykonalem juz wczesniej i teraz wszystko chodzi dobrze

P.S. dalej problem z boot.ini

Gutek · 6 Grudzień 2007 15:48

Usuń folder C:!KillBox\svrhost.exe

Daj nowy log z Combo

MasterCharyy · 6 Grudzień 2007 17:15

“Chary” - 2007-12-06 18:14:03 Dodatek Service Pack. 1 ComboFix 07-05.09.V - Running from: “C:\Documents and Settings\Chary\Pulpit” (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\qoobox\purity\C\WINDOWS\STEM~1 C:\qoobox\purity\C\WINDOWS\STEM~1??stem ((((((((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))))) 2007-12-05 22:55 2007-12-05 14:42 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-12-05 14:42 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-12-05 14:42 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-12-05 14:42 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-12-05 14:42 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-12-05 14:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-12-05 14:42 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-12-05 14:42 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2007-12-05 14:42 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-12-05 14:42 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-12-05 14:42 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-12-05 14:42 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-12-05 14:42 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-12-05 14:42 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-12-05 14:42 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-12-05 14:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-12-05 14:42 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-12-05 14:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-12-05 14:41 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll 2007-12-05 14:41 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe 2007-12-05 14:41 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe 2007-12-05 14:41 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll 2007-12-05 14:41 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll 2007-12-05 14:41 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll 2007-12-05 14:41 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll 2007-12-05 14:41 76,800 --a------ C:\WINDOWS\system32\dmscript.dll 2007-12-05 14:41 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll 2007-12-05 14:41 723,968 --a------ C:\WINDOWS\system32\dpnet.dll 2007-12-05 14:41 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll 2007-12-05 14:41 64,512 --a------ C:\WINDOWS\system32\amstream.dll 2007-12-05 14:41 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll 2007-12-05 14:41 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll 2007-12-05 14:41 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll 2007-12-05 14:41 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-12-05 14:41 470,528 --a------ C:\WINDOWS\system32\qdvd.dll 2007-12-05 14:41 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll 2007-12-05 14:41 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-12-05 14:41 381,952 --a------ C:\WINDOWS\system32\dsound.dll 2007-12-05 14:41 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll 2007-12-05 14:41 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll 2007-12-05 14:41 33,280 --a------ C:\WINDOWS\system32\dmloader.dll 2007-12-05 14:41 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll 2007-12-05 14:41 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll 2007-12-05 14:41 316,928 --a------ C:\WINDOWS\system32\qdv.dll 2007-12-05 14:41 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll 2007-12-05 14:41 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll 2007-12-05 14:41 292,864 --a------ C:\WINDOWS\system32\ddraw.dll 2007-12-05 14:41 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe 2007-12-05 14:41 27,136 --a------ C:\WINDOWS\system32\dmband.dll 2007-12-05 14:41 257,024 --a------ C:\WINDOWS\system32\qcap.dll 2007-12-05 14:41 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll 2007-12-05 14:41 230,400 --a------ C:\WINDOWS\system32\dplayx.dll 2007-12-05 14:41 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll 2007-12-05 14:41 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll 2007-12-05 14:41 181,248 --a------ C:\WINDOWS\system32\dmime.dll 2007-12-05 14:41 18,944 --a------ C:\WINDOWS\system32\encapi.dll 2007-12-05 14:41 18,432 --a------ C:\WINDOWS\system32\dswave.dll 2007-12-05 14:41 173,056 --a------ C:\WINDOWS\system32\qasf.dll 2007-12-05 14:41 16,896 --a------ C:\WINDOWS\system32\msyuv.dll 2007-12-05 14:41 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe 2007-12-05 14:41 132,608 --a------ C:\WINDOWS\system32\devenum.dll 2007-12-05 14:41 13,312 --a------ C:\WINDOWS\system32\msdmo.dll 2007-12-05 14:41 122,880 --a------ C:\WINDOWS\system32\dmusic.dll 2007-12-05 14:41 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll 2007-12-05 14:41 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll 2007-12-05 14:41 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll 2007-12-05 14:41 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll 2007-12-05 14:41 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll 2007-12-05 14:41 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll 2007-12-05 14:41 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll 2007-12-05 14:41 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll 2007-12-05 13:29 657,408 --------- C:\WINDOWS\system32_svrhost.exe 2007-12-05 00:04 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-12-05 00:04 2007-12-05 00:03 2007-12-05 00:03 2007-12-04 19:14 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-12-04 19:14 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-12-04 19:14 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-12-04 17:56 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-12-04 17:34 2007-12-03 19:06 87,040 --a------ C:\WINDOWS\system32\srvsvc.dll 2007-12-03 18:56 696,320 --a------ C:\WINDOWS\system32\libeay32.dll 2007-12-03 18:56 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll 2007-12-03 18:54 2007-12-03 18:54 2007-12-02 22:51 2007-12-02 22:42 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-21 17:48 2007-11-21 15:24 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-12-05 12:24:20 -------- d-----w C:\Program Files\Spyware Terminator 2007-12-05 11:04:39 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-12-04 23:03:46 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-04 16:29:31 -------- d-----w C:\DOCUME~1\Chary\DANEAP~1\Skype 2007-12-03 13:33:56 22,328 ----a-w C:\windows\system32\drivers\PnkBstrK.sys 2007-12-03 13:32:45 107,832 ----a-w C:\windows\system32\PnkBstrB.exe 2007-11-14 18:12:55 -------- d-----w C:\Program Files\SubEdit-Player 2007-10-30 13:14:36 127,034 ------r C:\windows\bwUnin-8.1.1.50-8876480SL.exe 2007-10-28 23:55:33 49,492 ----a-w C:\windows\system32\perfc015.dat 2007-10-28 23:55:33 355,486 ----a-w C:\windows\system32\perfh015.dat 2007-10-26 14:37:10 -------- d-----w C:\Program Files\Odkurzacz 2007-10-14 18:34:47 -------- d-----w C:\Program Files\Lavalys 2007-10-14 18:11:53 -------- d-----w C:\Program Files\ATITool 2007-10-01 20:29:26 66,872 ----a-w C:\windows\system32\PnkBstrA.exe 2007-09-24 20:39:06 657,408 ------w C:\windows\system32_svrhost.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] “{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}”=“C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll” “{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}”=“C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “WinampAgent”=“C:\Winamp\winampa.exe” “nod32kui”="“C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “LDM”=“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe” “NBJ”="“C:\Program Files\Ahead\Nero BackItUp\NBJ.exe”" “Gadu-Gadu”="“C:\GG\Gadu-Gadu\gg.exe” /tray" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoCDBurning”=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\antywiry\AVG Anti-Spyware 7.5\shellexecutehook.dll” [x] HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!avg anti-spyware “C:\antywiry\AVG Anti-Spyware 7.5\avgas.exe” /minimized HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atipta C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast! HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bearshare “C:\Program Files\BearShare\BearShare.exe” /pause HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe C:\windows\System32\ctfmon.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\incd C:\Program Files\Ahead\InCD\InCD.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernelfaultcheck %systemroot%\system32\dumprep 0 -k HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitech hardware abstraction layer KHALMNPR.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask “C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe” HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtray C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck C:\WINDOWS\system32\NeroCheck.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pwrisovm.exe C:\Program Files\PowerISO\PWRISOVM.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\remotecontrol “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\skype “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smsystemanalyzer “C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe” HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soundman SOUNDMAN.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\thguard “C:\Program Files\TrojanHunter 4.6\THGuard.exe” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost Contents of the ‘Scheduled Tasks’ folder C:\windows\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-06 18:14:47 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-12-06 18:14:50 C:\ComboFix-quarantined-files.txt … 2007-12-06 18:14 C:\ComboFix2.txt … 2007-12-04 17:56 C:\ComboFix3.txt … 2007-05-11 09:06

Gutek · 6 Grudzień 2007 19:09

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

MasterCharyy · 6 Grudzień 2007 19:27

Czynnosci wykonane a oto raport z combo:

“Chary” - 2007-12-06 20:26:16 Dodatek Service Pack. 1 ComboFix 07-05.09.V - Running from: “C:\Documents and Settings\Chary\Pulpit” ((((((((((((((((((((((((((((((( Files Created from 2007-11-06 to 2007-12-06 )))))))))))))))))))))))))))))))))) 2007-12-05 22:55 2007-12-05 14:42 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-12-05 14:42 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2007-12-05 14:42 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-12-05 14:42 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-12-05 14:42 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-12-05 14:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-12-05 14:42 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll 2007-12-05 14:42 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2007-12-05 14:42 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-12-05 14:42 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-12-05 14:42 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2007-12-05 14:42 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll 2007-12-05 14:42 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2007-12-05 14:42 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2007-12-05 14:42 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-12-05 14:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-12-05 14:42 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-12-05 14:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-12-05 14:41 98,816 --a------ C:\WINDOWS\system32\dmstyle.dll 2007-12-05 14:41 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe 2007-12-05 14:41 80,896 --a------ C:\WINDOWS\system32\dpvsetup.exe 2007-12-05 14:41 8,192 --a------ C:\WINDOWS\system32\d3d8thk.dll 2007-12-05 14:41 797,184 --a------ C:\WINDOWS\system32\d3dim700.dll 2007-12-05 14:41 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll 2007-12-05 14:41 77,824 --a------ C:\WINDOWS\system32\dpmodemx.dll 2007-12-05 14:41 76,800 --a------ C:\WINDOWS\system32\dmscript.dll 2007-12-05 14:41 733,184 --a------ C:\WINDOWS\system32\qedwipes.dll 2007-12-05 14:41 723,968 --a------ C:\WINDOWS\system32\dpnet.dll 2007-12-05 14:41 68,096 --a------ C:\WINDOWS\system32\dpnhupnp.dll 2007-12-05 14:41 64,512 --a------ C:\WINDOWS\system32\amstream.dll 2007-12-05 14:41 602,624 --a------ C:\WINDOWS\system32\dx7vb.dll 2007-12-05 14:41 58,368 --a------ C:\WINDOWS\system32\dmcompos.dll 2007-12-05 14:41 491,520 --a------ C:\WINDOWS\system32\dsdmoprp.dll 2007-12-05 14:41 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys 2007-12-05 14:41 470,528 --a------ C:\WINDOWS\system32\qdvd.dll 2007-12-05 14:41 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll 2007-12-05 14:41 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-12-05 14:41 381,952 --a------ C:\WINDOWS\system32\dsound.dll 2007-12-05 14:41 381,952 --a------ C:\WINDOWS\system32\dpvoice.dll 2007-12-05 14:41 34,304 --a------ C:\WINDOWS\system32\mciqtz32.dll 2007-12-05 14:41 33,280 --a------ C:\WINDOWS\system32\dmloader.dll 2007-12-05 14:41 324,096 --a------ C:\WINDOWS\system32\mswebdvd.dll 2007-12-05 14:41 32,768 --a------ C:\WINDOWS\system32\dpnhpast.dll 2007-12-05 14:41 316,928 --a------ C:\WINDOWS\system32\qdv.dll 2007-12-05 14:41 3,072 --a------ C:\WINDOWS\system32\dpnlobby.dll 2007-12-05 14:41 3,072 --a------ C:\WINDOWS\system32\dpnaddr.dll 2007-12-05 14:41 292,864 --a------ C:\WINDOWS\system32\ddraw.dll 2007-12-05 14:41 28,160 --a------ C:\WINDOWS\system32\dplaysvr.exe 2007-12-05 14:41 27,136 --a------ C:\WINDOWS\system32\dmband.dll 2007-12-05 14:41 257,024 --a------ C:\WINDOWS\system32\qcap.dll 2007-12-05 14:41 24,064 --a------ C:\WINDOWS\system32\ddrawex.dll 2007-12-05 14:41 230,400 --a------ C:\WINDOWS\system32\dplayx.dll 2007-12-05 14:41 19,968 --a------ C:\WINDOWS\system32\dpvacm.dll 2007-12-05 14:41 186,880 --a------ C:\WINDOWS\system32\dsdmo.dll 2007-12-05 14:41 181,248 --a------ C:\WINDOWS\system32\dmime.dll 2007-12-05 14:41 18,944 --a------ C:\WINDOWS\system32\encapi.dll 2007-12-05 14:41 18,432 --a------ C:\WINDOWS\system32\dswave.dll 2007-12-05 14:41 173,056 --a------ C:\WINDOWS\system32\qasf.dll 2007-12-05 14:41 16,896 --a------ C:\WINDOWS\system32\msyuv.dll 2007-12-05 14:41 16,896 --a------ C:\WINDOWS\system32\dpnsvr.exe 2007-12-05 14:41 132,608 --a------ C:\WINDOWS\system32\devenum.dll 2007-12-05 14:41 13,312 --a------ C:\WINDOWS\system32\msdmo.dll 2007-12-05 14:41 122,880 --a------ C:\WINDOWS\system32\dmusic.dll 2007-12-05 14:41 112,128 --a------ C:\WINDOWS\system32\dpvvox.dll 2007-12-05 14:41 100,864 --a------ C:\WINDOWS\system32\dmsynth.dll 2007-12-05 14:41 1,962,496 --a------ C:\WINDOWS\system32\quartz.dll 2007-12-05 14:41 1,798,144 --a------ C:\WINDOWS\system32\qedit.dll 2007-12-05 14:41 1,294,336 --a------ C:\WINDOWS\system32\dsound3d.dll 2007-12-05 14:41 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll 2007-12-05 14:41 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll 2007-12-05 14:41 1,189,888 --a------ C:\WINDOWS\system32\dx8vb.dll 2007-12-05 13:29 657,408 --------- C:\WINDOWS\system32_svrhost.exe 2007-12-05 00:04 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll 2007-12-05 00:04 2007-12-05 00:03 2007-12-05 00:03 2007-12-04 19:14 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys 2007-12-04 19:14 298,104 --a------ C:\WINDOWS\system32\imon.dll 2007-12-04 19:14 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys 2007-12-04 17:56 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-12-04 17:34 2007-12-03 19:06 87,040 --a------ C:\WINDOWS\system32\srvsvc.dll 2007-12-03 18:56 696,320 --a------ C:\WINDOWS\system32\libeay32.dll 2007-12-03 18:56 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll 2007-12-03 18:54 2007-12-03 18:54 2007-12-02 22:51 2007-12-02 22:42 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-21 17:48 2007-11-21 15:24 (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-12-05 12:24:20 -------- d-----w C:\Program Files\Spyware Terminator 2007-12-05 11:04:39 -------- d–h--w C:\Program Files\InstallShield Installation Information 2007-12-04 23:03:46 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-04 16:29:31 -------- d-----w C:\DOCUME~1\Chary\DANEAP~1\Skype 2007-12-03 13:33:56 22,328 ----a-w C:\windows\system32\drivers\PnkBstrK.sys 2007-12-03 13:32:45 107,832 ----a-w C:\windows\system32\PnkBstrB.exe 2007-11-14 18:12:55 -------- d-----w C:\Program Files\SubEdit-Player 2007-10-30 13:14:36 127,034 ------r C:\windows\bwUnin-8.1.1.50-8876480SL.exe 2007-10-28 23:55:33 49,492 ----a-w C:\windows\system32\perfc015.dat 2007-10-28 23:55:33 355,486 ----a-w C:\windows\system32\perfh015.dat 2007-10-26 14:37:10 -------- d-----w C:\Program Files\Odkurzacz 2007-10-14 18:34:47 -------- d-----w C:\Program Files\Lavalys 2007-10-14 18:11:53 -------- d-----w C:\Program Files\ATITool 2007-10-01 20:29:26 66,872 ----a-w C:\windows\system32\PnkBstrA.exe 2007-09-24 20:39:06 657,408 ------w C:\windows\system32_svrhost.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] “{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}”=“C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll” “{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}”=“C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “WinampAgent”=“C:\Winamp\winampa.exe” “nod32kui”="“C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “LDM”=“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe” “NBJ”="“C:\Program Files\Ahead\Nero BackItUp\NBJ.exe”" “Gadu-Gadu”="“C:\GG\Gadu-Gadu\gg.exe” /tray" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoCDBurning”=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\antywiry\AVG Anti-Spyware 7.5\shellexecutehook.dll” [x] HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg!avg anti-spyware “C:\antywiry\AVG Anti-Spyware 7.5\avgas.exe” /minimized HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atipta C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast! HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bearshare “C:\Program Files\BearShare\BearShare.exe” /pause HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe C:\windows\System32\ctfmon.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\incd C:\Program Files\Ahead\InCD\InCD.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kernelfaultcheck %systemroot%\system32\dumprep 0 -k HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitech hardware abstraction layer KHALMNPR.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask “C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe” HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtray C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck C:\WINDOWS\system32\NeroCheck.exe HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pwrisovm.exe C:\Program Files\PowerISO\PWRISOVM.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\remotecontrol “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\skype “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smsystemanalyzer “C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe” HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soundman SOUNDMAN.EXE HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\thguard “C:\Program Files\TrojanHunter 4.6\THGuard.exe” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost Contents of the ‘Scheduled Tasks’ folder C:\windows\tasks\AppleSoftwareUpdate.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-06 20:27:06 Windows 5.1.2600 Dodatek Service Pack. 1 NTFS scanning hidden processes … scanning hidden services … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 2007-12-06 20:27:09 C:\ComboFix-quarantined-files.txt … 2007-12-06 20:27 C:\ComboFix2.txt … 2007-12-06 20:22 C:\ComboFix3.txt … 2007-12-06 18:14

msconfig dalej na uruchamianiu selektywnym jest

Gutek · 6 Grudzień 2007 19:40

Pobierz The Avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w taką lupkę => w okienku, które się otworzy wklej:

kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

MasterCharyy · 6 Grudzień 2007 19:48

Nadal nieprawidlowy plik BOOT.INI i msconfig na uruchamianiu selektywnym

Gutek · 6 Grudzień 2007 19:51

Zobacz - http://support.microsoft.com/kb/330184/pl

MasterCharyy · 6 Grudzień 2007 20:16

heh moze bym to zrobil juz nie raz wchodzilem w naprawe dysku ale… nie wiadomo dlaczego powstalo jakies haslo adminsistratora wczesniej nie bylo i napewno ja takiego nie ustawialem wiec jestem zamrozony czy mozna uzyc tych komend bootcfg bez wlaczania naprawy widowsa?? albo jakis sposob na usuniecie tego hasla ziwazne pewnie to bylo ztym wirem

Gutek · 6 Grudzień 2007 20:45

Wklej do Notatnika:

Windows Registry Editor Version 5.00


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"Authentication Packages"=-

"Authentication Packages"=hex(7):6d,00,73,00,76,00,31,00,5f,00,30,00,00,00,00,\

  00

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na “Wszystkie pliki” >>> Zapisz jako FIX.REG >>> uruchom ten plik (dwuklik).

MasterCharyy · 6 Grudzień 2007 20:53

do czego to sluzy teraz moge juz wejsc w naprawe windowsa bez hasla adminstratora tak???

Gutek · 6 Grudzień 2007 21:12

możesz pisać czytelniej i jaśniej miałem ciężki dzień

MasterCharyy · 6 Grudzień 2007 21:25

wiec zrobilem co kazales co dalej nadal jest haslo administratora i nadal nie dziala msconfig.exe

Gutek · 6 Grudzień 2007 21:29

Możesz wejść normalnie do systemu?

Zobacz Active@ Boot Disk (DOS Edition) http://www.ntfs.com/boot-disk.htm można wywalić hasło

Reinstalacja XP bez utraty danych:

http://www.searchengines.pl/phpbb203/in … ntry109540