Wolny start windowsa xp ;/

nurek · 26 Luty 2008 13:31

Mam ,problem odnosnie wolnego uruchamiana sie systemu Windows, ktore konkretniej zatrzymuje sie na powitaniu ,mianowicie chodzi o to “Zapraszamy”…

I zostaje tak przez jakies 5-8 min ,w tym czasie dysk nie pracuje,nic sie nie dzieje,i dopiero po tym czasie nagle dysk zaczyna pracowac i system laduje sie normalnie.Mam tak od niedawna,i naprawde nie mam pojecia co moze byc tego przyczyna;/ Moze dlatego ze probowalem ostanio wylaczac niepotrzebne uslugi w windzie,nie wiem…

voltmen · 26 Luty 2008 13:40

Jakie usługi wyłączałeś ?

nurek · 26 Luty 2008 13:47

Dziennik wydajnosci i alerty

DDE sieci

Bufor wydruku

Routing i dostep zdalny

Telnet

Zasilacz awaryjny

DSDM DDE sieci

i to bedzie wszystko…

voltmen · 26 Luty 2008 13:50

Tego nie należy wyłączać pod żadnym pozorem

nurek · 26 Luty 2008 14:06

Wydaje mi sie ze to ni jak ma sie do mojego problemu…

poczekam co inni powiedza

popula · 26 Luty 2008 14:43

Użyj programu BootVis Tool i wyczyść porządnie kompa np. jv16.

Leon1 · 26 Luty 2008 17:30

Bzdury piszesz

nie masz zasilacza UPS to usługę na stałe wyłączasz

nurek

pobierz HijackThis http://forum.dobreprogramy.pl/viewtopic.php?f=16&t=36654 daj log na forum

nurek · 26 Luty 2008 21:47

Porsze bardzo

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:41:21, on 2008-02-26

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Comodo\Firewall\cmdagent.exe

C:\Program Files\Comodo\common\CAVASpy\cavasm.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\A4Tech\Mouse\Amoumain.exe

D:\programy\copy handler\ch.exe

D:\programy\Comodo\Comodo AntiVirus\CMain.exe

D:\programy\Kalendarz XP\Kalendarz.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Comodo\Firewall\CPF.exe

C:\WINDOWS\system32\ctfmon.exe

D:\programy\Volumouse\volumouse.exe

D:\programy\Comodo\Comodo AntiVirus\Cavaud.exe

C:\Program Files\DNA\btdna.exe

D:\programy\FASTDE~1\FAST2.EXE

C:\Program Files\Ovislink\Common\TurboG-UI.exe

D:\programy\Gadu-Gadu\gg.exe

D:\programy\BitTorrent\bittorrent.exe

D:\programy\aimp\AIMP2.exe

D:\programy\Gadu-Gadu\gg.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: Simple Search Assistant - {0391AAD0-AB5A-4338-B6DC-BB8405EB1C58} - C:\WINDOWS\system32\ssa.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM…\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe

O4 - HKLM…\Run: [Copy Handler] D:\programy\copy handler\ch.exe

O4 - HKLM…\Run: [cnfgCav] “D:\programy\Comodo\Comodo AntiVirus\CMain.exe”

O4 - HKLM…\Run: [Kalendarz XP] “D:\programy\Kalendarz XP\Kalendarz.exe”

O4 - HKLM…\Run: [unlockerAssistant] “C:\Program Files\Unlocker\UnlockerAssistant.exe” -H

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [bootSkin Startup Jobs] “C:\PROGRA~1\BootSkin\BootSkin.exe” /StartupJobs

O4 - HKLM…\Run: [COMODO Firewall Pro] “C:\Program Files\Comodo\Firewall\CPF.exe” /background

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [$Volumouse$] “D:\programy\Volumouse\volumouse.exe” /nodlg

O4 - HKCU…\Run: [bitTorrent] “D:\programy\BitTorrent\bittorrent.exe”

O4 - HKCU…\Run: [bitTorrent DNA] “C:\Program Files\DNA\btdna.exe”

O4 - HKCU…\Run: [RAMSaverPro] C:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe

O4 - HKCU…\Run: [FAST Defrag] D:\programy\FASTDE~1\FAST2.EXE -tray

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-19…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-20…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS\S-1-5-18…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - HKUS.DEFAULT…\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User ‘Default user’)

O4 - Global Startup: AirLive Turbo-G Wireless Utility.lnk = C:\Program Files\Ovislink\Common\TurboG-UI.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O17 - HKLM\System\CCS\Services\Tcpip…{47AF1ABF-705D-4A88-B393-8324D8679E83}: NameServer = 82.160.219.1 213.199.225.14

O20 - AppInit_DLLs:

O20 - Winlogon Notify: cffecfffcfedf - C:\WINDOWS\system32\cffecfffcfedf.dll

O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe

–

End of file - 5978 bytes

Leon1 · 27 Luty 2008 15:52

wpisy

O2 - BHO: Simple Search Assistant - {0391AAD0-AB5A-4338-B6DC-BB8405EB1C58} - C:\WINDOWS\system32\ssa.dll

O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

O20 - AppInit_DLLs:

O20 - Winlogon Notify: cffecfffcfedf - C:\WINDOWS\system32\cffecfffcfedf.dll

usuń HijackThisem >> Fix checked pobierz Combofix http://www.searchengines.pl/index.php?showtopic=86306&st=0&p=395642entry395642 ale nie włączaj otwórz notatnik i wklej

File::

C:\WINDOWS\system32\cffecfffcfedf.dll

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania

nurek · 28 Luty 2008 00:55

ComboFix 08-02-25.3 - User 2008-02-28 1:32:26.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.54 [GMT 1:00]

Running from: C:\Documents and Settings\User\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\User\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::

C:\WINDOWS\system32\cffecfffcfedf.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\History\search

C:\Program Files\Ovislink\AirLive WT-2000PCI_desktop.ini

C:\Program Files\Ovislink\AirLive WT-2000PCI\Installer_desktop.ini

C:\Program Files\Ovislink\AirLive WT-2000PCI\Installer\win2k_desktop.ini

C:\Program Files\Ovislink\AirLive WT-2000PCI\Installer\win9x_desktop.ini

C:\Program Files\Ovislink\AirLive WT-2000PCI\Installer\winme_desktop.ini

C:\Program Files\Ovislink\AirLive WT-2000PCI\Installer\winx64_desktop.ini

C:\Program Files\Ovislink\AirLive WT-2000PCI\Installer\winxp_desktop.ini

C:\WINDOWS\system32\bn.dll

C:\WINDOWS\system32\cffecfffcfedf.dll

C:\WINDOWS\system32\xtbn.dll

.

((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))

.

2008-02-28 01:37 . 2008-02-28 01:37

2008-02-27 14:47 . 2008-02-27 14:47

2008-02-26 22:40 . 2008-02-26 22:40

2008-02-24 16:03 . 2008-02-24 16:03

2008-02-21 18:41 . 2008-02-21 18:41

2008-02-16 16:53 . 2008-02-06 13:04 211 --ahs---- C:\BOOT.BKK

2008-02-16 16:49 . 2008-02-16 16:50 938 --a------ C:\log.udt

2008-02-13 18:59 . 2008-02-13 18:59

2008-02-13 16:40 . 2008-02-13 16:40

2008-02-13 14:29 . 2005-09-08 00:03 1,330,888 --a------ C:\WINDOWS\system32\msxml6.dll

2008-02-13 14:29 . 2005-09-08 00:03 86,728 --a------ C:\WINDOWS\system32\msxml6r.dll

2008-02-13 00:01 . 2008-02-13 00:01

2008-02-12 23:34 . 2008-02-12 23:45

2008-02-12 23:34 . 2008-02-12 23:34

2008-02-12 21:41 . 2008-02-16 18:28 754 --a------ C:\WINDOWS\WORDPAD.INI

2008-02-08 17:09 . 2008-02-08 17:09 352,770 --a------ C:\WINDOWS\system32\prfh0415.dat

2008-02-08 17:09 . 2008-02-08 17:09 47,898 --a------ C:\WINDOWS\system32\prfc0415.dat

2008-02-07 15:25 . 2008-02-17 16:38

2008-02-06 19:45 . 2008-02-26 00:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-02-06 19:45 . 2008-02-06 19:45 1,409 --a------ C:\WINDOWS\QTFont.for

2008-02-05 15:31 . 2008-02-10 19:41 604 --a------ C:\WINDOWS\Sof2.INI

2008-02-04 14:12 . 2008-02-04 14:12 88 --a------ C:\WINDOWS\StyleBuilder.INI

2008-01-29 19:32 . 2008-01-29 19:40

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-28 00:36 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\BitTorrent

2008-02-27 16:50 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\DNA

2008-02-22 23:02 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\XnView

2008-02-17 12:39 --------- d-----w C:\Program Files\Gadu-Gadu

2008-02-12 23:06 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Winamp

2008-02-10 20:47 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys

2008-02-06 12:03 --------- d-----w C:\Program Files\Comodo

2008-02-06 12:01 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Comodo

2008-02-06 12:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Comodo

2008-02-02 15:08 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Auslogics

2008-01-21 10:16 --------- d-----w C:\Program Files\DivX

2008-01-19 13:50 --------- d-----w C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter

2008-01-18 18:20 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-01-18 00:06 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-01-18 00:05 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-01-17 23:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-01-17 00:28 --------- d-----w C:\Program Files\Common Files\Stardock

2008-01-17 00:28 --------- d-----w C:\Program Files\BootSkin

2008-01-13 16:11 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\DAEMON Tools

2008-01-13 16:05 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-01-11 10:41 --------- d-----w C:\Program Files\VirtualDJ

2008-01-11 00:38 --------- d-----w C:\Program Files\Common Files\Adobe

2008-01-11 00:13 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Internet Download Accelerator

2008-01-09 19:56 --------- d-----w C:\Program Files\Valve

2008-01-09 14:18 --------- d-----w C:\Program Files\Unlocker

2008-01-08 13:26 --------- d-----w C:\Program Files\Common Files\Ahead

2008-01-08 12:19 221,184 ----a-w C:\WINDOWS\system32\xtsupermenuhook.dll

2008-01-06 21:51 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-01-06 21:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer

2008-01-03 23:45 --------- d-----w C:\Program Files\Dzielenie i laczenie plikow

2008-01-03 23:34 --------- d-----w C:\Program Files\AusLogics Disk Defrag

2008-01-03 22:59 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\atitray

2007-12-30 22:03 --------- d-----w C:\Program Files\DNA

2007-12-28 19:26 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\NirSoft

2007-12-28 19:26 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\BSplayer Pro

2007-12-28 19:17 --------- d-----w C:\Program Files\Java

2007-12-28 19:03 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Gadu-Gadu

2007-12-28 18:57 --------- d-----w C:\Program Files\Common Files\Java

2007-12-28 18:30 --------- d-----w C:\Documents and Settings\User\Dane aplikacji\Talkback

2007-12-28 18:29 73,728 ----a-w C:\WINDOWS\system32\CavEmLSP.dll

2007-12-28 18:29 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2007-12-28 18:29 434,252 ----a-w C:\WINDOWS\system32\MSVCRTD.DLL

2007-12-28 18:29 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2007-12-28 18:29 216,576 ----a-w C:\WINDOWS\system32\monln.dll

2007-12-28 18:29 102,400 ----a-w C:\WINDOWS\system32\drivers\cavasm.sys

2007-12-28 18:29 1,060,864 ----a-w C:\WINDOWS\system32\MFC71.dll

2007-12-28 18:11 --------- d-----w C:\Program Files\A4Tech

2007-12-28 17:33 21,419 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys

2007-12-28 17:32 --------- d-----w C:\Program Files\Ovislink

2007-12-28 17:32 --------- d-----w C:\Program Files\Common Files\InstallShield

2007-12-28 17:26 --------- d-----w C:\Program Files\MultiRes

2007-12-28 17:25 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v3.8.360 Uninstall.exe

2007-12-28 17:25 --------- d-----w C:\Program Files\Radeon Omega Drivers

2007-12-28 17:16 --------- d-----w C:\Program Files\Windows Media Connect 2

2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

.

------- Sigcheck -------

a87ec7fc3c796046626fee113dfcaad9 C:\WINDOWS\system32\ntkrnlpa.exe

----a-w 2,068,096 2007-05-10 15:11:29 C:\WINDOWS\system32\ntkrnlpa.exe

c4738ec0df9ca4149ef16414dceec942 C:\WINDOWS\system32\ntoskrnl.exe

----a-w 2,191,104 2007-05-10 15:11:43 C:\WINDOWS\system32\ntoskrnl.exe

a50dfe31981a01423d327fdd05bdf452 C:\WINDOWS\explorer.exe

----a-w 1,423,872 2007-05-10 19:55:33 C:\WINDOWS\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44 15360]

“$Volumouse$”=“D:\programy\Volumouse\volumouse.exe” [2006-01-06 18:52 25600]

“BitTorrent”=“D:\programy\BitTorrent\bittorrent.exe” [2008-02-24 15:46 587568]

“RAMSaverPro”=“C:\Program Files\WinTools\RAM Saver Pro\ramsaverpro.exe” []

“MemMonster”=“C:\Program Files\Magellass\MemMonster\memmnstr.exe” [2005-11-15 09:37 415232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Cmaudio”=“cmicnfg.cpl” []

“WheelMouse”=“C:\Program Files\A4Tech\Mouse\Amoumain.exe” [2005-12-14 15:14 176128]

“Copy Handler”=“D:\programy\copy handler\ch.exe” [2005-01-31 10:18 146432]

“cnfgCav”=“D:\programy\Comodo\Comodo AntiVirus\CMain.exe” [2007-12-28 19:29 110592]

“Kalendarz XP”=“D:\programy\Kalendarz XP\Kalendarz.exe” [2007-05-06 17:41 1194496]

“UnlockerAssistant”=“C:\Program Files\Unlocker\UnlockerAssistant.exe” [2006-09-07 18:19 15872]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2006-01-12 16:40 155648]

“BootSkin Startup Jobs”=“C:\PROGRA~1\BootSkin\BootSkin.exe” [2004-04-26 16:21 270336]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44 15360]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

“nltide_3”=“advpack.dll” [2007-05-10 15:39 124928 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“DisableCAD”= 1 (0x1)

“DisableStatusMessages”= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“NoSMHelp”= 1 (0x1)

“NoSMMyPictures”= 1 (0x1)

“NoSMConfigurePrograms”= 1 (0x1)

“NoInstrumentation”= 1 (0x1)

“NoStartMenuMFUprogramsList”= 1 (0x1)

“NoResolveTrack”= 1 (0x1)

“NoResolveSearch”= 1 (0x1)

[HKEY_USERS.default\software\microsoft\windows\currentversion\policies\explorer]

“NoSMHelp”= 1 (0x1)

“NoSMMyPictures”= 1 (0x1)

“NoSMConfigurePrograms”= 1 (0x1)

“NoInstrumentation”= 1 (0x1)

“NoStartMenuMFUprogramsList”= 1 (0x1)

“NoResolveTrack”= 1 (0x1)

“NoResolveSearch”= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]

monln.dll 2007-12-28 19:29 216576 C:\WINDOWS\system32\monln.dll

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\DNA\btdna.exe”=

“D:\programy\BitTorrent\bittorrent.exe”=

“D:\gry\pesik\PES2008.exe”=

R0 HWFProt;Hywave File Protector HWFProt;C:\WINDOWS\system32\Drivers\HWFProt.sys [2003-05-11 15:20]

R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.sys [2007-05-22 11:04]

S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{bde20e8b-d720-11dc-a41e-004f6a024d31}]

\Shell\Auto\command - G:\fun.xls.exe

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-02-28 01:40:19

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Comodo\common\CAVASpy\cavasm.exe

D:\programy\Comodo\Comodo AntiVirus\cavse.exe

C:\WINDOWS\system32\imapi.exe

.

**************************************************************************

.

Completion time: 2008-02-28 1:41:49 - machine was rebooted

ComboFix-quarantined-files.txt 2008-02-28 00:41:41

Leon1 · 28 Luty 2008 19:22

Otwórz notatnik i wklej

zapisz jako plik.reg >> wszystkie pliki >> scal z rejestrem >> restart

powstanie plik o takiej ikonie

w który dwa razy klikniesz potwierdzisz chęć dodania do rejestru potem restart

Zrób optymalizacje autostartu http://cybertrash.netarteria.pl/cyber/index.php/topic,378.0.html