Problem z włączeniem sie Windowsa

subru555 · 16 Lipiec 2007 07:16

HEy!! Mam problem z wlaczaniem sie Windowsa. Sprawa wyglada nastepujaco: wlaczam komputer, laduje sie windows. Gdy pokaze sie pulpit i zaczynaja sie ladowac rozne programy na strarcie (GG, Skype itp itd), W tym momencie komputer strasznie muli. programy dopalaja sie po 15min albo w ogole. Nie uruchamia sie menager zadan widows ani IE. Natomiast na trybie awaryjnym wszystko jest w porzadku. Znalazlem kilka wirusow na awaryjnym i je usunalem ale sprawa wyglada tak samo. Prosze o pomoc

to moj rejestr:

Logfile of HijackThis v1.99.1 Scan saved at 08:27:27, on 2007-07-16 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\Szymo\USTAWI~1\Temp\Katalog tymczasowy 1 dla hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O1 - Hosts: AmsServer O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe” O4 - HKLM…\Run: [CTHelper] CTHELPER.EXE O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM…\Run: [Jet Detection] “C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU…\Run: [Firewall auto setup] C:\DOCUME~1\Szymo\USTAWI~1\Temp\winlogon.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: BlueSoleil.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_46.cab O17 - HKLM\System\CCS\Services\Tcpip…{A74F9CFE-ED08-4E93-8089-5FF014DB9E58}: NameServer = 192.168.111.1,195.136.200.0 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

LostWorld · 16 Lipiec 2007 11:00

Usuń: (wszystko oczywiście robisz w trybie awaryjnym z wyłączonym przywracaniem systemu)

Start>>>uruchom>>>cmd i wpisz:

SC STOP FCI

SC DELETE FCI

DEL C:\WINDOWS\System32\svchost.exe

Kosmetyka

Zbędniki w Autostracie

Do tego

Optymalizacja XP: http://forum.dobreprogramy.pl/viewtopic.php?t=76580

Jeśli nie używasz Messenger’a to go usuń: start => uruchom => wpisz polecenie:

RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove

Nowe Logi z HJ + ComboFix i Silent

@edit

Zainstaluj jakiś soft zabezpieczający np : Avast + Comodo Firewall

a tak , że :

#Ad-Aware 2007

#SpyBot

#Spyware Terminator

a tak , że

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools

subru555 · 18 Lipiec 2007 07:21

Niestety te komendy mi nie dzialaja:

SC STOP FCI

SC DELETE FCI

DEL C:\WINDOWS\System32\svchost.exe

otrzymuje odpowiedz:

OpenService FAILED 1060

Zapomnialem dodac, ze przy kazdym wlaczeniu komputera (za kazdym razem tryb wawryjny), Zawsze znajduje nowe wirusy choc za kazdym razem sie ich pozbywam

Nie wiem co robic dalej

Pozdr

Gutek · 18 Lipiec 2007 08:27

Daj log z Combofix

subru555 · 18 Lipiec 2007 08:50

“Szymo” - 2007-07-18 10:44:07 - ComboFix 07-07-14.6 - Dodatek Service Pack 2 NTFS [sAFE MODE] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\6_exception.nls ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\LEGACY_RUNTIME -------\LEGACY_RUNTIME2 -------\runtime ((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 ))))))))))))))))))))))))))))))) 2007-07-18 10:43 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-16 13:49 2007-07-16 13:49 2007-07-16 13:49 2007-07-16 13:49 2007-07-15 09:34 2007-07-15 09:24 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-07-15 09:24 2007-07-15 09:24 2007-07-15 09:24 2007-07-14 12:11 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-07-14 11:29 2007-07-14 11:14 2007-07-13 23:05 34,560 --a------ C:\WINDOWS\system32\drivers\runtime2.sys 2007-07-13 22:49 58,737 --a------ C:\WINDOWS\system32\sysdrv1.exe 2007-07-13 22:49 23,026 --a------ C:\WINDOWS\system32\sysdrv8.exe 2007-07-12 17:05 2007-07-12 17:05 2007-07-12 17:04 2007-07-12 17:04 2007-07-12 17:01 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-07-12 17:01 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll 2007-07-12 17:01 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-07-12 17:01 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-07-12 17:01 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-07-12 17:01 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-07-12 17:01 2007-07-12 17:01 2007-07-12 17:01 2007-07-12 17:00 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-07-12 17:00 2007-07-12 17:00 2007-07-12 17:00 2007-07-12 17:00 2007-07-12 17:00 2007-07-11 23:02 2007-07-10 09:09 2007-07-09 14:55 2007-07-06 17:35 4 --a------ C:\WINDOWS\system32\proc20744962.bin 2007-07-06 17:35 2007-07-05 16:15 2007-07-05 16:14 49,152 --a------ C:\WINDOWS\system32\ctpde.dll 2007-07-05 16:14 385,109 --a------ C:\WINDOWS\system32\ctjb2sp.dll 2007-07-05 16:14 32,768 --a------ C:\WINDOWS\system32\PdePgHlp.dll 2007-07-05 16:14 28,672 --a------ C:\WINDOWS\system32\PdeSrvps.dll 2007-07-05 16:14 28,672 --a------ C:\WINDOWS\system32\Jb4Inst.dll 2007-07-05 16:14 229,376 --a------ C:\WINDOWS\system32\CTPmsMan.dll 2007-07-05 16:14 200,704 --a------ C:\WINDOWS\system32\CTPdeSrv.exe 2007-07-05 16:14 16,880 --a------ C:\WINDOWS\system32\drivers\ctpdusb.sys 2007-07-05 16:14 149,504 --a------ C:\WINDOWS\UNWISE.EXE 2007-07-05 16:14 143,360 --a------ C:\WINDOWS\system32\CTPmsWma.dll 2007-07-04 13:45 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-07-04 13:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-07-04 13:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-07-03 03:00 2007-07-02 17:29 2007-06-30 10:24 2007-06-30 10:07 2007-06-30 10:02 2007-06-30 10:02 2007-06-30 10:02 2007-06-30 10:00 2007-06-30 10:00 2007-06-30 09:53 2007-06-30 09:49 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys 2007-06-30 09:49 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys 2007-06-30 09:46 2007-06-30 09:28 2007-06-30 09:19 77,824 -ra------ C:\WINDOWS\system32\drivers\SioUi2k.dll 2007-06-30 09:19 63,488 -ra------ C:\WINDOWS\system32\drivers\wssbtr1f.sys 2007-06-30 09:19 54,784 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll 2007-06-30 09:19 51,169 -ra------ C:\WINDOWS\system32\drivers\OXSER.SYS 2007-06-30 09:19 48,556 -ra------ C:\WINDOWS\system32\drivers\SktBt2k.sys 2007-06-30 09:19 48,076 -ra------ C:\WINDOWS\system32\drivers\Sio9502k.sys 2007-06-30 09:19 40,960 -ra------ C:\WINDOWS\system32\drivers\SCTray.exe 2007-06-30 09:19 2007-06-30 09:18 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-06-30 09:18 82,148 --a------ C:\WINDOWS\system32\drivers\VcommMgr.sys 2007-06-30 09:18 7,680 --a------ C:\WINDOWS\system32\btinstall.dll 2007-06-30 09:18 61,312 --a------ C:\WINDOWS\system32\drivers\VComm.sys 2007-06-30 09:18 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2007-06-30 09:18 49,152 --a------ C:\WINDOWS\system32\btfunc.dll 2007-06-30 09:18 28,271 --a------ C:\WINDOWS\system32\drivers\BTHidMgr.sys 2007-06-30 09:18 23,000 --a------ C:\WINDOWS\system32\drivers\btcusb.sys 2007-06-30 09:18 20,480 --a------ C:\WINDOWS\system32\drivers\blueletaudio.sys 2007-06-30 09:18 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-06-30 09:18 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2007-06-30 09:18 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2007-06-30 09:18 148,830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys 2007-06-30 09:18 13,304 --a------ C:\WINDOWS\system32\drivers\BTNetFilter.sys 2007-06-30 09:18 116,021 --a------ C:\WINDOWS\system32\drivers\fw203x.sys 2007-06-30 09:18 11,860 --a------ C:\WINDOWS\system32\drivers\vbtenum.sys 2007-06-30 09:18 11,736 --a------ C:\WINDOWS\system32\drivers\VHIDMini.sys 2007-06-30 09:18 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2007-06-30 09:18 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2007-06-30 09:18 10,804 --a------ C:\WINDOWS\system32\drivers\BtNetDrv.sys 2007-06-30 09:18 2007-06-30 09:16 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-06-30 09:16 39,424 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys 2007-06-30 09:16 380,928 -ra------ C:\WINDOWS\system32\LVUI2RC.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-13 20:49:42 14,336 ----a-w C:\WINDOWS\system32\svchost.exe 2007-07-11 21:32:51 74,230 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-07-11 21:32:51 448,004 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-27 18:18:37 -------- d-----w C:\Program Files\Usługi online 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2003-05-15 00:47 50376 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe” [2006-05-10 11:12] “CTHelper”=“CTHELPER.EXE” [2003-08-28 10:45 C:\WINDOWS\system32\CTHELPER.EXE] “Jet Detection”=“C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” [2001-11-29 01:00] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-06-29 17:09] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2006-06-21 19:14] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2004-11-02 20:24] “PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2006-06-15 12:36] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 02:44] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2006-11-14 11:12] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-07-06 18:53] “PcSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2006-06-27 16:21] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] “combofix”=C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-18 10:46:55 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-18 10:47:28 - machine was rebooted C:\ComboFix-quarantined-files.txt … 2007-07-18 10:47 — E O F —

Gutek · 18 Lipiec 2007 09:01

Jeszcze raz daj log z Combofix nie usunął wszytskego + Pobierz program SDFix

subru555 · 18 Lipiec 2007 09:11

“Szymo” - 2007-07-18 11:09:34 - ComboFix 07-07-14.6 - Dodatek Service Pack 2 NTFS [sAFE MODE] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\WINDOWS\system32\drivers\runtime2.sys ((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 ))))))))))))))))))))))))))))))) 2007-07-18 10:43 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-16 13:49 2007-07-16 13:49 2007-07-16 13:49 2007-07-16 13:49 2007-07-15 09:34 2007-07-15 09:24 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT 2007-07-15 09:24 2007-07-15 09:24 2007-07-15 09:24 2007-07-14 12:11 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-07-14 11:29 2007-07-14 11:14 2007-07-13 22:49 58,737 --a------ C:\WINDOWS\system32\sysdrv1.exe 2007-07-13 22:49 23,026 --a------ C:\WINDOWS\system32\sysdrv8.exe 2007-07-12 17:05 2007-07-12 17:05 2007-07-12 17:04 2007-07-12 17:04 2007-07-12 17:01 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys 2007-07-12 17:01 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll 2007-07-12 17:01 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll 2007-07-12 17:01 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys 2007-07-12 17:01 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys 2007-07-12 17:01 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys 2007-07-12 17:01 2007-07-12 17:01 2007-07-12 17:01 2007-07-12 17:00 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll 2007-07-12 17:00 2007-07-12 17:00 2007-07-12 17:00 2007-07-12 17:00 2007-07-12 17:00 2007-07-11 23:02 2007-07-10 09:09 2007-07-09 14:55 2007-07-06 17:35 4 --a------ C:\WINDOWS\system32\proc20744962.bin 2007-07-06 17:35 2007-07-05 16:15 2007-07-05 16:14 49,152 --a------ C:\WINDOWS\system32\ctpde.dll 2007-07-05 16:14 385,109 --a------ C:\WINDOWS\system32\ctjb2sp.dll 2007-07-05 16:14 32,768 --a------ C:\WINDOWS\system32\PdePgHlp.dll 2007-07-05 16:14 28,672 --a------ C:\WINDOWS\system32\PdeSrvps.dll 2007-07-05 16:14 28,672 --a------ C:\WINDOWS\system32\Jb4Inst.dll 2007-07-05 16:14 229,376 --a------ C:\WINDOWS\system32\CTPmsMan.dll 2007-07-05 16:14 200,704 --a------ C:\WINDOWS\system32\CTPdeSrv.exe 2007-07-05 16:14 16,880 --a------ C:\WINDOWS\system32\drivers\ctpdusb.sys 2007-07-05 16:14 149,504 --a------ C:\WINDOWS\UNWISE.EXE 2007-07-05 16:14 143,360 --a------ C:\WINDOWS\system32\CTPmsWma.dll 2007-07-04 13:45 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-07-04 13:45 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-07-04 13:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-07-03 03:00 2007-07-02 17:29 2007-06-30 10:24 2007-06-30 10:07 2007-06-30 10:02 2007-06-30 10:02 2007-06-30 10:02 2007-06-30 10:00 2007-06-30 10:00 2007-06-30 09:53 2007-06-30 09:49 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys 2007-06-30 09:49 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys 2007-06-30 09:46 2007-06-30 09:28 2007-06-30 09:19 77,824 -ra------ C:\WINDOWS\system32\drivers\SioUi2k.dll 2007-06-30 09:19 63,488 -ra------ C:\WINDOWS\system32\drivers\wssbtr1f.sys 2007-06-30 09:19 54,784 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll 2007-06-30 09:19 51,169 -ra------ C:\WINDOWS\system32\drivers\OXSER.SYS 2007-06-30 09:19 48,556 -ra------ C:\WINDOWS\system32\drivers\SktBt2k.sys 2007-06-30 09:19 48,076 -ra------ C:\WINDOWS\system32\drivers\Sio9502k.sys 2007-06-30 09:19 40,960 -ra------ C:\WINDOWS\system32\drivers\SCTray.exe 2007-06-30 09:19 2007-06-30 09:18 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-06-30 09:18 82,148 --a------ C:\WINDOWS\system32\drivers\VcommMgr.sys 2007-06-30 09:18 7,680 --a------ C:\WINDOWS\system32\btinstall.dll 2007-06-30 09:18 61,312 --a------ C:\WINDOWS\system32\drivers\VComm.sys 2007-06-30 09:18 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys 2007-06-30 09:18 49,152 --a------ C:\WINDOWS\system32\btfunc.dll 2007-06-30 09:18 28,271 --a------ C:\WINDOWS\system32\drivers\BTHidMgr.sys 2007-06-30 09:18 23,000 --a------ C:\WINDOWS\system32\drivers\btcusb.sys 2007-06-30 09:18 20,480 --a------ C:\WINDOWS\system32\drivers\blueletaudio.sys 2007-06-30 09:18 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS 2007-06-30 09:18 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys 2007-06-30 09:18 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys 2007-06-30 09:18 148,830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys 2007-06-30 09:18 13,304 --a------ C:\WINDOWS\system32\drivers\BTNetFilter.sys 2007-06-30 09:18 116,021 --a------ C:\WINDOWS\system32\drivers\fw203x.sys 2007-06-30 09:18 11,860 --a------ C:\WINDOWS\system32\drivers\vbtenum.sys 2007-06-30 09:18 11,736 --a------ C:\WINDOWS\system32\drivers\VHIDMini.sys 2007-06-30 09:18 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys 2007-06-30 09:18 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys 2007-06-30 09:18 10,804 --a------ C:\WINDOWS\system32\drivers\BtNetDrv.sys 2007-06-30 09:18 2007-06-30 09:16 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-06-30 09:16 39,424 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys 2007-06-30 09:16 380,928 -ra------ C:\WINDOWS\system32\LVUI2RC.dll 2007-06-30 09:16 287,360 -ra------ C:\WINDOWS\system32\drivers\LV561AV.SYS (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-13 20:49:42 14,336 ----a-w C:\WINDOWS\system32\svchost.exe 2007-07-11 21:32:51 74,230 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-07-11 21:32:51 448,004 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-27 18:18:37 -------- d-----w C:\Program Files\Usługi online 2007-04-25 14:23:30 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2007-04-18 16:14:32 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2003-05-15 00:47 50376 --a------ C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe” [2006-05-10 11:12] “CTHelper”=“CTHELPER.EXE” [2003-08-28 10:45 C:\WINDOWS\system32\CTHELPER.EXE] “Jet Detection”=“C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe” [2001-11-29 01:00] “QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2007-06-29 17:09] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2006-06-21 19:14] “RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2004-11-02 20:24] “PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2006-06-15 12:36] “!AVG Anti-Spyware”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” [2007-06-11 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 02:44] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2006-11-14 11:12] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2006-07-06 18:53] “PcSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2006-06-27 16:21] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] “combofix”=C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{57B86673-276A-48B2-BAE7-C6DBB3020EB8}”=“C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll” [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] *Newly Created Service* - CATCHME ************************************************************************** catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-18 11:10:16 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-18 11:10:40 C:\ComboFix-quarantined-files.txt … 2007-07-18 11:10 C:\ComboFix2.txt … 2007-07-18 10:47 — E O F —

Złączono Posta : 18.07.2007 (Sro) 11:27

SDFix: Version 1.92

Run by Szymo on 2007-07-18 at 11:21

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\SDFix

Safe Mode:

Checking Services:

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Rebooting…

Normal Mode:

Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\windows_log.txt - Deleted

Removing Temp Files…

ADS Check:

C:\WINDOWS

No streams found.

C:\WINDOWS\system32

No streams found.

C:\WINDOWS\system32\svchost.exe

No streams found.

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

Final Check:

Remaining Services:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

“%windir%\system32\sessmgr.exe”="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:

Files with Hidden Attributes:

C:\Program Files\Autodesk\Autodesk DWF Viewer_Setupx.dll

C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe

C:\WINDOWS\system32\config\default.tmp.LOG

C:\WINDOWS\system32\config\SAM.tmp.LOG

C:\WINDOWS\system32\config\SECURITY.tmp.LOG

C:\WINDOWS\system32\config\software.tmp.LOG

C:\WINDOWS\system32\config\system.tmp.LOG

Finished

Gutek · 18 Lipiec 2007 17:22

Użyj Pocket Killbox. Zaznaczasz opcję Delete on Reboot i w polu Full Path of File to Delete wklejasz ścieżki

C:\WINDOWS\system32\sysdrv1.exe

C:\WINDOWS\system32\sysdrv8.exe

i naciskasz X czerwony. Program poprosi o reset kompa … czyli resetujesz.

Skan + raport - http://pl.trendmicro-europe.com/consume … launch.php

subru555 · 19 Lipiec 2007 05:34

Powiem szczerze, ze mimo wyglada wszystko na OK i system dziala juz normalnie, to i tak przy kazdym wlaczeniu Windowsa znajduje mi jakies wirusy. Nie wiem co juz tym mam zrobic…

Gutek · 19 Lipiec 2007 15:53

możesz wiecej szczegółów podać

subru555 · 19 Lipiec 2007 18:53

wiecej szczegolow … coz

wylaczam normalnie komputer

wlaczam go ponownie i odpalam antywirus (skan calego kompa)(programem AVG Anti-Spyware)

zawsze znajda sie 2 czy 3 wirusy

kasuje je i robie wszystko od poczatku

i ta sytuacja non stop sie powtarza

Pozdr

Gutek · 19 Lipiec 2007 18:57

A daj raport z AVG Anti-Spyware, pewnie to ciasteczka

subru555 · 21 Lipiec 2007 06:21

jessica · 21 Lipiec 2007 08:52

Rzeczywiście, to tylko “ciasteczka”

Nie przejmuj się nimi.

.