x-kom hosting

System error! Trojan!

adamradz
utworzono
utworzono

Przy wlaczaniu Moich Dokumentow lub Mojego Komputera wyskakuje mi blad:

System error!

Attention, User! Some dangerous trojan horses detected in your system. Microsoft Widnows files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now!

Click OK to download the antispyware(recommended)

Co robic zeby zlikwidowac tego wirusa? Zrobilem skana KAV-em ale nic nie wykryl. Prosze o pomoc

Sean
komentarz
komentarz

Daj logi z hijackthis i combofix ;)

adamradz
komentarz
komentarz
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:32:08, on 2008-07-09Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\Program Files\A4Tech\Mouse\Amoumain.exeC:\Program Files\Logitech\iTouch\iTouch.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\Program Files\AutoConnect\AutoConnect.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\LimeWire\LimeWire.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/defaultR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: VideoCodec Class - {284AAAD9-FDF9-49A3-93ED-9CAE4AA26805} - C:\WINDOWS\system32\AswBHO.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO2 - BHO: VideoCodec Class - {926A61C9-5C20-4583-ACA7-ACE21088816E} - C:\WINDOWS\system32\RichVideoCodec.dllO2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLO3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLO4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exeO4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exeO4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -HideO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htmO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871O17 - HKLM\System\CCS\Services\Tcpip\..\{F971B323-731D-46AB-B8A4-44EA2A59279C}: NameServer = 194.204.159.1 217.98.63.164O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dllO23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeO23 - Service: NVIDIA-OMEGA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe--End of file - 4834 bytes
Sean
komentarz
komentarz

w trybie awaryjnym usuń plik

C:\WINDOWS\system32\RichVideoCodec.dll

A także fix dla wpisów:

O2 - BHO: VideoCodec Class - {926A61C9-5C20-4583-ACA7-ACE21088816E} - C:\WINDOWS\system32\RichVideoCodec.dllO2 - BHO: VideoCodec Class - {284AAAD9-FDF9-49A3-93ED-9CAE4AA26805} - C:\WINDOWS\system32\AswBHO.dll

Użyj także SDFix

Mateusz J.
komentarz
komentarz

Prócz tego pliku:

C:\WINDOWS\system32\RichVideoCodec.dll

Trzeba jeszcze usunąć plik:

C:\WINDOWS\system32\AswBHO.dll

Oba pliki usuń w ten sposób:

Pobierz ComboFix.

Do notatnika wklej:

File::C:\WINDOWS\system32\RichVideoCodec.dllC:\WINDOWS\system32\AswBHO.dllRegistry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{926A61C9-5C20-4583-ACA7-ACE21088816E}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{284AAAD9-FDF9-49A3-93ED-9CAE4AA26805}]

W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix

wystartuj do trybu awaryjny. Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku:

82650GIF.gif

Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.

adamradz
komentarz
komentarz

Nie moge wlaczyc kompa w trybie awaryjnym(obojetnie czy zaloguje sie jako Ja czy Administrator i tak wystepuje blad). Po prostu cos tam pisze, jest jakis komunikat, ale nie mozna go nawet odczytac bo w 1 sekunde po wyskoczeniu tego bledu komputer sie restartuje

ComboFix 08-07-10.1 - Marionetka 2008-07-12 16:55:20.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1187 [GMT 2:00]Running from: C:\Documents and Settings\Marionetka\Pulpit\ComboFix.exeCommand switches used :: C:\Documents and Settings\Marionetka\Pulpit\CFScript.txt * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b]FILE ::C:\WINDOWS\system32\AswBHO.dllC:\WINDOWS\system32\RichVideoCodec.dll.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\AswBHO.dllC:\WINDOWS\system32\RichVideoCodec.dll.(((((((((((((((((((((((((   Files Created from 2008-06-12 to 2008-07-12  ))))))))))))))))))))))))))))))).2008-07-11 21:47 . 2008-07-11 21:51	<DIR>	d--------	C:\Documents and Settings\Marionetka\.Nokia2008-07-11 21:47 . 2004-11-26 11:15	25,088	--a------	C:\WINDOWS\system32\drivers\ncfvsbus.sys2008-07-11 21:47 . 2004-11-26 11:15	12,288	--a------	C:\WINDOWS\system32\drivers\ncfvcom.sys2008-07-11 21:46 . 2008-07-11 21:51	<DIR>	d--------	C:\Nokia2008-07-11 11:25 . 2008-07-11 11:25	20	--ahs----	C:\ntuser.ini2008-07-11 00:03 . 2008-07-11 00:03	<DIR>	d--------	C:\Documents and Settings\Marionetka\Dane aplikacji\TransRender2008-07-11 00:03 . 2008-07-11 00:03	<DIR>	d--------	C:\Documents and Settings\Marionetka\Dane aplikacji\Temporary2008-07-11 00:03 . 2008-07-11 00:03	<DIR>	d--------	C:\Documents and Settings\Marionetka\Dane aplikacji\Samsung2008-07-11 00:03 . 2008-07-11 00:03	<DIR>	d--------	C:\Documents and Settings\Marionetka\Dane aplikacji\ConvertTemp2008-07-11 00:00 . 2006-05-03 22:53	174,592	--a------	C:\WINDOWS\system32\framedyn.dll2008-07-10 23:59 . 2008-07-11 00:00	<DIR>	d--------	C:\WINDOWS\system32\Samsung_USB_Drivers2008-07-10 23:59 . 2005-08-30 17:59	94,000	--a------	C:\WINDOWS\system32\drivers\ss_mdm.sys2008-07-10 23:59 . 2005-08-30 17:57	58,320	--a------	C:\WINDOWS\system32\drivers\ss_bus.sys2008-07-10 23:59 . 2005-08-30 17:58	8,304	--a------	C:\WINDOWS\system32\drivers\ss_mdfl.sys2008-07-10 23:59 . 2005-08-30 17:58	6,144	--a------	C:\WINDOWS\system32\drivers\ss_cmnt.sys2008-07-10 23:59 . 2005-08-30 17:58	6,144	--a------	C:\WINDOWS\system32\drivers\ss_cm.sys2008-07-10 23:59 . 2005-08-30 17:57	5,808	--a------	C:\WINDOWS\system32\drivers\ss_whnt.sys2008-07-10 23:59 . 2005-08-30 17:57	5,808	--a------	C:\WINDOWS\system32\drivers\ss_wh.sys2008-07-10 23:58 . 2008-07-10 23:58	<DIR>	d--------	C:\Program Files\Samsung2008-07-10 23:58 . 2006-07-24 16:05	5,632	--a------	C:\WINDOWS\system32\drivers\StarOpen.sys2008-07-10 23:58 . 2005-08-28 20:51	766	--a------	C:\WINDOWS\system32\Uninstall.ico2008-07-10 14:44 . 2008-07-10 14:44	<DIR>	d--------	C:\Program Files\eRightSoft2008-07-10 14:44 . 2008-07-10 14:44	<DIR>	d--------	C:\Program Files\AviSynth 2.52008-07-10 14:27 . 2008-07-10 14:44	<DIR>	d--------	C:\Program Files\MediaCoder2008-07-10 14:02 . 2008-07-10 14:02	<DIR>	d--------	C:\WINDOWS\Mozilla2008-07-10 12:51 . 2008-07-10 12:57	<DIR>	d--------	C:\Program Files\Mobile Video Converter2008-07-10 12:14 . 2008-07-10 12:14	<DIR>	d--------	C:\Documents and Settings\Marionetka\Dane aplikacji\Nokia Multimedia Player2008-07-09 19:08 . 2008-07-09 19:08	<DIR>	d--------	C:\Documents and Settings\Marionetka\Phone Browser2008-07-09 19:06 . 2008-07-09 19:06	<DIR>	d--------	C:\Documents and Settings\Marionetka\Dane aplikacji\Nokia2008-07-09 19:06 . 2008-07-09 19:06	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\PC Suite2008-07-09 19:05 . 2008-07-09 19:05	<DIR>	d--------	C:\Program Files\PC Connectivity Solution2008-07-09 19:05 . 2008-07-09 19:05	<DIR>	d--------	C:\Program Files\Nokia2008-07-09 19:05 . 2008-07-09 19:06	<DIR>	d--------	C:\Program Files\DIFX2008-07-09 19:05 . 2008-07-09 19:05	<DIR>	d--------	C:\Program Files\Common Files\PCSuite2008-07-09 19:05 . 2008-07-09 19:05	<DIR>	d--------	C:\Program Files\Common Files\Nokia2008-07-09 19:05 . 2008-07-09 19:05	<DIR>	d--------	C:\Documents and Settings\Marionetka\Dane aplikacji\PC Suite2008-07-09 19:05 . 2007-02-22 10:15	137,216	--a------	C:\WINDOWS\system32\drivers\nmwcd.sys2008-07-09 19:05 . 2007-02-22 10:15	90,624	--a------	C:\WINDOWS\system32\nmwcdcls.dll2008-07-09 19:05 . 2007-02-22 10:15	65,536	--a------	C:\WINDOWS\system32\nmwcdcocls.dll2008-07-09 19:05 . 2007-02-22 10:15	12,288	--a------	C:\WINDOWS\system32\drivers\nmwcdcm.sys2008-07-09 19:05 . 2007-02-22 10:15	12,288	--a------	C:\WINDOWS\system32\drivers\nmwcdcj.sys2008-07-09 19:05 . 2007-02-22 10:15	8,320	--a------	C:\WINDOWS\system32\drivers\nmwcdc.sys2008-07-09 19:03 . 2008-07-09 19:03	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Installations2008-07-09 18:44 . 2004-09-21 18:18	148,830	--a------	C:\WINDOWS\system32\drivers\bcbthub.sys2008-07-09 18:31 . 2008-07-09 18:31	<DIR>	d--------	C:\Program Files\Trend Micro2008-07-08 19:15 . 2008-07-08 19:44	<DIR>	d--------	C:\Documents and Settings\Administrator\Ustawienia lokalne2008-07-08 19:15 . 2008-07-08 19:44	<DIR>	d--------	C:\Documents and Settings\Administrator\Szablony2008-07-08 19:15 . 2008-07-08 19:44	<DIR>	d--------	C:\Documents and Settings\Administrator\Dane aplikacji2008-07-08 19:15 . 2008-07-08 19:44	<DIR>	d---s----	C:\Documents and Settings\Administrator2008-07-07 22:14 . 2008-07-07 23:32	<DIR>	d--------	C:\Documents and Settings\Marionetka\DoctorWeb2008-07-03 19:58 . 2008-07-03 19:58	<DIR>	d--------	C:\Documents and Settings\Marionetka\Dane aplikacji\IrfanView2008-07-03 13:32 . 2008-02-07 17:10	<DIR>	d--h-----	C:\ckis2008-06-23 14:41 . 2008-07-09 18:38	<DIR>	d--------	C:\Program Files\DkZ Studio2008-06-23 12:49 . 2008-06-23 12:49	<DIR>	d--------	C:\Program Files\AskSBar2008-06-23 12:48 . 2008-06-23 12:49	<DIR>	d--------	C:\Program Files\Vuze2008-06-23 10:27 . 2008-07-10 00:22	<DIR>	d--------	C:\Documents and Settings\Marionetka\Dane aplikacji\Azureus2008-06-23 10:27 . 2008-06-23 10:27	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Azureus2008-06-19 12:46 . 2008-07-07 18:28	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy2008-06-19 12:46 . 2008-06-19 13:39	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy2008-06-19 12:12 . 2008-06-19 12:15	<DIR>	d--------	C:\Program Files\RegCleaner.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-12 15:01	19,190,560	--sha-w	C:\WINDOWS\system32\drivers\fidbox.dat2008-07-12 15:01	---------	d-----w	C:\Program Files\AutoConnect2008-07-12 15:00	1,549,088	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.dat2008-07-12 14:59	262,220	--sha-w	C:\WINDOWS\system32\drivers\fidbox.idx2008-07-12 14:59	147,296	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.idx2008-07-12 14:30	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab2008-07-11 19:46	---------	d--h--w	C:\Program Files\InstallShield Installation Information2008-07-09 16:35	---------	d-----w	C:\Documents and Settings\Marionetka\Dane aplikacji\LimeWire2008-07-08 17:49	---------	d-----w	C:\Program Files\GameXP2008-07-07 20:11	---------	d-----w	C:\Program Files\Kaspersky Lab2008-06-26 21:35	---------	d-----w	C:\Documents and Settings\Marionetka\Dane aplikacji\Xfire2008-06-19 11:21	---------	d-----w	C:\Program Files\Xfire2008-06-16 18:36	---------	d-----w	C:\Program Files\JetAudio2008-06-07 11:29	413,696	----a-w	C:\WINDOWS\system32\wrap_oal.dll2008-06-07 11:29	110,592	----a-w	C:\WINDOWS\system32\OpenAL32.dll2008-06-06 17:03	---------	d-----w	C:\Documents and Settings\Marionetka\Dane aplikacji\Sports Interactive2008-06-05 16:31	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard2008-06-05 16:31	---------	d-----w	C:\Program Files\AGEIA Technologies2008-06-03 00:56	41,296	----a-w	C:\WINDOWS\system32\xfcodec.dll2008-06-01 20:17	---------	d--h--w	C:\Program Files\Zero G Registry2008-06-01 15:25	278,984	----a-w	C:\WINDOWS\system32\drivers\atksgt.sys2008-06-01 15:25	25,416	----a-w	C:\WINDOWS\system32\drivers\lirsgt.sys2008-06-01 14:05	107,888	----a-w	C:\WINDOWS\system32\CmdLineExt.dll2008-06-01 14:05	---------	d--h--r	C:\Documents and Settings\Marionetka\Dane aplikacji\SecuROM2008-06-01 13:42	---------	d-----w	C:\Program Files\Common Files\Adobe2008-06-01 13:37	---------	d-----w	C:\Program Files\OpenAL2008-06-01 10:55	---------	d-----w	C:\Documents and Settings\Marionetka\Dane aplikacji\Media Player Classic2008-06-01 09:49	---------	d-----w	C:\Program Files\Electronic Arts2008-06-01 09:14	---------	d-----w	C:\Documents and Settings\Marionetka\Dane aplikacji\COWON2008-05-31 17:37	96,966	----a-w	C:\WINDOWS\system32\drivers\klin.dat2008-05-31 17:37	88,774	----a-w	C:\WINDOWS\system32\drivers\klick.dat2008-05-31 17:37	112,144	----a-w	C:\WINDOWS\system32\drivers\kl1.sys2008-05-31 17:17	---------	d-----w	C:\Program Files\Microsoft.NET2008-05-31 17:13	---------	d-----w	C:\Program Files\SystemRequirementsLab2008-05-31 17:11	---------	d-----w	C:\Program Files\VID_0E8F&PID_00122008-05-31 17:11	---------	d-----w	C:\Program Files\USB Vibration2008-05-31 17:04	---------	d-----w	C:\Program Files\Realtek2008-05-31 17:01	---------	d-----w	C:\Program Files\VIA2008-05-31 17:00	---------	d-----w	C:\Program Files\Common Files\InstallShield2008-05-31 16:59	---------	d-----w	C:\Program Files\AMD2008-05-31 16:56	---------	d-----w	C:\Documents and Settings\LocalService\Dane aplikacji\Xfire2008-05-31 16:55	472,576	----a-w	C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe2008-05-31 16:55	---------	d-----w	C:\Program Files\Nvidia Omega Drivers2008-05-31 16:52	---------	d-----w	C:\Program Files\Logitech2008-05-31 16:52	---------	d-----w	C:\Program Files\Common Files\Logitech2008-05-31 16:46	---------	d-----w	C:\Program Files\TGTSoft2008-05-31 16:46	---------	d-----w	C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire2008-05-31 16:45	---------	d-----w	C:\Program Files\K-Lite Codec Pack2008-05-31 16:44	---------	d-----w	C:\Documents and Settings\Marionetka\Dane aplikacji\Ashampoo2008-05-31 16:42	---------	d-----w	C:\Program Files\Ashampoo2008-05-31 16:42	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\ashampoo2008-05-31 16:40	---------	d-----w	C:\Program Files\Common Files\COWON2008-05-31 16:39	---------	d-----w	C:\Documents and Settings\Marionetka\Dane aplikacji\InstallShield2008-05-31 16:33	---------	d-----w	C:\Program Files\DAEMON Tools Lite2008-05-31 16:31	716,272	----a-w	C:\WINDOWS\system32\drivers\sptd.sys2008-05-31 16:31	---------	d-----w	C:\Documents and Settings\Marionetka\Dane aplikacji\DAEMON Tools2008-05-31 16:30	---------	d-----w	C:\Program Files\LimeWire2008-05-31 15:51	---------	d-----w	C:\Documents and Settings\Marionetka\Dane aplikacji\Gadu-Gadu2008-05-31 15:48	---------	d-----w	C:\Program Files\SopCast2008-05-31 15:46	---------	d-----w	C:\Program Files\IrfanView2008-05-31 15:46	---------	d-----w	C:\Program Files\Gadu-Gadu2008-05-31 15:45	---------	d-----w	C:\Program Files\FreeUndelete2008-05-31 15:43	---------	d-----w	C:\Program Files\A4Tech2008-05-31 14:16	---------	d-----w	C:\Program Files\Java2008-05-31 14:07	---------	d-----w	C:\Program Files\Common Files\Java2008-05-31 13:47	---------	d-----w	C:\Program Files\Thomson2008-05-31 13:37	---------	d-----w	C:\Program Files\microsoft frontpage2008-05-31 13:35	---------	d-----w	C:\Program Files\Usługi online2008-05-28 04:22	507,400	----a-w	C:\WINDOWS\system32\XAudio2_1.dll2008-05-28 04:22	238,088	----a-w	C:\WINDOWS\system32\xactengine3_1.dll2008-05-28 04:21	65,032	----a-w	C:\WINDOWS\system32\XAPOFX1_0.dll2008-05-28 04:21	25,608	----a-w	C:\WINDOWS\system32\X3DAudio1_4.dll2008-05-22 06:12	467,984	----a-w	C:\WINDOWS\system32\d3dx10_38.dll2008-05-22 06:12	3,850,760	----a-w	C:\WINDOWS\system32\D3DX9_38.dll2008-05-22 06:12	1,491,992	----a-w	C:\WINDOWS\system32\D3DCompiler_38.dll2006-05-03 09:06	163,328	--sh--r	C:\WINDOWS\system32\flvDX.dll2007-02-21 10:47	31,232	--sh--r	C:\WINDOWS\system32\msfDX.dll2008-03-16 12:30	216,064	--sh--r	C:\WINDOWS\system32\nbDX.dll.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27 295424]"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 17:14 163840]"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33 892928]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 07:41 81920]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 07:41 8523776]"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]"RTHDCPL"="RTHDCPL.EXE" [2006-02-10 12:25 15969280 C:\WINDOWS\RTHDCPL.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"SynchronousMachineGroupPolicy"= 0 (0x0)"SynchronousUserGroupPolicy"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoStrCmpLogical"= 1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMBalloonTip"= 1 (0x1)"MemCheckBoxInRunDlg"= 0 (0x0)"NoAutoTrayNotify"= 0 (0x0)"NoResolveTrack"= 0 (0x0)"NoResolveSearch"= 1 (0x1)"NoWelcomeScreen"= 1 (0x1)"NoRecentDocsNetHood"= 1 (0x1)"NoDesktopCleanupWizard"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.I420"= i420vfw.dll"VIDC.XFR1"= xfcodec.dll"VIDC.YV12"= yv12vfw.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]--a------ 2004-08-04 00:44 15360 C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe"=R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;C:\WINDOWS\system32\DRIVERS\ncfvsbus.sys [2004-11-26 11:15]S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08].**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-12 17:00:46Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... **************************************************************************.------------------------ Other Running Processes ------------------------.C:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\PC Connectivity Solution\ServiceLayer.exe.**************************************************************************.Completion time: 2008-07-12 17:09:56 - machine was rebootedComboFix-quarantined-files.txt  2008-07-12 15:08:47Pre-Run: 11,597,934,592 bajtów wolnychPost-Run: 11,612,352,512 bajt˘w wolnych240

oto log, blad juz nie wystepuje, wielkie dzieki!

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.