adamradz utworzono 9 lipca 2008 utworzono 9 lipca 2008 Przy wlaczaniu Moich Dokumentow lub Mojego Komputera wyskakuje mi blad: System error! Attention, User! Some dangerous trojan horses detected in your system. Microsoft Widnows files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now! Click OK to download the antispyware(recommended) Co robic zeby zlikwidowac tego wirusa? Zrobilem skana KAV-em ale nic nie wykryl. Prosze o pomoc
adamradz komentarz 9 lipca 2008 Autor komentarz 9 lipca 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:32:08, on 2008-07-09Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exeC:\Program Files\A4Tech\Mouse\Amoumain.exeC:\Program Files\Logitech\iTouch\iTouch.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\Program Files\AutoConnect\AutoConnect.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\LimeWire\LimeWire.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/defaultR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: VideoCodec Class - {284AAAD9-FDF9-49A3-93ED-9CAE4AA26805} - C:\WINDOWS\system32\AswBHO.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO2 - BHO: VideoCodec Class - {926A61C9-5C20-4583-ACA7-ACE21088816E} - C:\WINDOWS\system32\RichVideoCodec.dllO2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLO3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLLO4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /iconO4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exeO4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXEO4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exeO4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -HideO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O8 - Extra context menu item: Dodaj do blokowanych banerów - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htmO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dllO9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=21871O17 - HKLM\System\CCS\Services\Tcpip\..\{F971B323-731D-46AB-B8A4-44EA2A59279C}: NameServer = 194.204.159.1 217.98.63.164O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dllO23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exeO23 - Service: NVIDIA-OMEGA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe--End of file - 4834 bytes
Sean komentarz 9 lipca 2008 komentarz 9 lipca 2008 w trybie awaryjnym usuń plik C:\WINDOWS\system32\RichVideoCodec.dll A także fix dla wpisów: O2 - BHO: VideoCodec Class - {926A61C9-5C20-4583-ACA7-ACE21088816E} - C:\WINDOWS\system32\RichVideoCodec.dllO2 - BHO: VideoCodec Class - {284AAAD9-FDF9-49A3-93ED-9CAE4AA26805} - C:\WINDOWS\system32\AswBHO.dll Użyj także SDFix
Mateusz J. komentarz 9 lipca 2008 komentarz 9 lipca 2008 Prócz tego pliku: C:\WINDOWS\system32\RichVideoCodec.dll Trzeba jeszcze usunąć plik: C:\WINDOWS\system32\AswBHO.dll Oba pliki usuń w ten sposób: Pobierz ComboFix. Do notatnika wklej: File::C:\WINDOWS\system32\RichVideoCodec.dllC:\WINDOWS\system32\AswBHO.dllRegistry::[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{926A61C9-5C20-4583-ACA7-ACE21088816E}][-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{284AAAD9-FDF9-49A3-93ED-9CAE4AA26805}] W notatniku zakladka Plik ==> Zapisz jako ==> zapisz pod nazwą CFScript.txt i zapisz go w tym katalogu co ściągnięty i zapisany został combofix wystartuj do trybu awaryjny. Na ikonę ComboFix przeciągasz zrobiony plik CFScript.txt Tak jak na obrazku: Rozpocznie się usuwanie i powstanie log , który pokazujesz na forum.
adamradz komentarz 12 lipca 2008 Autor komentarz 12 lipca 2008 Nie moge wlaczyc kompa w trybie awaryjnym(obojetnie czy zaloguje sie jako Ja czy Administrator i tak wystepuje blad). Po prostu cos tam pisze, jest jakis komunikat, ale nie mozna go nawet odczytac bo w 1 sekunde po wyskoczeniu tego bledu komputer sie restartuje ComboFix 08-07-10.1 - Marionetka 2008-07-12 16:55:20.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1187 [GMT 2:00]Running from: C:\Documents and Settings\Marionetka\Pulpit\ComboFix.exeCommand switches used :: C:\Documents and Settings\Marionetka\Pulpit\CFScript.txt * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b]FILE ::C:\WINDOWS\system32\AswBHO.dllC:\WINDOWS\system32\RichVideoCodec.dll.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\AswBHO.dllC:\WINDOWS\system32\RichVideoCodec.dll.((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 ))))))))))))))))))))))))))))))).2008-07-11 21:47 . 2008-07-11 21:51 <DIR> d-------- C:\Documents and Settings\Marionetka\.Nokia2008-07-11 21:47 . 2004-11-26 11:15 25,088 --a------ C:\WINDOWS\system32\drivers\ncfvsbus.sys2008-07-11 21:47 . 2004-11-26 11:15 12,288 --a------ C:\WINDOWS\system32\drivers\ncfvcom.sys2008-07-11 21:46 . 2008-07-11 21:51 <DIR> d-------- C:\Nokia2008-07-11 11:25 . 2008-07-11 11:25 20 --ahs---- C:\ntuser.ini2008-07-11 00:03 . 2008-07-11 00:03 <DIR> d-------- C:\Documents and Settings\Marionetka\Dane aplikacji\TransRender2008-07-11 00:03 . 2008-07-11 00:03 <DIR> d-------- C:\Documents and Settings\Marionetka\Dane aplikacji\Temporary2008-07-11 00:03 . 2008-07-11 00:03 <DIR> d-------- C:\Documents and Settings\Marionetka\Dane aplikacji\Samsung2008-07-11 00:03 . 2008-07-11 00:03 <DIR> d-------- C:\Documents and Settings\Marionetka\Dane aplikacji\ConvertTemp2008-07-11 00:00 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll2008-07-10 23:59 . 2008-07-11 00:00 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers2008-07-10 23:59 . 2005-08-30 17:59 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys2008-07-10 23:59 . 2005-08-30 17:57 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys2008-07-10 23:59 . 2005-08-30 17:58 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys2008-07-10 23:59 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys2008-07-10 23:59 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys2008-07-10 23:59 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys2008-07-10 23:59 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys2008-07-10 23:58 . 2008-07-10 23:58 <DIR> d-------- C:\Program Files\Samsung2008-07-10 23:58 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys2008-07-10 23:58 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico2008-07-10 14:44 . 2008-07-10 14:44 <DIR> d-------- C:\Program Files\eRightSoft2008-07-10 14:44 . 2008-07-10 14:44 <DIR> d-------- C:\Program Files\AviSynth 2.52008-07-10 14:27 . 2008-07-10 14:44 <DIR> d-------- C:\Program Files\MediaCoder2008-07-10 14:02 . 2008-07-10 14:02 <DIR> d-------- C:\WINDOWS\Mozilla2008-07-10 12:51 . 2008-07-10 12:57 <DIR> d-------- C:\Program Files\Mobile Video Converter2008-07-10 12:14 . 2008-07-10 12:14 <DIR> d-------- C:\Documents and Settings\Marionetka\Dane aplikacji\Nokia Multimedia Player2008-07-09 19:08 . 2008-07-09 19:08 <DIR> d-------- C:\Documents and Settings\Marionetka\Phone Browser2008-07-09 19:06 . 2008-07-09 19:06 <DIR> d-------- C:\Documents and Settings\Marionetka\Dane aplikacji\Nokia2008-07-09 19:06 . 2008-07-09 19:06 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite2008-07-09 19:05 . 2008-07-09 19:05 <DIR> d-------- C:\Program Files\PC Connectivity Solution2008-07-09 19:05 . 2008-07-09 19:05 <DIR> d-------- C:\Program Files\Nokia2008-07-09 19:05 . 2008-07-09 19:06 <DIR> d-------- C:\Program Files\DIFX2008-07-09 19:05 . 2008-07-09 19:05 <DIR> d-------- C:\Program Files\Common Files\PCSuite2008-07-09 19:05 . 2008-07-09 19:05 <DIR> d-------- C:\Program Files\Common Files\Nokia2008-07-09 19:05 . 2008-07-09 19:05 <DIR> d-------- C:\Documents and Settings\Marionetka\Dane aplikacji\PC Suite2008-07-09 19:05 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys2008-07-09 19:05 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll2008-07-09 19:05 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll2008-07-09 19:05 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys2008-07-09 19:05 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys2008-07-09 19:05 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys2008-07-09 19:03 . 2008-07-09 19:03 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Installations2008-07-09 18:44 . 2004-09-21 18:18 148,830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys2008-07-09 18:31 . 2008-07-09 18:31 <DIR> d-------- C:\Program Files\Trend Micro2008-07-08 19:15 . 2008-07-08 19:44 <DIR> d-------- C:\Documents and Settings\Administrator\Ustawienia lokalne2008-07-08 19:15 . 2008-07-08 19:44 <DIR> d-------- C:\Documents and Settings\Administrator\Szablony2008-07-08 19:15 . 2008-07-08 19:44 <DIR> d-------- C:\Documents and Settings\Administrator\Dane aplikacji2008-07-08 19:15 . 2008-07-08 19:44 <DIR> d---s---- C:\Documents and Settings\Administrator2008-07-07 22:14 . 2008-07-07 23:32 <DIR> d-------- C:\Documents and Settings\Marionetka\DoctorWeb2008-07-03 19:58 . 2008-07-03 19:58 <DIR> d-------- C:\Documents and Settings\Marionetka\Dane aplikacji\IrfanView2008-07-03 13:32 . 2008-02-07 17:10 <DIR> d--h----- C:\ckis2008-06-23 14:41 . 2008-07-09 18:38 <DIR> d-------- C:\Program Files\DkZ Studio2008-06-23 12:49 . 2008-06-23 12:49 <DIR> d-------- C:\Program Files\AskSBar2008-06-23 12:48 . 2008-06-23 12:49 <DIR> d-------- C:\Program Files\Vuze2008-06-23 10:27 . 2008-07-10 00:22 <DIR> d-------- C:\Documents and Settings\Marionetka\Dane aplikacji\Azureus2008-06-23 10:27 . 2008-06-23 10:27 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Azureus2008-06-19 12:46 . 2008-07-07 18:28 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy2008-06-19 12:46 . 2008-06-19 13:39 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy2008-06-19 12:12 . 2008-06-19 12:15 <DIR> d-------- C:\Program Files\RegCleaner.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-07-12 15:01 19,190,560 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat2008-07-12 15:01 --------- d-----w C:\Program Files\AutoConnect2008-07-12 15:00 1,549,088 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat2008-07-12 14:59 262,220 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx2008-07-12 14:59 147,296 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx2008-07-12 14:30 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab2008-07-11 19:46 --------- d--h--w C:\Program Files\InstallShield Installation Information2008-07-09 16:35 --------- d-----w C:\Documents and Settings\Marionetka\Dane aplikacji\LimeWire2008-07-08 17:49 --------- d-----w C:\Program Files\GameXP2008-07-07 20:11 --------- d-----w C:\Program Files\Kaspersky Lab2008-06-26 21:35 --------- d-----w C:\Documents and Settings\Marionetka\Dane aplikacji\Xfire2008-06-19 11:21 --------- d-----w C:\Program Files\Xfire2008-06-16 18:36 --------- d-----w C:\Program Files\JetAudio2008-06-07 11:29 413,696 ----a-w C:\WINDOWS\system32\wrap_oal.dll2008-06-07 11:29 110,592 ----a-w C:\WINDOWS\system32\OpenAL32.dll2008-06-06 17:03 --------- d-----w C:\Documents and Settings\Marionetka\Dane aplikacji\Sports Interactive2008-06-05 16:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard2008-06-05 16:31 --------- d-----w C:\Program Files\AGEIA Technologies2008-06-03 00:56 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll2008-06-01 20:17 --------- d--h--w C:\Program Files\Zero G Registry2008-06-01 15:25 278,984 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys2008-06-01 15:25 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys2008-06-01 14:05 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll2008-06-01 14:05 --------- d--h--r C:\Documents and Settings\Marionetka\Dane aplikacji\SecuROM2008-06-01 13:42 --------- d-----w C:\Program Files\Common Files\Adobe2008-06-01 13:37 --------- d-----w C:\Program Files\OpenAL2008-06-01 10:55 --------- d-----w C:\Documents and Settings\Marionetka\Dane aplikacji\Media Player Classic2008-06-01 09:49 --------- d-----w C:\Program Files\Electronic Arts2008-06-01 09:14 --------- d-----w C:\Documents and Settings\Marionetka\Dane aplikacji\COWON2008-05-31 17:37 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat2008-05-31 17:37 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat2008-05-31 17:37 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys2008-05-31 17:17 --------- d-----w C:\Program Files\Microsoft.NET2008-05-31 17:13 --------- d-----w C:\Program Files\SystemRequirementsLab2008-05-31 17:11 --------- d-----w C:\Program Files\VID_0E8F&PID_00122008-05-31 17:11 --------- d-----w C:\Program Files\USB Vibration2008-05-31 17:04 --------- d-----w C:\Program Files\Realtek2008-05-31 17:01 --------- d-----w C:\Program Files\VIA2008-05-31 17:00 --------- d-----w C:\Program Files\Common Files\InstallShield2008-05-31 16:59 --------- d-----w C:\Program Files\AMD2008-05-31 16:56 --------- d-----w C:\Documents and Settings\LocalService\Dane aplikacji\Xfire2008-05-31 16:55 472,576 ----a-w C:\WINDOWS\Nvidia Omega Drivers v2.169.21 Uninstall.exe2008-05-31 16:55 --------- d-----w C:\Program Files\Nvidia Omega Drivers2008-05-31 16:52 --------- d-----w C:\Program Files\Logitech2008-05-31 16:52 --------- d-----w C:\Program Files\Common Files\Logitech2008-05-31 16:46 --------- d-----w C:\Program Files\TGTSoft2008-05-31 16:46 --------- d-----w C:\Documents and Settings\NetworkService\Dane aplikacji\Xfire2008-05-31 16:45 --------- d-----w C:\Program Files\K-Lite Codec Pack2008-05-31 16:44 --------- d-----w C:\Documents and Settings\Marionetka\Dane aplikacji\Ashampoo2008-05-31 16:42 --------- d-----w C:\Program Files\Ashampoo2008-05-31 16:42 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ashampoo2008-05-31 16:40 --------- d-----w C:\Program Files\Common Files\COWON2008-05-31 16:39 --------- d-----w C:\Documents and Settings\Marionetka\Dane aplikacji\InstallShield2008-05-31 16:33 --------- d-----w C:\Program Files\DAEMON Tools Lite2008-05-31 16:31 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys2008-05-31 16:31 --------- d-----w C:\Documents and Settings\Marionetka\Dane aplikacji\DAEMON Tools2008-05-31 16:30 --------- d-----w C:\Program Files\LimeWire2008-05-31 15:51 --------- d-----w C:\Documents and Settings\Marionetka\Dane aplikacji\Gadu-Gadu2008-05-31 15:48 --------- d-----w C:\Program Files\SopCast2008-05-31 15:46 --------- d-----w C:\Program Files\IrfanView2008-05-31 15:46 --------- d-----w C:\Program Files\Gadu-Gadu2008-05-31 15:45 --------- d-----w C:\Program Files\FreeUndelete2008-05-31 15:43 --------- d-----w C:\Program Files\A4Tech2008-05-31 14:16 --------- d-----w C:\Program Files\Java2008-05-31 14:07 --------- d-----w C:\Program Files\Common Files\Java2008-05-31 13:47 --------- d-----w C:\Program Files\Thomson2008-05-31 13:37 --------- d-----w C:\Program Files\microsoft frontpage2008-05-31 13:35 --------- d-----w C:\Program Files\Usługi online2008-05-28 04:22 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll2008-05-28 04:22 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll2008-05-28 04:21 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll2008-05-28 04:21 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll2008-05-22 06:12 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll2008-05-22 06:12 3,850,760 ----a-w C:\WINDOWS\system32\D3DX9_38.dll2008-05-22 06:12 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll2008-03-16 12:30 216,064 --sh--r C:\WINDOWS\system32\nbDX.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-14 01:09 486856]"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 20:27 295424]"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 11:38 866816]"WheelMouse"="C:\Program Files\A4Tech\Mouse\Amoumain.exe" [2006-02-17 17:14 163840]"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 09:33 892928]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 07:41 81920]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 07:41 8523776]"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]"RTHDCPL"="RTHDCPL.EXE" [2006-02-10 12:25 15969280 C:\WINDOWS\RTHDCPL.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"SynchronousMachineGroupPolicy"= 0 (0x0)"SynchronousUserGroupPolicy"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]"NoStrCmpLogical"= 1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]"NoSMBalloonTip"= 1 (0x1)"MemCheckBoxInRunDlg"= 0 (0x0)"NoAutoTrayNotify"= 0 (0x0)"NoResolveTrack"= 0 (0x0)"NoResolveSearch"= 1 (0x1)"NoWelcomeScreen"= 1 (0x1)"NoRecentDocsNetHood"= 1 (0x1)"NoDesktopCleanupWizard"= 1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.I420"= i420vfw.dll"VIDC.XFR1"= xfcodec.dll"VIDC.YV12"= yv12vfw.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]--a------ 2004-08-04 00:44 15360 C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe"=R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]R3 ncfvsbus;NCF Virtual Serial Bus Enumerator;C:\WINDOWS\system32\DRIVERS\ncfvsbus.sys [2004-11-26 11:15]S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08].**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-12 17:00:46Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... **************************************************************************.------------------------ Other Running Processes ------------------------.C:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\PC Connectivity Solution\ServiceLayer.exe.**************************************************************************.Completion time: 2008-07-12 17:09:56 - machine was rebootedComboFix-quarantined-files.txt 2008-07-12 15:08:47Pre-Run: 11,597,934,592 bajtów wolnychPost-Run: 11,612,352,512 bajt˘w wolnych240 oto log, blad juz nie wystepuje, wielkie dzieki!
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.