LinQ utworzono 19 sierpnia 2008 utworzono 19 sierpnia 2008 Witam. Niefortunnie dostał się do mojego kompa okropny program... "Antivirus XP 2008" który nakłaniał mnie do kupna jego pełnej wersji i namotał mi troszkę w rejestrze. Rejestr juz oczyściłem z syfu ale został mi jeden problem, mianowicie ten program okroił mnie z części apletu zmian właściwości pulpitu <_< ... nie mam jak zmienić tapety, jej właściwości i tym podobne... jak to przywrócić? Miał ktoś podobny problem?
LinQ komentarz 19 sierpnia 2008 Autor komentarz 19 sierpnia 2008 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:50:58, on 2008-08-19Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\IBM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\wscntfy.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\PuXpMan2.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\TGTSoft\StyleXP\StyleXP.exeC:\Program Files\DAEMON Tools Lite\daemon.exeC:\Program Files\DNA\btdna.exeC:\Program Files\IBM\Bluetooth Software\BTTray.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\WapSter\WapSter AQQ\AQQ.exeC:\Program Files\BearShare\BearShare.exeE:\programy dla dj'a\fl studio\FL 7\FL\FL.exeC:\PROGRA~1\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/plR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dllO3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLLO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [mspwr] C:\WINDOWS\system32\PuXpMan2.exeO4 - HKLM\..\Run: [PwrUpTweakMe] C:\WINDOWS\system32\PuXpTwks.exe /TWEAKO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exeO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exeO4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /sO4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.08\RivaTuner.exe" /SO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [lphc7mej0er3j] C:\WINDOWS\system32\lphc7mej0er3j.exeO4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUpsO4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\WapSter AQQ\AQQ.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -HideO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorunO4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /FixupsO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: BTTray.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXEO8 - Extra context menu item: Pobierz używając Download &Express'a - C:\Program Files\Download Express\Add_Url.htmO8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htmO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{F1CC7008-A440-499D-BBE7-3E7873CCC49A}: NameServer = 194.204.159.1,194.204.152.24O17 - HKLM\System\CCS\Services\Tcpip\..\{F76DB05F-2573-4EF6-AEAF-1C679720B2C2}: NameServer = 194.204.159.1 194.204.152.34O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exeO23 - Service: hpdj - Unknown owner - C:\DOCUME~1\LinQ\USTAWI~1\Temp\hpdj.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe Proszę bardzo...
Psycholandia komentarz 19 sierpnia 2008 komentarz 19 sierpnia 2008 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearshare.com/pl O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLLO3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLLO4 - HKLM\..\Run: [lphc7mej0er3j] C:\WINDOWS\system32\lphc7mej0er3j.exe To wszystko zaznacz i Fix. Pobierz i użyj programu: Malwarebytes' Anti-Malware Wciśnij Scan, wybierz dyski do skanowania i czekaj, na końcu wciśnij Remove Selected i Ok.
LinQ komentarz 20 sierpnia 2008 Autor komentarz 20 sierpnia 2008 Juz naprawiłem, wszystko gra!! Andziorku, jestes wielka!! Dzięki :* Temat mozna juz zamknąć
Gość komentarz 21 sierpnia 2008 komentarz 21 sierpnia 2008 Proszę o log z ComboFixa.HJT to za mało, żeby wyleczyć infekcje.
LinQ komentarz 22 sierpnia 2008 Autor komentarz 22 sierpnia 2008 ComboFix 08-08-21.02 - LinQ 2008-08-22 23:40:57.1 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.442 [GMT 2:00]Running from: C:\Documents and Settings\LinQ\Pulpit\ComboFix.exe * Created a new restore point[b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b].((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\system32\a.exeC:\WINDOWS\system32\mdm.exe.((((((((((((((((((((((((( Files Created from 2008-07-22 to 2008-08-22 ))))))))))))))))))))))))))))))).2008-08-21 00:53 . 2008-08-21 00:53 <DIR> d-------- C:\Program Files\K-Lite Codec Pack2008-08-21 00:53 . 2007-11-29 23:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll2008-08-19 23:40 . 2008-08-19 23:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware2008-08-19 23:40 . 2008-08-19 23:40 <DIR> d-------- C:\Documents and Settings\LinQ\Dane aplikacji\Malwarebytes2008-08-19 23:40 . 2008-08-19 23:40 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes2008-08-19 23:40 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys2008-08-19 23:40 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys2008-08-19 21:50 . 2008-08-19 21:50 <DIR> d-------- C:\Program Files\Trend Micro2008-08-19 20:33 . 2008-08-19 20:36 <DIR> d-------- C:\Program Files\RegCleaner2008-08-19 20:23 . 2008-08-19 20:24 <DIR> d-------- C:\WINDOWS\system32\NtmsData2008-08-18 21:01 . 2008-08-18 21:01 <DIR> d-------- C:\ATI Omega Driver2008-08-18 20:42 . 2005-05-25 14:49 20,992 --a------ C:\WINDOWS\system32\sfdrvrem.exe2008-08-17 14:13 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys2008-08-17 14:13 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys2008-07-27 23:29 . 2008-07-27 23:29 <DIR> d-------- C:\Documents and Settings\LinQ\Dane aplikacji\Apple Computer2008-07-27 23:11 . 2008-07-27 23:12 <DIR> d-------- C:\Program Files\QuickTime2008-07-27 23:11 . 2008-07-27 23:11 <DIR> d-------- C:\Program Files\Apple Software Update2008-07-27 23:11 . 2008-07-27 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer2008-07-27 23:11 . 2008-07-27 23:11 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Apple2008-07-27 12:53 . 2008-08-12 00:52 <DIR> d-------- C:\Documents and Settings\LinQ\EurekaLog.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-08-22 21:40 --------- d-----w C:\Documents and Settings\LinQ\Dane aplikacji\DNA2008-08-19 18:08 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys2008-08-11 22:39 --------- d-----w C:\Documents and Settings\LinQ\Dane aplikacji\MyPhoneExplorer2008-07-16 20:48 --------- d-----w C:\Program Files\WapSter2008-07-10 21:23 --------- d-----w C:\Documents and Settings\LinQ\Dane aplikacji\Leadertech2008-07-10 05:43 --------- d-----w C:\Program Files\DNA2008-07-10 05:43 --------- d-----w C:\Program Files\BitTorrent2008-06-22 10:31 --------- d-----w C:\Documents and Settings\LinQ\Dane aplikacji\Winamp1999-05-17 12:58 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL1998-12-09 01:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL1998-12-09 01:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL1998-12-09 01:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL1998-12-09 01:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL1998-12-09 01:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AQQ"="C:\PROGRA~1\WapSter\WapSter AQQ\AQQ.exe" [2008-07-10 11:11 1597936]"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:55 1667584]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31 1372160]"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-07-10 07:43 289088][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]"mspwr"="C:\WINDOWS\system32\PuXpMan2.exe" [2005-09-29 11:05 110592]"PwrUpTweakMe"="C:\WINDOWS\system32\PuXpTwks.exe" [2005-09-12 10:36 45056]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 11:40 49152]"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 10:08 172032]"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 20:56 40960]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 21:21 57344]"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.08\RivaTuner.exe" [2008-03-10 10:10 2691072]"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360]C:\Documents and Settings\LinQ\Menu Start\Programy\Autostart\Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\BTTray.lnk - C:\Program Files\IBM\Bluetooth Software\BTTray.exe [2004-01-20 19:15:12 507965]Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1045\OLFSNT40.EXE [1999-05-17 14:59:04 46080][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.X264"= x264vfw.dll"VIDC.HFYU"= huffyuv.dll"VIDC.YV12"= yv12vfw.dll"msacm.divxa32"= divxa32.acm[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\WapSter\\AQQ\\AQQ.exe"="C:\\PROGRA~1\\WapSter\\AQQ\\AQQ.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe"="E:\\gry\\Soldat\\Soldat.exe"="C:\\Program Files\\TansuTCP\\TansuTCPTrace.exe"="C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe"=R0 traces;traces;C:\WINDOWS\system32\Drivers\traces.sys [2007-12-31 14:12]R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]R1 NetPeeker;NetPeeker;C:\WINDOWS\system32\Drivers\NetPeeker.sys [2008-04-16 17:38]R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]S0 NVStrap;NVStrap;C:\WINDOWS\system32\drivers\NVStrap.sys [2008-03-10 10:10]S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2254f788-ff44-11dc-b7ab-0040f4b4ea97}]\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe\Shell\Open(&0)\command - Recycled\ctfmon.exe*Newly Created Service* - CATCHME*Newly Created Service* - PROCEXP90.Contents of the 'Scheduled Tasks' folder2008-08-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57].- - - - ORPHANS REMOVED - - - -HKLM-Run-NWEReboot - (no file).------- Supplementary Scan -------.FireFox -: Profile - C:\Documents and Settings\LinQ\Dane aplikacji\Mozilla\Firefox\Profiles\iypd6ox8.default\FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.daemon-search.com/default.**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-08-22 23:42:39Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-08-22 23:43:39ComboFix-quarantined-files.txt 2008-08-22 21:43:36Pre-Run: 931,033,088 bajtów wolnychPost-Run: 998,236,160 bajtów wolnych144 skoro tak mowisz... prosze jeszcze logi z combofix
Gość komentarz 23 sierpnia 2008 komentarz 23 sierpnia 2008 Jest tylko wpis w rejestrze. Wklej do Notatnika taki tekst: Windows Registry Editor Version 5.00[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2254f788-ff44-11dc-b7ab-0040f4b4ea97}] Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: "Wszystkie pliki" >>> Zapisz jako FIX.REG>>> plik uruchom (dwuklik i OK- zgódź się na dodanie do Rejestru). Zrestartuj komputer. Usuń ręcznie folder C:\Qoobox, Usuń instalkę ComboFix z dysku. Wykonaj optymalizację autostartu Przeczyść komputer Ccleanerem Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum. lub Dr.WEB CureIt!.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.