tukisowy
(Lukasz Nt)
12 Maj 2008 20:58
#1
Witam , ostatnimi czasy coś mi nie grało w pc , przy włączaniu wyskakiwała ramka z błędem . Zainstalowałem avasta i wykrył amvo, nie wiem jak usunąć Podaje Log, z góry dziękuje
Combofix
ComboFix 08-05-11.1 - Łukasz i Monika 2008-05-12 22:50:14.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.697 [GMT 2:00] Running from: C:\Documents and Settings\Łukasz i Monika\Pulpit\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf C:\WINDOWS\system32\amvo.exe C:\WINDOWS\system32\amvo0.dll C:\WINDOWS\system32\msssc.dll . ((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))) . 2008-05-12 22:42 . 2008-03-17 20:01 100,836 -r-hs---- C:\3o.exe 2008-05-12 22:42 . 2008-05-12 22:50 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG 2008-05-12 22:20 . 2008-05-12 22:20 2008-05-12 22:17 . 2008-05-12 22:17 2008-05-12 22:14 . 2008-05-12 22:14 2008-05-12 22:14 . 2008-05-12 22:16 2008-05-12 22:14 . 2008-05-12 22:14 2008-05-12 21:29 . 2008-05-12 22:35 2008-05-12 00:57 . 2008-05-12 00:57 427 --a------ C:\WINDOWS\ODBC.INI 2008-05-12 00:55 . 2008-05-12 00:55 2008-05-12 00:54 . 2008-05-12 00:54 2008-05-10 17:36 . 2008-05-10 17:36 2008-05-10 14:14 . 2008-05-10 14:14 2008-05-10 14:14 . 2003-12-28 21:58 54,272 --a------ C:\WINDOWS\system32\KERNELH2.DLL 2008-05-10 12:12 . 2008-05-10 12:12 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe 2008-05-10 12:08 . 2008-05-10 12:12 2008-05-10 12:08 . 2008-05-10 12:16 2008-05-10 12:08 . 2008-05-10 12:08 2008-05-10 12:08 . 2008-05-10 12:08 2008-05-10 12:08 . 2008-05-12 22:18 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.dat.LOG 2008-05-10 11:34 . 2004-08-04 01:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-05-10 11:29 . 2008-05-10 11:29 2008-05-09 21:19 . 2008-05-09 21:19 2008-05-09 21:19 . 2008-05-09 21:19 2008-05-09 21:19 . 2008-05-12 22:42 2008-05-09 12:10 . 2008-05-09 12:10 2008-05-09 12:09 . 2008-05-09 12:09 2008-05-09 12:08 . 2008-05-09 12:09 2008-05-09 11:36 . 2008-05-10 11:52 2008-05-09 11:36 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-05-08 19:10 . 2003-12-11 11:15 626,960 -ra------ C:\WINDOWS\system32\hpvaut32.dll 2008-05-08 19:10 . 2003-12-11 11:15 487,424 -ra------ C:\WINDOWS\system32\hpvcp70.dll 2008-05-08 19:10 . 2003-12-11 11:15 344,064 -ra------ C:\WINDOWS\system32\hpvcr70.dll 2008-05-08 19:10 . 2003-12-11 11:15 82,432 -ra------ C:\WINDOWS\system32\MSXML4r.dll 2008-05-08 19:10 . 2003-12-11 11:15 44,544 -ra------ C:\WINDOWS\system32\MSXML4a.dll 2008-05-08 19:10 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2008-05-08 19:10 . 2004-08-03 23:01 25,856 --a–c— C:\WINDOWS\system32\dllcache\usbprint.sys 2008-05-08 19:08 . 2008-05-08 19:08 2008-05-08 19:08 . 2008-05-08 19:10 2008-05-08 19:08 . 2008-05-08 19:11 155,988 --a------ C:\WINDOWS\hpdj3740.his 2008-05-08 19:08 . 2008-05-08 19:11 10,686 --a------ C:\WINDOWS\hpdj3740.ini 2008-05-08 18:59 . 2008-05-08 18:59 2008-05-08 18:59 . 2008-05-08 18:59 2008-05-08 18:41 . 2008-05-12 22:45 2008-05-08 14:19 . 2008-05-08 14:19 2008-05-08 13:31 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2008-05-08 13:04 . 2008-05-08 13:04 2008-05-08 12:47 . 2008-05-08 12:47 2008-05-08 12:45 . 2008-05-08 12:45 2008-05-08 12:31 . 2008-05-12 22:01 2008-05-08 12:30 . 2008-05-08 12:30 2008-05-08 12:30 . 2008-05-12 22:10 2008-05-08 12:26 . 2008-05-08 12:26 2008-05-08 12:26 . 2008-05-08 12:26 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2008-05-08 12:23 . 2008-05-08 12:24 2008-05-08 12:23 . 2008-05-08 12:23 2008-05-08 12:23 . 2008-05-08 12:23 2008-05-08 10:55 . 2008-05-12 16:33 2008-05-08 10:54 . 2008-05-08 10:54 2008-05-08 10:52 . 2008-05-08 10:52 2008-05-08 10:52 . 2005-04-25 10:43 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys 2008-05-08 10:52 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys 2008-05-08 10:46 . 2008-05-08 10:46 2008-05-08 10:45 . 2008-05-08 10:45 2008-05-08 10:42 . 2008-05-08 10:45 2008-05-07 23:27 . 2008-05-07 23:27 2008-05-07 23:08 . 2008-05-07 23:08 2008-05-07 23:08 . 2008-05-08 18:42 2008-05-07 23:08 . 2008-05-08 18:42 2008-05-07 23:06 . 2008-05-07 23:06 107,132 --a------ C:\WINDOWS\UninstallFirefox.exe 2008-05-07 23:06 . 2008-05-07 23:10 2,924 --a------ C:\WINDOWS\mozver.dat 2008-05-07 23:06 . 2008-05-07 23:06 0 --a------ C:\WINDOWS\nsreg.dat 2008-05-07 23:03 . 2003-10-16 19:07 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll 2008-05-07 23:02 . 2008-05-07 23:02 2008-05-07 23:02 . 2008-05-07 23:02 2008-05-07 23:02 . 2008-05-07 23:02 2008-05-07 23:01 . 2008-05-07 23:01 2008-05-07 23:01 . 2008-05-11 20:17 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-11 22:54 --------- d-----w C:\Program Files\microsoft frontpage 2008-05-10 10:12 --------- d–h--w C:\Program Files\InstallShield Installation Information 2008-05-07 21:02 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2008-05-07 20:59 --------- d-----w C:\Program Files\MyPortal 2008-05-07 20:59 --------- d-----w C:\Program Files\IrfanView 2008-05-07 20:56 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-05-07 20:56 --------- d-----w C:\Program Files\Analog Devices 2008-05-07 20:48 --------- d-----w C:\Program Files\Usługi online 2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 01:44 15360] “SpeedX”=“C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe” [2006-06-27 14:11 46718] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-04-19 17:43 2101248] “AutoConnect”=“C:\Program Files\AutoConnect\AutoConnect.exe” [2006-12-03 01:14 310784] “Konnekt”=“C:\Program Files\Konnekt\konnekt.exe” [2004-12-20 20:40 376832] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-01-15 16:14 147456] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2006-10-22 12:22 7700480] “nwiz”=“nwiz.exe” [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2006-10-22 12:22 86016] “Smapp”=“C:\Program Files\Analog Devices\SoundMAX\SMTray.exe” [2003-05-05 08:57 143360] “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 19:07 24576] “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 19:07 20480] “WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 19:07 53248] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 22:16 39792] “WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2006-06-21 19:14 35328] “DU Meter”=“C:\Program Files\DU Meter\DUMeter.exe” [2005-02-01 19:28 1469952] “HP Component Manager”=“C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” [2003-12-22 08:38 241664] “HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe” [2004-05-13 03:28 172032] “HP Software Update”=“C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe” [2004-05-13 03:28 49152] “LogitechCommunicationsManager”=“C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe” [2007-02-08 01:12 488984] “LogitechQuickCamRibbon”=“C:\Program Files\Logitech\QuickCam10\QuickCam10.exe” [2007-02-08 01:13 774168] “NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2006-01-12 15:40 155648] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 01:44 15360] C:\Documents and Settings\ťukasz i Monika\Menu Start\Programy\Autostart\ Deer Hunter 2005 Registration.lnk - C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE [2004-08-27 21:30:18 4947968] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-05-07 23:02:41 962661] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-05-10 12:12:41 67128] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 20:05:56 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “VIDC.X264”= x264vfw.dll “vidc.yv12”= yv12vfw.dll “msacm.divxa32”= divxa32.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] “AntiVirusOverride”=dword:00000001 [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “C:\Program Files\Gadu-Gadu\gg.exe”= “C:\Program Files\uTorrent\utorrent.exe”= “C:\Program Files\Konnekt\konnekt.exe”= “%windir%\Network Diagnostic\xpnetdiag.exe”= “C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe”= “C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe”= “C:\Program Files\Skype\Phone\Skype.exe”= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C] \Shell\AutoRun\command - C:\3o.exe \Shell\explore\Command - C:\3o.exe \Shell\open\Command - C:\3o.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\3o.exe \Shell\explore\Command - D:\3o.exe \Shell\open\Command - D:\3o.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\3o.exe \Shell\explore\Command - E:\3o.exe \Shell\open\Command - E:\3o.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\3o.exe \Shell\explore\Command - F:\3o.exe \Shell\open\Command - F:\3o.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] \Shell\AutoRun\command - H:\Launcher.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b5d19a51-1cda-11dd-95d0-4d6564696130}] \Shell\AutoRun\command - I:\3o.exe \Shell\explore\Command - I:\3o.exe \Shell\open\Command - I:\ *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-12 22:51:23 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-12 22:52:00 ComboFix-quarantined-files.txt 2008-05-12 20:51:55 Pre-Run: 18,444,062,720 bajtów wolnych Post-Run: 19,132,612,608 bajtów wolnych 200 — E O F — 2008-05-10 09:52:29 HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:01:35, on 2008-05-12 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\AutoConnect\AutoConnect.exe C:\Program Files\Konnekt\konnekt.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM…\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM…\Run: [HP Component Manager] “C:\Program Files\HP\hpcoretech\hpcmpmgr.exe” O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe O4 - HKLM…\Run: [HP Software Update] “C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe” O4 - HKLM…\Run: [LogitechCommunicationsManager] “C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe” O4 - HKLM…\Run: [LogitechQuickCamRibbon] “C:\Program Files\Logitech\QuickCam10\QuickCam10.exe” /hide O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [speedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU…\Run: [Konnekt] “C:\Program Files\Konnekt\konnekt.exe” /autostart O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Startup: Deer Hunter 2005 Registration.lnk = C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O17 - HKLM\System\CCS\Services\Tcpip…{02C75AA0-BDFA-453D-97FB-350222EE309A}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS1\Services\Tcpip…{02C75AA0-BDFA-453D-97FB-350222EE309A}: NameServer = 194.204.159.1 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip…{02C75AA0-BDFA-453D-97FB-350222EE309A}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe – End of file - 7448 bytes
Leon1
(Leon$)
12 Maj 2008 21:12
#2
Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl
Wylecz pendriva lub kartę pamięci http://www.softpedia.com/get/Security/S … Tool.shtml lub format
Flash Disinfector http://www.searchengines.pl/index.php?s … ntry369724
Otwórz notatnik i wklej
zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
http://img.wklej.org/images/88953CFScri … iemoes.gif
Powinno rozpocząć się usuwanie
Potem log z usuwania Combofix
huber2t
(huber2t)
13 Maj 2008 02:56
#4
otwórz notatnik i wklej
Z menu Notatnika -> Plik -> Zapisz jako -> Zmień rozszerzenie z .txt na wszystkie pliki -> zapisz pod nazwą Fix.reg
Uruchom ten plik, uruchom ponownie komputer
Log wyglada na czysty
Usuń ręcznie folder C: \Qoobox,usuń instalkę Combofix z dysku
Wykonaj optymalizację autostartu
Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja
Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum
Włącz przywracanie systemu.
Agaton
(Agatonster)
13 Maj 2008 07:06
#5
tukisowy ,
W związku ze zmianą, jaka obowiązuje przy wklejaniu logów w tym dziale, przeczytaj i zastosuj się do Tematu