Brak pliku msubxhro.dll - proszę o pomoc

skrzatx0 · 11 Grudzień 2008 19:00

Win XP SP3

Avast wykrył w msubxhro.dll trojana, potwierdził to F-secure. Nieopatrznie zgodziłem się na wyrzucenie go.

Przy każdym uruchomieniu jakiejkolwiek aplikacji włącznie ze ładowaniem się systemu pokazuje się okno:

Uruchomienie tej aplikacji nie powiodło się ponieważ nie znaleziono msubxhro.dll. Ponowne zainstalowanie aplikacji może naprawić ten problem.

Znika po naciśnieciu OK lub Esc. Przy przywracaniu systemu mam komunikat o braku zmian i braku potrzeby wykonania.

Czy ktoś ma pomysł co z tym zrobić aby uniknąć przeinstalowywania systemu ?

Oto logi z ComboFix:

ComboFix 08-12-07.04 - Admin 2008-12-09 20:49:43.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.693 [GMT 1:00]

Uruchomiony z: c:\documents and settings\Admin\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\Admin\Pulpit\CFScript.txt

* Utworzono nowy punkt przywracania


FILE ::

c:\windows\system32\myfastupdate.exe

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\windows\system32\myfastupdate.exe


.

((((((((((((((((((((((((( Pliki utworzone od 2008-11-09 do 2008-12-09 )))))))))))))))))))))))))))))))

.


2008-12-08 20:56 . 2008-12-09 18:05 




log z Silent Runners:

[code] “Silent Runners.vbs”, revision 59, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “PcSync” = “C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog” [“Time Information Services Ltd.”] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “H/PC Connection Agent” = ““C:\Program Files\Microsoft ActiveSync\Wcescomm.exe”” [MS] “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [“ALWIL Software”] “WinampAgent” = ““C:\Program Files\Winamp\winampa.exe”” [null data] “UserFaultCheck” = “%systemroot%\system32\dumprep 0 -u” [MS] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre6\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “PCSuiteTrayApplication” = “C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup” [“Nokia”] “NeroFilterCheck” = “C:\WINDOWS\system32\NeroCheck.exe” [“Ahead Software Gmbh”] “InCD” = “C:\Program Files\Ahead\InCD\InCD.exe” [“Ahead Software AG”] “Adobe Reader Speed Launcher” = ““C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”” [“Adobe Systems Incorporated”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {000123B4-9B42-4900-B3F7-F4B073EFC214}(Default) = “btorbit.com” -> {HKLM…CLSID} = “Octh Class” \InProcServer32(Default) = “C:\Program Files\Orbitdownloader\orbitcth.dll” [“Orbitdownloader.com”] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “Java? Plug-In SSV Helper” \InProcServer32(Default) = “C:\Program Files\Java\jre6\bin\ssv.dll” [“Sun Microsystems, Inc.”] {DBC80044-A445-435b-BC74-9C25C1C588A9}(Default) = (no title provided) -> {HKLM…CLSID} = “Java? Plug-In 2 SSV Helper” \InProcServer32(Default) = “C:\Program Files\Java\jre6\bin\jp2ssv.dll” [“Sun Microsystems, Inc.”] {E7E6F031-17CE-4C07-BC86-EABFE594F69C}(Default) = “JQSIEStartDetectorImpl” -> {HKLM…CLSID} = “JQSIEStartDetectorImpl Class” \InProcServer32(Default) = “C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll” [“Sun Microsystems, Inc.”] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{950FF917-7A57-46BC-8017-59D9BF474000}” = “Shell Extension for CDRW” -> {HKLM…CLSID} = “Shell Extension for CDRW” \InProcServer32(Default) = “C:\Program Files\Ahead\InCD\incdshx.dll” [“Ahead Software AG”] “{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}” = “PhoneBrowser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] “{FCF608CF-5716-47C3-A1A8-991D873AF72B}” = “Delphi Context Menu Shell Extension Example” -> {HKLM…CLSID} = “Delphi Context Menu Shell Extension Example” \InProcServer32(Default) = “E:\MAREK\PROGRA~1\EXIFER~1\EXIFER~1.DLL” [null data] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{49BF5420-FA7F-11cf-8011-00A0C90A8F78}” = “Mobile Device” -> {HKLM…CLSID} = “Urządzenie przenośne” \InProcServer32(Default) = “C:\PROGRA~1\MICROS~4\Wcesview.dll” [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <> “BootExecute” = “autocheck autochk *”|“lsdelete” [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\SOFTWARE\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] ContMenu(Default) = “{FCF608CF-5716-47C3-A1A8-991D873AF72B}” -> {HKLM…CLSID} = “Delphi Context Menu Shell Extension Example” \InProcServer32(Default) = “E:\MAREK\PROGRA~1\EXIFER~1\EXIFER~1.DLL” [null data] Default executables: -------------------- <> HKLM\SOFTWARE\Classes.com(Default) = “ComFile” Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoDrives” = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ “NoDrives” = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “HideLegacyLogonScripts” = (REG_DWORD) dword:0x00000000 {unrecognized setting} “HideLogoffScripts” = (REG_DWORD) dword:0x00000000 {unrecognized setting} “HideStartupScripts” = (REG_DWORD) dword:0x00000000 {unrecognized setting} “RunLogonScriptSync” = (REG_DWORD) dword:0x00000001 {unrecognized setting} “RunStartupScriptSync” = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) dword:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) dword:0x00000001 {Devices: Allow undock without having to log on} “DisableRegistryTools” = (REG_DWORD) dword:0x00000000 {unrecognized setting} “HideLegacyLogonScripts” = (REG_DWORD) dword:0x00000000 {unrecognized setting} “HideLogoffScripts” = (REG_DWORD) dword:0x00000000 {unrecognized setting} “RunLogonScriptSync” = (REG_DWORD) dword:0x00000001 {unrecognized setting} “RunStartupScriptSync” = (REG_DWORD) dword:0x00000000 {unrecognized setting} “HideStartupScripts” = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AlcoholAutoPlayV2.BurnDisc\ “Provider” = “Alcohol 120%” “InvokeProgID” = “AlcoholAutoPlayV2” “InvokeVerb” = “BurnDisc” HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\BurnDisc\command(Default) = ““E:\MAREK\Programy bez instalacji\Alcohol Soft\Alcohol 120\Alcohol.exe” %1” [“Alcohol Soft Development Team”] AlcoholAutoPlayV2.ReadDisc\ “Provider” = “Alcohol 120%” “InvokeProgID” = “AlcoholAutoPlayV2” “InvokeVerb” = “ReadDisc” HKLM\SOFTWARE\Classes\AlcoholAutoPlayV2\shell\ReadDisc\command(Default) = ““E:\MAREK\Programy bez instalacji\Alcohol Soft\Alcohol 120\Alcohol.exe” %1” [“Alcohol Soft Development Team”] BlankCDHandler\ “Provider” = “@C:\Program Files\Ahead\nero\APHandler.dll,-101” “InvokeProgID” = “APHandler.Handler.1” “InvokeVerb” = “BlankCD” HKLM\SOFTWARE\Classes\APHandler.Handler.1\shell\BlankCD\command(Default) = “C:\Program Files\Ahead\nero\nero.exe /BlankCD” [“Ahead Software AG”] CDAudioHandler\ “Provider” = “@C:\Program Files\Ahead\nero\APHandler.dll,-101” “InvokeProgID” = “APHandler.Handler.1” “InvokeVerb” = “CDAudio” HKLM\SOFTWARE\Classes\APHandler.Handler.1\shell\CDAudio\command(Default) = “C:\Program Files\Ahead\nero\nero.exe /CDAudio” [“Ahead Software AG”] IviDVDEventHandler\ “Provider” = “InterVideo WinDVD” “InvokeProgID” = “DVD” “InvokeVerb” = “play” HKLM\SOFTWARE\Classes\DVD\shell\play\command(Default) = ““C:\Program Files\Windows Media Player\wmplayer.exe” /prefetch:4 /device:DVD “%L”” [MS] IviVideoCDHandler\ “Provider” = “InterVideo WinDVD” “InvokeProgID” = “Ivi.MediaFile” “InvokeVerb” = “play” HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command(Default) = ““C:\Program Files\Leadtek\WinFastDVD\WinFastDVD.exe” %1” [“InterVideo Inc.”] MSVideoCameraArrival\ “Provider” = “@C:\Program Files\Movie Maker\1045\wmm2res.dll,-100” “ProgID” = “Shell.HWEventHandlerShellExecute” “InitCmdLine” = ““C:\Program Files\Movie Maker\moviemk.exe” /RECORD” HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID(Default) = “{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}” -> {HKLM…CLSID} = “ShellExecute HW Event Handler” \LocalServer32(Default) = “rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}” [MS] MSWPDShellNamespaceHandler\ “Provider” = “@%SystemRoot%\System32\WPDShextRes.dll,-501” “CLSID” = “{A55803CC-4D53-404c-8557-FD63DBA95D24}” “InitCmdLine” = " " -> {HKLM…CLSID} = “WPDShextAutoplay” \LocalServer32(Default) = “C:\WINDOWS\system32\WPDShextAutoplay.exe” [MS] NeroAutoPlay2AudioToNeroDigital\ “Provider” = “Nero Burning ROM” “InvokeProgID” = “Nero.AutoPlay2” “InvokeVerb” = “PlayCDAudioOnArrival_AudioToNeroDigital” HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_AudioToNeroDigital\command(Default) = “C:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracks /Drive:%L” [“Ahead Software AG”] NeroAutoPlay2CDAudio\ “Provider” = “Nero Burning ROM” “InvokeProgID” = “Nero.AutoPlay2” “InvokeVerb” = “HandleCDBurningOnArrival_CDAudio” HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command(Default) = “C:\Program Files\Ahead\nero\nero.exe /New:AudioCD /Drive:%L” [“Ahead Software AG”] NeroAutoPlay2CopyCD\ “Provider” = “Nero Burning ROM” “InvokeProgID” = “Nero.AutoPlay2” “InvokeVerb” = “PlayCDAudioOnArrival_CopyCD” HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command(Default) = “C:\Program Files\Ahead\nero\nero.exe /Dialog:DiscCopy /Drive:%L” [“Ahead Software AG”] NeroAutoPlay2DataDisc\ “Provider” = “Nero Burning ROM” “InvokeProgID” = “Nero.AutoPlay2” “InvokeVerb” = “HandleCDBurningOnArrival_DataDisc” HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command(Default) = “C:\Program Files\Ahead\nero\nero.exe /New:ISODisc /Drive:%L” [“Ahead Software AG”] NeroAutoPlay2LaunchNeroStartSmart\ “Provider” = “Nero StartSmart” “InvokeProgID” = “Nero.AutoPlay2” “InvokeVerb” = “HandleCDBurningOnArrival_LaunchNeroStartSmart” HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command(Default) = “C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L” [“Ahead Software AG”] NeroAutoPlay2PlayDVD\ “Provider” = “Nero ShowTime” “InvokeProgID” = “Nero.AutoPlay2” “InvokeVerb” = “PlayVideoFilesOnArrival_PlayDVD” HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayVideoFilesOnArrival_PlayDVD\command(Default) = “C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe /Play %L” [“Ahead software AG”] NeroAutoPlay2RipCD\ “Provider” = “Nero Burning ROM” “InvokeProgID” = “Nero.AutoPlay2” “InvokeVerb” = “PlayCDAudioOnArrival_RipCD” HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_RipCD\command(Default) = “C:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracks /Drive:%L” [“Ahead Software AG”] NeroAutoPlay2VideoCapture\ “Provider” = “NeroVision Express SE” “InvokeProgID” = “Nero.AutoPlay2” “InvokeVerb” = “VideoCameraArrival_VideoCapture” HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\VideoCameraArrival_VideoCapture\command(Default) = “C:\Program Files\Ahead\NeroVision\NeroVision.exe /New:VideoCapture /Drive:%L” [“Ahead Software AG”] NeroAutoPlay2ViewPhotos\ “Provider” = “Nero PhotoSnap Viewer” “InvokeProgID” = “Nero.AutoPlay2” “InvokeVerb” = “ShowPicturesOnArrival_ViewPhotos” HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\ShowPicturesOnArrival_ViewPhotos\command(Default) = “C:\Program Files\Ahead\Nero PhotoSnap\PhotoSnapViewer.exe /Drive:%L” [“Ahead Software AG”] NMMPlayCDAudioOnArrival\ “Provider” = “Nokia Music Manager” “InvokeProgID” = “NokiaMusicManager” “InvokeVerb” = “NMMPlayCD” HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMPlayCD\command(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe /playCD “%L”” [“Nokia”] NMMRipCDAudioOnArrival\ “Provider” = “Nokia Music Manager” “InvokeProgID” = “NokiaMusicManager” “InvokeVerb” = “NMMRipCD” HKLM\SOFTWARE\Classes\NokiaMusicManager\shell\NMMRipCD\command(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\MusicManager.exe /ripCD “%L”” [“Nokia”] WinampMTPHandler\ “Provider” = “Winamp” “ProgID” = “Shell.HWEventHandlerShellExecute” “InitCmdLine” = “C:\Program Files\Winamp\winamp.exe” HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID(Default) = “{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}” -> {HKLM…CLSID} = “ShellExecute HW Event Handler” \LocalServer32(Default) = “rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}” [MS] WinampPlayMediaOnArrival\ “Provider” = “Winamp” “InvokeProgID” = “Winamp.File” “InvokeVerb” = “Play” HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command(Default) = "“C:\Program Files\Winamp\winamp.exe” “%1"” [“Nullsoft”] HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = “{46986115-84D6-459c-8F95-52DD653E532E}” -> {HKLM…CLSID} = (no title provided) \LocalServer32(Default) = ““C:\Program Files\Winamp\winamp.exe”” [“Nullsoft”] Startup items in “Admin” & “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Microsoft Office” -> shortcut to: “C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l” [MS] “Orbit” -> shortcut to: “C:\Program Files\Orbitdownloader\orbitdm.exe /H” [“Orbitdownloader.com”] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000004\LibraryPath = “%SystemRoot%\System32\nwprovau.dll” [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 25 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {85D1F590-48F4-11D9-9669-0800200C9A66}\ “MenuText” = “Uninstall BitDefender Online Scanner v8” “Exec” = “%windir%\bdoscandel.exe” [null data] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ “ButtonText” = “Messenger” “MenuText” = “Windows Messenger” “Exec” = “C:\Program Files\Messenger\msmsgs.exe” [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [“ALWIL Software”] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [“ALWIL Software”] InCD Helper, InCDsrv, “C:\Program Files\Ahead\InCD\InCDsrv.exe” [“Ahead Software AG”] Java Quick Starter, JavaQuickStarterService, ““C:\Program Files\Java\jre6\bin\jqs.exe” -service -config “C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf”” [“Sun Microsystems, Inc.”] Karta wydajności WMI, WmiApSrv, “C:\WINDOWS\System32\wbem\wmiapsrv.exe” [MS] Lavasoft Ad-Aware Service, aawservice, ““C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe”” [“Lavasoft”] PnkBstrA, PnkBstrA, “C:\WINDOWS\system32\PnkBstrA.exe” [null data] ServiceLayer, ServiceLayer, ““C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe”” [“Nokia.”] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ Monitor 2 języka BJ\Driver = “CNBJMON2.DLL” [MS] Monitor języka PJL\Driver = “PJLMON.DLL” [MS] ---------- (launch time: 2008-12-09 21:49:14) <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 59 seconds. ---------- (total run time: 123 seconds)

Czy może ktoś miał podobny problem ?

Wszystko działa normalnie, ale trzeba się strasznie naklikac aby kasowac te komunikaty.

Proszę o pomoc.

:?:

huber2t · 12 Grudzień 2008 09:50

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

Driver::

NVDual

SetupNTGLM7X

Plik -> zapisz jako -> CFScript.txt.

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu->

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklej.eu lub na http://wklej.org a w poście dajesz tylko link

skrzatx0 · 12 Grudzień 2008 20:38

Dziękuję za podpowiedź.

Problem już chyba rozwiązany dzięki radom na innym forum.

Zamieniłem plik imm32.dll uszkodzony przez prawdopodobnie Crimea z takim samym (oczywiście z innymi datami) z katalogu c:\windows\servicepackfiles\i386.

Wszystko jest OK.

W trakcie tej kilkudniowej walki utworzyłem na c: konsolę odzyskiwania.

W postach na forum przeczytałem co trzeba skasować aby jej się pozbyć, ale nie mogę wyrzucić plików z katalogu cmdcons chociaz zmieniam im atrybuty.

Jak to zrobić ? :?:

Wg instrukcji w trybie awaryjnym nie udaje mi się zmienić praw. Może jest jakiś programik albo skrypt do usunięcia ?

skrzatx0 · 12 Grudzień 2008 21:26

Dziękuję za dobre chęci.

Katalog skasowany unlockerem.

Temat do zamknięcia.

=D>