Explorer się wyłącza

Magoru · 23 Lipiec 2008 12:06

Witam

Wiem że nazwałem temat dosyć banalnie, jednak nie wiem jak inaczej mogę sprecyzować go, postaram się rozpisać w temacie

żeby nie zaśmiecać forum napiszę w tym topicu także drugi i trzeci problem ; >

Więc, ostatnio złapałem po zainstalowaniu durnego programu , który niby miał przyspieszyć neta(wow, przyspieszył aż o 1 kbp/s według speedtest.net), wiem, naiwny jestem, proszę mnie nie wyśmiewać ; > ,niby wszystko było dobrze, do momentu, po 10 minutach explorer się wyłączył , nie wiem z jakiego powodu, włączał i wyłączał, jestem w 90% przekonany że z instalką był jakiś syf, (morfinu1864.exe), taki o to plik pojawił się u mnie w C:\windows, Próba usunięcia , zakończyła się klęską, Skanowałem spybotem system, wykrył mi Virtumonde

Walczyłem z tym z pomocą tej strony

http://cybertrash.pl/images/tata/Vundo/ … Vundo.html

Po którymś z kolei zrestartowaniu komputera, problem wyłączającego explorera ustąpił, powrócił gdy zaaktualizowałem Firefoxa do 3.01

Taka rzecz dzieje mi się po raz 1, dlatego zamieszczam logi z hijacka. ,VBG

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:52:06, on 2008-07-23

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\winsys2.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe

I:\Program Files\Steam\Steam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll

O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe

O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe

O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min

O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKCU\..\Run: [AQQ] C:\PROGRA~1\WapSter\AQQ\AQQ.exe

O4 - HKCU\..\Run: [Expressivo] "C:\Program Files\ivo\Expressivo\expressivo.exe" -t

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215548576250

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


--

End of file - 4576 bytes

[07/22/2008, 23:44:11] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Lech.LECHU\Pulpit\VirtumundoBeGone.exe" )

[07/22/2008, 23:44:39] - Detected System Information:

[07/22/2008, 23:44:39] - Windows Version: 5.1.2600, Dodatek Service Pack 2

[07/22/2008, 23:44:39] - Current Username: Lech (Admin)

[07/22/2008, 23:44:39] - Windows is in NORMAL mode.

[07/22/2008, 23:44:39] - Searching for Browser Helper Objects:

[07/22/2008, 23:44:39] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)

[07/22/2008, 23:44:39] - BHO 2: {18ECF4B4-3186-440A-85C5-00281EEC19E6} ()

[07/22/2008, 23:44:39] - WARNING: BHO has no default name. Checking for Winlogon reference.

[07/22/2008, 23:44:39] - Checking for HKLM\...\Winlogon\Notify\rqRLBust

[07/22/2008, 23:44:39] - Key not found: HKLM\...\Winlogon\Notify\rqRLBust, continuing.

[07/22/2008, 23:44:39] - BHO 3: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (FGCatchUrl)

[07/22/2008, 23:44:39] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)

[07/22/2008, 23:44:39] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)

[07/22/2008, 23:44:39] - BHO 6: {8143CA36-3B78-4FAE-B26E-08273260707E} ()

[07/22/2008, 23:44:39] - WARNING: BHO has no default name. Checking for Winlogon reference.

[07/22/2008, 23:44:39] - No filename found. Continuing.

[07/22/2008, 23:44:39] - BHO 7: {85F685C3-20D9-4943-95E4-EB4224056C3F} (Expressivo)

[07/22/2008, 23:44:39] - BHO 8: {E5A1691B-D188-4419-AD02-90002030B8EE} (FlashFXP Helper for Internet Explorer)

[07/22/2008, 23:44:39] - BHO 9: {EAB15366-0E81-476D-83CC-1052FDF017C8} ()

[07/22/2008, 23:44:39] - WARNING: BHO has no default name. Checking for Winlogon reference.

[07/22/2008, 23:44:39] - Checking for HKLM\...\Winlogon\Notify\urqRLebY

[07/22/2008, 23:44:39] - Found: HKLM\...\Winlogon\Notify\urqRLebY - This is probably Virtumundo.

[07/22/2008, 23:44:39] - Assigning {EAB15366-0E81-476D-83CC-1052FDF017C8} MSEvents Object

[07/22/2008, 23:44:39] - BHO list has been changed! Starting over...

[07/22/2008, 23:44:39] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)

[07/22/2008, 23:44:39] - BHO 2: {18ECF4B4-3186-440A-85C5-00281EEC19E6} ()

[07/22/2008, 23:44:39] - WARNING: BHO has no default name. Checking for Winlogon reference.

[07/22/2008, 23:44:39] - Checking for HKLM\...\Winlogon\Notify\rqRLBust

[07/22/2008, 23:44:39] - Key not found: HKLM\...\Winlogon\Notify\rqRLBust, continuing.

[07/22/2008, 23:44:39] - BHO 3: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (FGCatchUrl)

[07/22/2008, 23:44:39] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)

[07/22/2008, 23:44:39] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)

[07/22/2008, 23:44:39] - BHO 6: {8143CA36-3B78-4FAE-B26E-08273260707E} ()

[07/22/2008, 23:44:39] - WARNING: BHO has no default name. Checking for Winlogon reference.

[07/22/2008, 23:44:39] - No filename found. Continuing.

[07/22/2008, 23:44:39] - BHO 7: {85F685C3-20D9-4943-95E4-EB4224056C3F} (Expressivo)

[07/22/2008, 23:44:39] - BHO 8: {E5A1691B-D188-4419-AD02-90002030B8EE} (FlashFXP Helper for Internet Explorer)

[07/22/2008, 23:44:39] - BHO 9: {EAB15366-0E81-476D-83CC-1052FDF017C8} (MSEvents Object)

[07/22/2008, 23:44:39] - ALERT: Found MSEvents Object!

[07/22/2008, 23:44:39] - BHO 10: {F156768E-81EF-470C-9057-481BA8380DBA} (FlashGet GetFlash Class)

[07/22/2008, 23:44:39] - Finished Searching Browser Helper Objects

[07/22/2008, 23:44:39] - *** Detected MSEvents Object

[07/22/2008, 23:44:39] - Trying to remove MSEvents Object...

[07/22/2008, 23:44:40] - Terminating Process: IEXPLORE.EXE

[07/22/2008, 23:44:40] - Terminating Process: RUNDLL32.EXE

[07/22/2008, 23:44:40] - Disabling Automatic Shell Restart

[07/22/2008, 23:44:40] - Terminating Process: EXPLORER.EXE

[07/22/2008, 23:44:40] - Suspending the NT Session Manager System Service

[07/22/2008, 23:44:40] - Terminating Windows NT Logon/Logoff Manager

[07/22/2008, 23:44:40] - Re-enabling Automatic Shell Restart

[07/22/2008, 23:44:40] - File to disable: C:\WINDOWS\system32\urqRLebY.dll

[07/22/2008, 23:44:40] - Renaming C:\WINDOWS\system32\urqRLebY.dll -> C:\WINDOWS\system32\urqRLebY.dll.vir

[07/22/2008, 23:44:40] - File successfully renamed!

[07/22/2008, 23:44:40] - Removing HKLM\...\Browser Helper Objects\{EAB15366-0E81-476D-83CC-1052FDF017C8}

[07/22/2008, 23:44:40] - Removing HKCR\CLSID\{EAB15366-0E81-476D-83CC-1052FDF017C8}

[07/22/2008, 23:44:40] - Adding Kill Bit for ActiveX for GUID: {EAB15366-0E81-476D-83CC-1052FDF017C8}

[07/22/2008, 23:44:40] - Deleting ATLEvents/MSEvents Registry entries

[07/22/2008, 23:44:40] - Removing HKLM\...\Winlogon\Notify\urqRLebY

[07/22/2008, 23:44:41] - Searching for Browser Helper Objects:

[07/22/2008, 23:44:41] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)

[07/22/2008, 23:44:41] - BHO 2: {18ECF4B4-3186-440A-85C5-00281EEC19E6} ()

[07/22/2008, 23:44:41] - WARNING: BHO has no default name. Checking for Winlogon reference.

[07/22/2008, 23:44:41] - Checking for HKLM\...\Winlogon\Notify\rqRLBust

[07/22/2008, 23:44:41] - Key not found: HKLM\...\Winlogon\Notify\rqRLBust, continuing.

[07/22/2008, 23:44:41] - BHO 3: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (FGCatchUrl)

[07/22/2008, 23:44:41] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)

[07/22/2008, 23:44:41] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)

[07/22/2008, 23:44:41] - BHO 6: {8143CA36-3B78-4FAE-B26E-08273260707E} ()

[07/22/2008, 23:44:41] - WARNING: BHO has no default name. Checking for Winlogon reference.

[07/22/2008, 23:44:41] - No filename found. Continuing.

[07/22/2008, 23:44:41] - BHO 7: {85F685C3-20D9-4943-95E4-EB4224056C3F} (Expressivo)

[07/22/2008, 23:44:41] - BHO 8: {E5A1691B-D188-4419-AD02-90002030B8EE} (FlashFXP Helper for Internet Explorer)

[07/22/2008, 23:44:41] - BHO 9: {F156768E-81EF-470C-9057-481BA8380DBA} (FlashGet GetFlash Class)

[07/22/2008, 23:44:41] - Finished Searching Browser Helper Objects

[07/22/2008, 23:44:41] - Finishing up...

[07/22/2008, 23:44:41] - A restart is needed.

[07/22/2008, 23:44:57] - Attempting to Restart via STOP error (Blue Screen!)


[07/22/2008, 23:48:06] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Lech.LECHU\Pulpit\VirtumundoBeGone.exe" )

[07/22/2008, 23:48:08] - Detected System Information:

[07/22/2008, 23:48:08] - Windows Version: 5.1.2600, Dodatek Service Pack 2

[07/22/2008, 23:48:08] - Current Username: Lech (Admin)

[07/22/2008, 23:48:09] - Windows is in NORMAL mode.

[07/22/2008, 23:48:09] - Searching for Browser Helper Objects:

[07/22/2008, 23:48:09] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)

[07/22/2008, 23:48:09] - BHO 2: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (FGCatchUrl)

[07/22/2008, 23:48:09] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)

[07/22/2008, 23:48:09] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)

[07/22/2008, 23:48:09] - BHO 5: {8143CA36-3B78-4FAE-B26E-08273260707E} ()

[07/22/2008, 23:48:09] - WARNING: BHO has no default name. Checking for Winlogon reference.

[07/22/2008, 23:48:09] - No filename found. Continuing.

[07/22/2008, 23:48:09] - BHO 6: {85F685C3-20D9-4943-95E4-EB4224056C3F} (Expressivo)

[07/22/2008, 23:48:09] - BHO 7: {B679DE21-90D4-40B4-B976-B183A80C4CE9} ()

[07/22/2008, 23:48:09] - WARNING: BHO has no default name. Checking for Winlogon reference.

[07/22/2008, 23:48:09] - Checking for HKLM\...\Winlogon\Notify\rqRLBust

[07/22/2008, 23:48:09] - Key not found: HKLM\...\Winlogon\Notify\rqRLBust, continuing.

[07/22/2008, 23:48:09] - BHO 8: {E5A1691B-D188-4419-AD02-90002030B8EE} (FlashFXP Helper for Internet Explorer)

[07/22/2008, 23:48:09] - BHO 9: {F156768E-81EF-470C-9057-481BA8380DBA} (FlashGet GetFlash Class)

[07/22/2008, 23:48:09] - Finished Searching Browser Helper Objects

[07/22/2008, 23:48:09] - Finishing up...

[07/22/2008, 23:48:09] - Nothing found! Exiting...


[07/23/2008, 0:16:50] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Lech.LECHU\Pulpit\VirtumundoBeGone.exe" )

[07/23/2008, 0:16:52] - Detected System Information:

[07/23/2008, 0:16:52] - Windows Version: 5.1.2600, Dodatek Service Pack 2

[07/23/2008, 0:16:52] - Current Username: Lech (Admin)

[07/23/2008, 0:16:52] - Windows is in NORMAL mode.

[07/23/2008, 0:16:52] - Searching for Browser Helper Objects:

[07/23/2008, 0:16:52] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)

[07/23/2008, 0:16:52] - BHO 2: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (FGCatchUrl)

[07/23/2008, 0:16:52] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)

[07/23/2008, 0:16:52] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)

[07/23/2008, 0:16:52] - BHO 5: {8143CA36-3B78-4FAE-B26E-08273260707E} ()

[07/23/2008, 0:16:52] - WARNING: BHO has no default name. Checking for Winlogon reference.

[07/23/2008, 0:16:52] - No filename found. Continuing.

[07/23/2008, 0:16:52] - BHO 6: {85F685C3-20D9-4943-95E4-EB4224056C3F} (Expressivo)

[07/23/2008, 0:16:52] - BHO 7: {CF1D2AB6-4788-454B-B44E-A81C0EE830DC} ()

[07/23/2008, 0:16:52] - WARNING: BHO has no default name. Checking for Winlogon reference.

[07/23/2008, 0:16:52] - Checking for HKLM\...\Winlogon\Notify\rqRLBust

[07/23/2008, 0:16:52] - Key not found: HKLM\...\Winlogon\Notify\rqRLBust, continuing.

[07/23/2008, 0:16:52] - BHO 8: {E5A1691B-D188-4419-AD02-90002030B8EE} (FlashFXP Helper for Internet Explorer)

[07/23/2008, 0:16:52] - BHO 9: {F156768E-81EF-470C-9057-481BA8380DBA} (FlashGet GetFlash Class)

[07/23/2008, 0:16:52] - Finished Searching Browser Helper Objects

[07/23/2008, 0:16:52] - Finishing up...

[07/23/2008, 0:16:52] - Nothing found! Exiting...


[07/23/2008, 12:39:03] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Lech.LECHU\Pulpit\VirtumundoBeGone.exe" )

[07/23/2008, 12:39:04] - Detected System Information:

[07/23/2008, 12:39:04] - Windows Version: 5.1.2600, Dodatek Service Pack 2

[07/23/2008, 12:39:04] - Current Username: Lech (Admin)

[07/23/2008, 12:39:04] - Windows is in NORMAL mode.

[07/23/2008, 12:39:04] - Searching for Browser Helper Objects:

[07/23/2008, 12:39:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)

[07/23/2008, 12:39:04] - BHO 2: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (FGCatchUrl)

[07/23/2008, 12:39:04] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)

[07/23/2008, 12:39:04] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)

[07/23/2008, 12:39:04] - BHO 5: {85F685C3-20D9-4943-95E4-EB4224056C3F} (Expressivo)

[07/23/2008, 12:39:04] - BHO 6: {C46FC9BD-471C-4E72-B511-A34972C5BEF3} ()

[07/23/2008, 12:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.

[07/23/2008, 12:39:04] - Checking for HKLM\...\Winlogon\Notify\rqRLBust

[07/23/2008, 12:39:04] - Key not found: HKLM\...\Winlogon\Notify\rqRLBust, continuing.

[07/23/2008, 12:39:04] - BHO 7: {E5A1691B-D188-4419-AD02-90002030B8EE} (FlashFXP Helper for Internet Explorer)

[07/23/2008, 12:39:04] - BHO 8: {F156768E-81EF-470C-9057-481BA8380DBA} (FlashGet GetFlash Class)

[07/23/2008, 12:39:04] - Finished Searching Browser Helper Objects

[07/23/2008, 12:39:04] - Finishing up...

[07/23/2008, 12:39:04] - Nothing found! Exiting...

Skanowałem także ComboFixem, jednak log mi gdzieś zginął, co dziwne, po przeskanowaniu i zrestartowaniu komputera, doputy okienko combofixa(zapisywanie log) było włączone, explorer ani się ważył wyłączyć, nadzieja minęła 15 sekund po zobaczeniu logu

Jeżeli konieczne będzie ponowne przeskanowanie to przeskanuje…

Dodam też że próby przywracania systemu zakończyły się klęską

Teraz problem może banalny, jednak robiłem to pierwszy raz, wydawało się takie proste, a zarazem takie trudne…

Po podłączeniu komputera do telewizora, wszystko cacy, zmieniłem rozdzielczość, ustawiłem dźwięk , pooglądałem film, wróciłem do siebie, podpiałem go znów pod monitor.

bah, do czasu ładowania systemu nie widze kompletnie nic, słyszę tylko błąd stacji dyskietek(której nie mam) bo próbowałem już baterię na 40 minut wyciągnąć z płyty

I musiał bym znów targać ten komputer pod telewizor (bo tam widze bios etc)

Także format i wejście w tryb awaryjny równa się z rzeczą nie wykonalną

Pisałem już o tym na innych forach jednak nikt nie umiał pomóc.

Kupiłem kartę Pinnacle7010ix

Razem z nią dostałęm pilot i odbiornik podczerwieni

Problem w tym że pilot za żadne chiny nie chce działać

Nie korzystam aktualnie z programu Pinnacle gdyż za dużo ramu i CPU zżera, wolę “dscaller”

Jednak nawet jak korzystałem pilot ani się ważył zmienić chociaż raz kanał

Dodam że wysyła sygnał, pod kamerą jest to widoczne…

Za wszystkie błędy dyslektyczne/stylistyczne przepraszam…

huber2t · 23 Lipiec 2008 12:09

W logu nic nie widzę

Pokaż log z Combofix

SyntaxError · 23 Lipiec 2008 12:23

Ten pilot na gware moze oddaj.
Może zresetuj bios zworkami. Gdzieś w instrukcji powinieneś mieć o tym. Bo czasem trzeba bardzo dlugo czekac z ta bateria.

Magoru · 23 Lipiec 2008 12:36

ComboFix 08-07-22.4 - Lech 2008-07-23 14:24:14.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.709 [GMT 2:00]

Running from: C:\Documents and Settings\Lech.LECHU\Pulpit\ComboFix.exe


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [/b][/color]

.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.


C:\WINDOWS\system32\tsuBLRqr.ini

C:\WINDOWS\system32\tsuBLRqr.ini2


.

((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))

.


2008-07-22 23:58 . 2008-07-22 23:58	24,576	--a------	C:\WINDOWS\system32\VundoFixSVC.exe

2008-07-22 23:52 . 2008-07-23 12:38

----a-w 1,560,576 2008-03-19 11:22:53 C:\Documents and Settings\.L\Moje dokumenty\M2 MULTIHACK 1.83 (beta) .exe

[/code] ------- Sigcheck ------- 2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys 2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-07-23_12.36.29.67 ))))))))))))))))))))))))))))))))))))))))) . - 2006-07-15 23:12:33 96,540 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat + 2008-07-23 11:41:44 13,996 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{E6ECCEDC-443C-4322-A740-50D172CF42AC}] 2006-07-16 01:00 245760 --a------ C:\WINDOWS\system32\rqRLBust.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AQQ”=“C:\PROGRA~1\WapSter\AQQ\AQQ.exe” [2007-02-28 14:18 2351864] “Expressivo”=“C:\Program Files\ivo\Expressivo\expressivo.exe” [2007-01-23 17:19 2019328] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 00:55 1667584] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2008-07-07 09:42 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SW20”=“C:\WINDOWS\system32\sw20.exe” [2006-12-15 04:58 208896] “SW24”=“C:\WINDOWS\system32\sw24.exe” [2006-12-15 04:58 69632] “WinSys2”=“C:\WINDOWS\system32\winsys2.exe” [2006-12-15 04:59 217088] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-04-12 17:44 81920] “SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2005-05-20 03:11 925696] “Flashget”=“C:\Program Files\FlashGet\flashget.exe” [2007-09-25 10:10 2007088] “PCTVRemote”=“C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe” [2007-04-24 16:59 253000] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51 39792] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-08-06 10:45 877568] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-04-12 17:44 8429568] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27 144784] “High Definition Audio Property Page Shortcut”=“HDAShCut.exe” [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe] C:\Documents and Settings.L\Menu Start\Programy\Autostart\ Budzik.lnk - C:\Program Files\Budzik\budzik.exe [2004-08-29 19:47:26 24576] YouTube Uploader.lnk - C:\Documents and Settings.L\Ustawienia lokalne\Dane aplikacji\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “SynchronousMachineGroupPolicy”= 0 (0x0) “SynchronousUserGroupPolicy”= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoStrCmpLogical”= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSMBalloonTip”= 1 (0x1) “MemCheckBoxInRunDlg”= 0 (0x0) “NoAutoTrayNotify”= 0 (0x0) “NoResolveTrack”= 0 (0x0) “NoResolveSearch”= 1 (0x1) “NoWelcomeScreen”= 1 (0x1) “NoRecentDocsNetHood”= 1 (0x1) “NoDesktopCleanupWizard”= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “msacm.avis”= ff_acm.acm [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “C:\Program Files\WapSter\AQQ\AQQ.exe”= “C:\Program Files\HLSW\hlsw.exe”= “I:\Program Files\Steam\steamapps\matteo4362\counter-strike\hl.exe”= “I:\Program Files\Steam\steamapps\matteo4362\dedicated server\hlds.exe”= “C:\Program Files\WinSCP\WinSCP.exe”= “C:\Program Files\mIRC\mirc.exe”= “C:\Downloads\Worms.4.Mayhem_www.darkwarez.pl_upload.by.KoLdY\WORMS 4 MAYHEM\WORMS 4 MAYHEM.EXE”= “C:\PROGRA~1\WapSter\AQQ\AQQ.exe”= “C:\Program Files\Promixis\Girder\girder.exe”= “C:\Program Files\Promixis\Girder\grunt.exe”= “C:\SIERRA\Half-Life\hl.exe”= “C:\SIERRA\Half-Life\hlds.exe”= “C:\Program Files\FlashGet\flashget.exe”= “I:\Program Files\Steam\steamapps\matteo4362\dedicated server\hltv.exe”= “I:\crash.exe”= “C:\Program Files\FlashFXP\FlashFXP.exe”= “C:\WINDOWS\system32\dpvsetup.exe”= “C:\SIERRA\Half-Life\hltv.exe”= R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 14:22] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 11:39] R2 Dnscache;Klient DNS;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:44] R3 PhilCap;Pinnacle PCTV service;C:\WINDOWS\system32\DRIVERS\PhilCap.sys [2007-07-17 10:22] R3 usbstor;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] S3 SetupNTGLM7X;SetupNTGLM7X;J:\NTGLM7X.sys [] . - - - - ORPHANS REMOVED - - - - BHO-{2BF9E4DE-85B2-4F57-924B-9232DBC94BD2} - (no file) . ------- Supplementary Scan ------- . O8 -: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm O8 -: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-23 14:29:31 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe . ************************************************************************** . Completion time: 2008-07-23 14:34:09 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-23 12:34:06 ComboFix2.txt 2008-07-23 10:53:00 ComboFix3.txt 2008-07-23 10:36:45 Pre-Run: 20,640,010,240 bajtów wolnych Post-Run: 20,625,932,288 bajt˘w wolnych 346 [/code]

Dodam że ponownie na czas skanowania explorer cały czas działał, ba, działa nadal, pewnie do czasu ;x

SyntaxErorr

Chociaż kiedyś gdy prąd padł i wywalił erorr z ram (dźwięki biosu) wyjąłem ją na 20 minut to potem działało

Ale dobrze poczytam w instrukcji , spróbuje znaleźć tą zworkę

huber2t · 23 Lipiec 2008 12:43

Pobierz ComboFix, ale nie uruchamiaj

Otwórz notatnik i wklej do niego:

File::

C:\WINDOWS\system32\xgeatxyu.ini

C:\WINDOWS\system32\rqRLBust.dll


Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6ECCEDC-443C-4322-A740-50D172CF42AC}]

Plik -> zapisz jako -> CFScript.txt.

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklejto.pl lub na http://wklej.org a w poście dajesz tylko link

Magoru · 23 Lipiec 2008 13:01

ComboFix 08-07-22.4 - Lech 2008-07-23 14:59:14.4 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.600 [GMT 2:00]

Running from: C:\Documents and Settings\Lech.LECHU\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Lech.LECHU\Pulpit\CFScript.txt

 * Created a new restore point


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [/b][/color]


FILE ::

C:\WINDOWS\system32\rqRLBust.dll

C:\WINDOWS\system32\xgeatxyu.ini

.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.


C:\WINDOWS\system32\rqRLBust.dll

C:\WINDOWS\system32\xgeatxyu.ini


.

((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))

.


2008-07-22 23:58 . 2008-07-22 23:58	24,576	--a------	C:\WINDOWS\system32\VundoFixSVC.exe

2008-07-22 23:52 . 2008-07-23 12:38

----a-w 1,560,576 2008-03-19 11:22:53 C:\Documents and Settings\.L\Moje dokumenty\M2 MULTIHACK 1.83 (beta) .exe

[/code] ------- Sigcheck ------- 2004-08-03 23:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\system32\dllcache\tcpip.sys 2004-08-03 23:14 359040 6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2008-07-23_12.36.29.67 ))))))))))))))))))))))))))))))))))))))))) . - 2006-07-15 23:12:33 96,540 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat + 2008-07-23 11:41:44 13,996 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AQQ”=“C:\PROGRA~1\WapSter\AQQ\AQQ.exe” [2007-02-28 14:18 2351864] “Expressivo”=“C:\Program Files\ivo\Expressivo\expressivo.exe” [2007-01-23 17:19 2019328] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 00:55 1667584] “SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2008-07-07 09:42 2156368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SW20”=“C:\WINDOWS\system32\sw20.exe” [2006-12-15 04:58 208896] “SW24”=“C:\WINDOWS\system32\sw24.exe” [2006-12-15 04:58 69632] “WinSys2”=“C:\WINDOWS\system32\winsys2.exe” [2006-12-15 04:59 217088] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-04-12 17:44 81920] “SoundMAXPnP”=“C:\Program Files\Analog Devices\Core\smax4pnp.exe” [2005-05-20 03:11 925696] “Flashget”=“C:\Program Files\FlashGet\flashget.exe” [2007-09-25 10:10 2007088] “PCTVRemote”=“C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe” [2007-04-24 16:59 253000] “Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51 39792] “SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-08-06 10:45 877568] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-04-12 17:44 8429568] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe” [2008-06-10 04:27 144784] “High Definition Audio Property Page Shortcut”=“HDAShCut.exe” [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe] C:\Documents and Settings.L\Menu Start\Programy\Autostart\ Budzik.lnk - C:\Program Files\Budzik\budzik.exe [2004-08-29 19:47:26 24576] YouTube Uploader.lnk - C:\Documents and Settings.L\Ustawienia lokalne\Dane aplikacji\YouTube\Uploader\youtubeuploader.exe [2007-11-09 13:33:08 71152] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] “SynchronousMachineGroupPolicy”= 0 (0x0) “SynchronousUserGroupPolicy”= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] “NoStrCmpLogical”= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoSMBalloonTip”= 1 (0x1) “MemCheckBoxInRunDlg”= 0 (0x0) “NoAutoTrayNotify”= 0 (0x0) “NoResolveTrack”= 0 (0x0) “NoResolveSearch”= 1 (0x1) “NoWelcomeScreen”= 1 (0x1) “NoRecentDocsNetHood”= 1 (0x1) “NoDesktopCleanupWizard”= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] “msacm.avis”= ff_acm.acm [HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] “%windir%\system32\sessmgr.exe”= “C:\Program Files\WapSter\AQQ\AQQ.exe”= “C:\Program Files\HLSW\hlsw.exe”= “I:\Program Files\Steam\steamapps\matteo4362\counter-strike\hl.exe”= “I:\Program Files\Steam\steamapps\matteo4362\dedicated server\hlds.exe”= “C:\Program Files\WinSCP\WinSCP.exe”= “C:\Program Files\mIRC\mirc.exe”= “C:\Downloads\Worms.4.Mayhem_www.darkwarez.pl_upload.by.KoLdY\WORMS 4 MAYHEM\WORMS 4 MAYHEM.EXE”= “C:\PROGRA~1\WapSter\AQQ\AQQ.exe”= “C:\Program Files\Promixis\Girder\girder.exe”= “C:\Program Files\Promixis\Girder\grunt.exe”= “C:\SIERRA\Half-Life\hl.exe”= “C:\SIERRA\Half-Life\hlds.exe”= “C:\Program Files\FlashGet\flashget.exe”= “I:\Program Files\Steam\steamapps\matteo4362\dedicated server\hltv.exe”= “I:\crash.exe”= “C:\Program Files\FlashFXP\FlashFXP.exe”= “C:\WINDOWS\system32\dpvsetup.exe”= “C:\SIERRA\Half-Life\hltv.exe”= R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 14:22] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 11:39] R2 Dnscache;Klient DNS;C:\WINDOWS\system32\svchost.exe [2004-08-04 00:44] R3 PhilCap;Pinnacle PCTV service;C:\WINDOWS\system32\DRIVERS\PhilCap.sys [2007-07-17 10:22] R3 usbstor;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08] S3 SetupNTGLM7X;SetupNTGLM7X;J:\NTGLM7X.sys [] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-23 15:00:01 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-07-23 15:00:28 ComboFix-quarantined-files.txt 2008-07-23 13:00:25 ComboFix2.txt 2008-07-23 12:34:09 ComboFix3.txt 2008-07-23 10:53:00 ComboFix4.txt 2008-07-23 10:36:45 Pre-Run: 20,609,839,104 bajtów wolnych Post-Run: 20,597,301,248 bajtów wolnych 331 [/code]

Explorer znów wariował, lecz… znów przestał

tj. wyłączył się na czas skanowania, gdy pojawił się log zrestartował 4x, no, i na razie działa

Dziękuje za łopatologiczny tutorial

huber2t · 23 Lipiec 2008 13:04

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!

Magoru · 23 Lipiec 2008 20:16

Bry

lol 5h się skanowało

CCcleanerem przeczyściłem

Autostart myślę ze już nie taki zły

log -

http://www9.speedyshare.com/data/993500 … aport.html

Wrzuciłem na speedyshare bo bym chyba zafloodował forum

Jest tam pare syfów ze starego dysku…

Do teraz explorer działa, fakt że nie restartowałem kompa jeszcze ;x

huber2t · 24 Lipiec 2008 06:10

Pobierz The Avenger

wklej do niego ten tekst:

Files to delete:

C:\Documents and Settings\.L\Moje dokumenty\Arelia ultimate 0.4\Ultimate 0.4\Ultimate 0.4.exe

C:\Documents and Settings\.L\Moje dokumenty\Arelia ultimate 0.4.rar

C:\Documents and Settings\.L\Moje dokumenty\Aries 0.4.5 - XML\Aries 0.4.5 - XML\Aries-XML.exe

C:\Documents and Settings\.L\Moje dokumenty\Aries 0.4.5 - XML(2)\Aries 0.4.5 - XML\Aries-XML.exe

C:\Documents and Settings\.L\Moje dokumenty\Aries 0.4.5 - XML(2).rar/Aries 0.4.5 - XML/Aries-XML.exe

C:\Documents and Settings\.L\Moje dokumenty\Aries 0.4.5 - XML(2).rar

C:\Documents and Settings\.L\Moje dokumenty\Aries 0.4.5 - XML.rar

C:\Documents and Settings\.L\Moje dokumenty\Cheat_s_By_Czakense.exe

C:\Documents and Settings\.L\Moje dokumenty\Confident_A_public\Confident_A_public\Confident_A+.exe 

C:\Documents and Settings\.L\Moje dokumenty\Confident_A_public\Confident_A_public\killer.exe

C:\Documents and Settings\.L\Moje dokumenty\Confident_A_public\Confident_A_public\server.exe

C:\Documents and Settings\.L\Moje dokumenty\ggsc5\GG Serwer Changer\GG Serwer Changer.exe 

C:\Documents and Settings\.L\Moje dokumenty\ggsc5.zip

C:\Documents and Settings\.L\Moje dokumenty\HermanAgent\HermanAgent.exe

C:\Documents and Settings\.L\Moje dokumenty\mirc632.exe

C:\Documents and Settings\.L\Moje dokumenty\tibia bot ng.EXE

C:\Documents and Settings\.L\Moje dokumenty\tibia bot ng.rar

C:\Documents and Settings\.L\Moje dokumenty\TProfessional.zip

C:\Documents and Settings\.L\Moje dokumenty\[8.1]World War\8.1 Latest SVN - 7.9.2007\devc++\WorldWar.exe

C:\Documents and Settings\.L\Moje dokumenty\[8.1]World War\World War Pure SVN 8.1\WorldWar.exe

C:\Documents and Settings\.L\Moje dokumenty\[8.1]World War.rar

C:\Documents and Settings\.L\tibia bot ng.EXE

C:\Documents and Settings\.L\tibia bot ng.rar

C:\Documents and Settings\Lech.LECHU\Moje dokumenty\RSMInit(2).exe

C:\Documents and Settings\Lech.LECHU\Moje dokumenty\RSMInit.exe

C:\Documents and Settings\Lech.LECHU\Pulpit\aeqproof\AequitasModule.dll

C:\Downloads\m4d.dll.zip 

C:\Downloads\pacsteamt-271207.exe

C:\Downloads\XxxPass-C_H_Ver1.0-_2007-part1_up_by_juur.xup.pl.part1.rar

C:\Program Files\WinHex\WinHex.exe

I:\$Recycle.Bin\S-1-5-21-3088889681-1082177312-2725837918-1000\$RH17GS2\bpk.exe 

I:\$Recycle.Bin\S-1-5-21-3088889681-1082177312-2725837918-1000\$RH17GS2\bpkhk.dll

I:\$Recycle.Bin\S-1-5-21-3088889681-1082177312-2725837918-1000\$RH17GS2\bpkr.exe

I:\$Recycle.Bin\S-1-5-21-3088889681-1082177312-2725837918-1000\$RH17GS2\bpkwb.dll

I:\crash.exe

I:\Downloads\i_bpk2003.exe

:\Program Files\BPK\bpkun.exe 

I:\Program Files\BPK\tmp\bpk.exe 

I:\Program Files\BPK\tmp\bpkhk.dll 

I:\Program Files\BPK\tmp\bpkr.exe

I:\Program Files\BPK\tmp\bpkwb.dll

I:\Program Files\Mozilla Firefox\plugins\NPMyGlSh.dll

I:\Program Files\Winamp\inst_winamp.rar

I:\Stare\Dokumenty\8.1 Latest SVN - 7.9.2007\devc++\WorldWar.exe

I:\Stare\Dokumenty\Aries 0.4.5 XML\Aries 0.4.5 - XML\Aries-XML.exe 

I:\Stare\Dokumenty\Bux.to Autoclicker\Bux.to Autoclicker.exe

I:\Stare\Dokumenty\Confident_A_public\Confident_A_public\Confident_A+.exe

I:\Stare\Dokumenty\Confident_A_public\Confident_A_public\killer.exe

I:\Stare\Dokumenty\Confident_A_public\Confident_A_public\other.exe

I:\Stare\Dokumenty\Confident_A_public\Confident_A_public\tutoriall.exe

I:\Stare\Dokumenty\NetTools5.0.70\Setup.exe

I:\Stare\Dokumenty\Nigra_Pack\Nigra_Pack\Nigra Pack\Unbanning\Habbit.exe

I:\Stare\Stardock_WindowBlinds_v6[1].02\Stardock WindowBlinds v6.02\Activator\Stardock WindowBlinds v6.02 Build 43 x86 Enhanced Activator.exe

I:\Stare\Stardock_WindowBlinds_v6[1].02.rar

I:\Users\Lechu\AppData\Local\Temp\bpkun.exe 

I:\Users\Lechu\AppData\Local\Temp\RarSFX0\bpkun.exe 	

I:\Users\Lechu\AppData\Local\Temp\RarSFX0\Setup.exe

I:\Users\Lechu\AppData\Local\Temp\svchostun.exe

I:\Users\Lechu\Desktop\Animator_description_gg_by_Alu.rar

I:\Users\Lechu\Desktop\kaput.iso

I:\Users\Lechu\Desktop\PHOdMatiego.rar

I:\Users\Lechu\Desktop\XP activation\WGA\WGA.rar

I:\Users\Lechu\Documents\cs16_serwer_crash\crash.exe

I:\Users\Lechu\fun\10.exe 

I:\Users\Lechu\fun\11.exe 

I:\Users\Lechu\fun\12.exe 

I:\Users\Lechu\fun\15.exe 

I:\Users\Lechu\fun\3.bat 

I:\Users\Lechu\fun\4.bat 

I:\Users\Lechu\fun\friitenz.rar 

I:\Users\Lechu\fun\Hasher\data.zik 

I:\Users\Lechu\fun\Hasher\saminside.zip

I:\Users\Lechu\pendrive\cs16_serwer_crash\crash.exe

I:\Users\Lechu\pendrive\POI\Evolutions-XML.exe


Folders to delete:

C:\System Volume Information\_restore{4B307E65-3719-4411-A56B-DCA19BCB7AD8}\RP32

C:\System Volume Information\_restore{4B307E65-3719-4411-A56B-DCA19BCB7AD8}\RP34

C:\System Volume Information\_restore{50A0C193-6F8F-4267-989C-1AD2E152814F}\RP51

C:\System Volume Information\_restore{8D03C222-1AC4-42A8-B807-D9D9432DD153}\RP79

C:\System Volume Information\_restore{8D03C222-1AC4-42A8-B807-D9D9432DD153}\RP82

C:\System Volume Information\_restore{8D03C222-1AC4-42A8-B807-D9D9432DD153}\RP83

C:\System Volume Information\_restore{8D03C222-1AC4-42A8-B807-D9D9432DD153}\RP85

I:\Program Files\MyGlobalSearch

I:\Program Files\Trend Micro\HijackThis\backups

I:\System Volume Information\_restore{8D03C222-1AC4-42A8-B807-D9D9432DD153}\RP82

kopiuj to i klikasz na Paste Script from Clipboard wybierasz Execute oraz Potwierdzasz i zgadzasz się na restart klikając OK.

Kasujesz ręcznie z dysku plik: C:\Avenger\backup.zip i wklejasz na forum raport: C:\avenger.txt

Usuń wszsytkie pliki z tego folderu:

Magoru · 24 Lipiec 2008 13:04

Wiedziałem że te tibijskie programy brata narobią kłopotów

Logfile of The Avenger Version 2.0, (c) by Swandog46

http://swandog46.geekstogo.com


Platform: Windows XP


*******************


Script file opened successfully.

Script file read successfully.


Backups directory opened successfully at C:\Avenger


*******************


Beginning to process script file:


Rootkit scan active.

No rootkits found!


File "C:\Documents and Settings\.L\Moje dokumenty\Arelia ultimate 0.4\Ultimate 0.4\Ultimate 0.4.exe" deleted successfully.

File "C:\Documents and Settings\.L\Moje dokumenty\Arelia ultimate 0.4.rar" deleted successfully.

File "C:\Documents and Settings\.L\Moje dokumenty\Aries 0.4.5 - XML\Aries 0.4.5 - XML\Aries-XML.exe" deleted successfully.

File "C:\Documents and Settings\.L\Moje dokumenty\Aries 0.4.5 - XML(2)\Aries 0.4.5 - XML\Aries-XML.exe" deleted successfully.


Error: could not open file "C:\Documents and Settings\.L\Moje dokumenty\Aries 0.4.5 - XML(2).rar/Aries 0.4.5 - XML/Aries-XML.exe"

Deletion of file "C:\Documents and Settings\.L\Moje dokumenty\Aries 0.4.5 - XML(2).rar/Aries 0.4.5 - XML/Aries-XML.exe" failed!

Status: 0xc0000033 (STATUS_OBJECT_NAME_INVALID)

  --> an object cannot have this name


File "C:\Documents and Settings\.L\Moje dokumenty\Aries 0.4.5 - XML(2).rar" deleted successfully.

File "C:\Documents and Settings\.L\Moje dokumenty\Aries 0.4.5 - XML.rar" deleted successfully.

File "C:\Documents and Settings\.L\Moje dokumenty\Cheat_s_By_Czakense.exe" deleted successfully.

File "C:\Documents and Settings\.L\Moje dokumenty\Confident_A_public\Confident_A_public\Confident_A+.exe" deleted successfully.

File "C:\Documents and Settings\.L\Moje dokumenty\Confident_A_public\Confident_A_public\killer.exe" deleted successfully.

File "C:\Documents and Settings\.L\Moje dokumenty\Confident_A_public\Confident_A_public\server.exe" deleted successfully.

File "C:\Documents and Settings\.L\Moje dokumenty\ggsc5\GG Serwer Changer\GG Serwer Changer.exe" deleted successfully.


Completed script processing.


*******************


Finished! Terminate.

huber2t · 24 Lipiec 2008 13:13

Wykonaj cały skrypt a nie tylko jego część