marios24
(Marios24)
29 Listopad 2007 22:04
#1
Komp strasznie zamula. NOD wykrywa wirusy ale nie mozna ich usunac.Prosze o sprawdzenie loga.
Logfile of HijackThis v1.99.1 Scan saved at 17:33, on 2007-11-28 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\AOL\Active Virus Shield\avp.exe D:\WINDOWS\system32\Ati2evxx.exe D:\Program Files\Common Files\LightScribe\LSSrvc.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\wscntfy.exe D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe D:\Program Files\AOL\Active Virus Shield\avp.exe D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE D:\WINDOWS\system32\ctfmon.exe C:\Tlen.pl\tlen.exe D:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe D:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe D:\WINDOWS\system32\wuauclt.exe D:\Documents and Settings\Barbasia\Pulpit\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://zuma/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll O2 - BHO: MSVPS System - {AC546B33-036A-41DA-B1CC-C1D15659520E} - D:\WINDOWS\movctrlknq.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - D:\Program Files\RXToolBar\RXToolBar.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll O3 - Toolbar: The nssfrch - {61AB8A39-FCCB-47CC-BAF3-750D1834E773} - D:\WINDOWS\nssfrch.dll (file missing) O4 - HKLM…\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM…\Run: [QuickTime Task] “D:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM…\Run: [sunJavaUpdateSched] “D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [aol] “D:\Program Files\AOL\Active Virus Shield\avp.exe” O4 - HKLM…\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKCU…\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Komunikator] C:\Tlen.pl\tlen.exe O4 - HKCU…\Run: [Gadu-Gadu] “D:\Documents and Settings\Barbasia\Pulpit\Gadu-Gadu\gg.exe” /tray O4 - Global Startup: GN-WP01GS Utility.lnk = D:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O17 - HKLM\System\CCS\Services\Tcpip…{5E8E522A-7246-4B29-B82C-6F3CECCEAAA3}: NameServer = 192.168.20.1 O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll O21 - SSODL: bxsbang - {334B8D59-C3D2-45F7-9674-259EDF667F00} - D:\WINDOWS\bxsbang.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - D:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
ComboFix 07-11-19.4 - Barbasia 2007-11-27 16:35:21.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.65 [GMT 1:00] Running from: D:\Documents and Settings\Barbasia\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-27 15:36 456,736 --sha-w D:\WINDOWS\system32\drivers\fidbox2.dat 2007-11-27 15:36 15,036,704 --sha-w D:\WINDOWS\system32\drivers\fidbox.dat 2007-11-27 15:16 43,748 --sha-w D:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-27 15:16 201,980 --sha-w D:\WINDOWS\system32\drivers\fidbox.idx 2007-11-27 14:56 --------- d-----w D:\Program Files\FlashGet 2007-11-04 22:22 --------- d-----w D:\Documents and Settings\Barbasia\Dane aplikacji\uTorrent 2007-10-26 17:08 --------- d-----w D:\Documents and Settings\Barbasia\Dane aplikacji\Nokia Multimedia Player 2007-10-26 11:04 --------- d-----w D:\Documents and Settings\Barbasia\Dane aplikacji\Datalayer 2007-10-24 08:02 --------- d-----w D:\Documents and Settings\Barbasia\Dane aplikacji\PC Suite 2007-10-23 19:38 --------- d-----w D:\Program Files\Nokia 2007-10-23 19:38 --------- d-----w D:\Program Files\DIFX 2007-10-23 19:38 --------- d-----w D:\Program Files\Common Files\PCSuite 2007-10-23 19:38 --------- d-----w D:\Program Files\Common Files\Nokia 2007-10-23 19:37 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\PC Suite 2007-10-23 19:36 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Downloaded Installations 2007-10-23 08:26 311,296 ----a-w D:\WINDOWS\movctrlknq.dll 2007-10-19 18:14 --------- d-----w D:\Documents and Settings\Barbasia\Dane aplikacji\vlc 2007-10-15 15:02 --------- d-----w D:\Documents and Settings\Barbasia\Dane aplikacji\Tlen.pl 2007-10-12 17:45 --------- d-----w D:\Program Files\Gadu-Gadu 2007-10-11 07:50 --------- d-----w D:\Documents and Settings\Barbasia\Dane aplikacji\Gadu-Gadu 2007-10-08 12:19 --------- d-----w D:\Program Files\Hard Truck 2007-10-02 12:29 --------- d-----w D:\Program Files\Offroad 2007-10-01 18:12 --------- d-----w D:\Program Files\TAXI MADNESS LONDON . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{AC546B33-036A-41DA-B1CC-C1D15659520E}] 2007-10-23 09:26 311296 --a------ D:\WINDOWS\movctrlknq.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{25D8BACF-3DE2-4B48-AE22-D659B8D835B0}”= D:\Program Files\RXToolBar\RXToolBar.dll [] “{61AB8A39-FCCB-47CC-BAF3-750D1834E773}”= D:\WINDOWS\nssfrch.dll [] [HKEY_CLASSES_ROOT\clsid{25d8bacf-3de2-4b48-ae22-d659b8d835b0}] [HKEY_CLASSES_ROOT\RXToolBar.TBInfo.1] [HKEY_CLASSES_ROOT\TypeLib{66B20295-DC57-42B6-ACDF-52D916E86464}] [HKEY_CLASSES_ROOT\RXToolBar.TBInfo] [HKEY_CLASSES_ROOT\clsid{61ab8a39-fccb-47cc-baf3-750d1834e773}] [HKEY_CLASSES_ROOT\nssfrch.ToolBar.1] [HKEY_CLASSES_ROOT\TypeLib{84C94803-B5EC-4491-B2BE-7B113E013B77}] [HKEY_CLASSES_ROOT\nssfrch.ToolBar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“D:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44] “Komunikator”=“C:\Tlen.pl\tlen.exe” [2007-10-05 15:20] “Gadu-Gadu”=“D:\Documents and Settings\Barbasia\Pulpit\Gadu-Gadu\gg.exe” [2007-07-09 08:39] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “ATIPTA”=“D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe” [2003-11-25 20:10] “QuickTime Task”=“D:\Program Files\QuickTime\qttask.exe” [2006-10-26 16:48] “UserFaultCheck”=“D:\WINDOWS\system32\dumprep 0 -u” [] “SunJavaUpdateSched”=“D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” [2006-10-12 03:10] “NeroFilterCheck”=“D:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50] “aol”=“D:\Program Files\AOL\Active Virus Shield\avp.exe” [2006-05-30 11:13] “PCSuiteTrayApplication”=“D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe” [2006-04-26 07:29] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“D:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44] D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ GN-WP01GS Utility.lnk - D:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe [2007-02-21 19:35:10] LUMIX Simple Viewer.lnk - D:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-10-26 16:45:28] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= file:///D:\WINDOWS\privacy_danger\index.htm FriendlyName= Privacy Protection [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] “bxsbang”= {334B8D59-C3D2-45F7-9674-259EDF667F00} - D:\WINDOWS\bxsbang.dll [] D:\WINDOWS\system32\klogon.dll 2006-03-24 18:08 28778 D:\WINDOWS\system32\klogon.dll S3 Hl_mull;Hl_mull;D:\WINDOWS\system32\drivers\hl_mull.SYS S3 jatmlano;jatmlano;\Pytajnik\D:\DOCUME~1\Kasia\USTAWI~1\Temp\jatmlano.sys S3 USBSTOR;Sterownik magazynu masowego USB;D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-27 16:36:57 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 **************************************************************************
Gutek
(Gutek)
29 Listopad 2007 23:43
#2
Automat: Pobierz program SDFix
marios24
(Marios24)
30 Listopad 2007 18:01
#3
Komp nadal srasznie zamula oto logi :
ComboFix 07-11-19.4 - Barbasia 2007-11-30 18:40:09.5 - NTFSx86 Running from: D:\Documents and Settings\Barbasia\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))) . 2007-11-30 18:29 2007-11-28 18:35 2007-11-28 18:28 502,368 --a------ D:\WINDOWS\system32\drivers\amon.sys 2007-11-28 18:21 2007-10-26 18:08 2007-10-26 12:04 2007-10-26 12:03 2007-10-24 09:02 2007-10-23 20:40 2007-10-23 20:38 2007-10-23 20:38 2007-10-23 20:37 2007-10-23 20:37 2007-10-23 20:37 2007-10-23 20:37 127,488 --a------ D:\WINDOWS\system32\drivers\nmwcd.sys 2007-10-23 20:37 8,704 --a------ D:\WINDOWS\system32\drivers\nmwcdc.sys 2007-10-23 20:36 2007-10-19 19:14 2007-10-16 12:22 2007-10-16 12:22 2007-10-16 10:12 2007-10-15 15:52 2007-10-11 08:50 2007-10-11 08:46 2007-10-06 12:33 2007-10-06 12:33 2007-10-06 12:33 2007-10-06 12:33 2007-10-06 12:33 2007-10-06 12:33 2007-10-06 12:33 2007-10-01 19:20 2007-10-01 19:10 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-30 17:42 470,304 --sha-w D:\WINDOWS\system32\drivers\fidbox2.dat 2007-11-30 17:41 18,970,144 --sha-w D:\WINDOWS\system32\drivers\fidbox.dat 2007-11-30 17:25 45,044 --sha-w D:\WINDOWS\system32\drivers\fidbox2.idx 2007-11-30 17:25 254,948 --sha-w D:\WINDOWS\system32\drivers\fidbox.idx 2007-11-28 18:49 --------- d-----w D:\Program Files\DAEMON Tools 2007-11-27 14:56 --------- d-----w D:\Program Files\FlashGet 2007-10-12 17:45 --------- d-----w D:\Program Files\Gadu-Gadu 2007-10-08 12:19 --------- d-----w D:\Program Files\Hard Truck . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Komunikator”=“C:\Tlen.pl\tlen.exe” [2007-10-05 15:20] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “QuickTime Task”=“D:\Program Files\QuickTime\qttask.exe” [2006-10-26 16:48] “UserFaultCheck”=“D:\WINDOWS\system32\dumprep 0 -u” [] “SunJavaUpdateSched”=“D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” [2006-10-12 03:10] “NeroFilterCheck”=“D:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50] “aol”=“D:\Program Files\AOL\Active Virus Shield\avp.exe” [2006-05-30 11:13] “PCSuiteTrayApplication”=“D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe” [2006-04-26 07:29] “nod32kui”=“D:\Program Files\Eset\nod32kui.exe” [2007-11-28 18:36] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“D:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44] D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ GN-WP01GS Utility.lnk - D:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe [2007-02-21 19:35:10] LUMIX Simple Viewer.lnk - D:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-10-26 16:45:28] D:\WINDOWS\system32\klogon.dll 2006-03-24 18:08 28778 D:\WINDOWS\system32\klogon.dll S3 Hl_mull;Hl_mull;D:\WINDOWS\system32\drivers\hl_mull.SYS S3 jatmlano;jatmlano;??\D:\DOCUME~1\Kasia\USTAWI~1\Temp\jatmlano.sys S3 USBSTOR;Sterownik magazynu masowego USB;D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-30 18:42:18 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-30 18:43:18 . — E O F —
Logfile of HijackThis v1.99.1 Scan saved at 18:44:05, on 2007-11-30 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\system32\Ati2evxx.exe D:\Program Files\AOL\Active Virus Shield\avp.exe D:\Program Files\Common Files\LightScribe\LSSrvc.exe D:\Program Files\Eset\nod32krn.exe D:\WINDOWS\system32\wscntfy.exe D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe D:\Program Files\AOL\Active Virus Shield\avp.exe D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE D:\Program Files\Eset\nod32kui.exe C:\Tlen.pl\tlen.exe D:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe D:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe D:\WINDOWS\system32\NOTEPAD.EXE D:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe D:\WINDOWS\explorer.exe D:\WINDOWS\system32\notepad.exe D:\Documents and Settings\Barbasia\Pulpit\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://zuma/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\PROGRA~1\FlashGet\getflash.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll O4 - HKLM…\Run: [QuickTime Task] “D:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM…\Run: [sunJavaUpdateSched] “D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe” O4 - HKLM…\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [aol] “D:\Program Files\AOL\Active Virus Shield\avp.exe” O4 - HKLM…\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM…\Run: [nod32kui] “D:\Program Files\Eset\nod32kui.exe” /WAITSERVICE O4 - HKCU…\Run: [Komunikator] C:\Tlen.pl\tlen.exe O4 - Global Startup: GN-WP01GS Utility.lnk = D:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe O4 - Global Startup: LUMIX Simple Viewer.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O17 - HKLM\System\CCS\Services\Tcpip…{5E8E522A-7246-4B29-B82C-6F3CECCEAAA3}: NameServer = 192.168.20.1 O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - D:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
Gutek
(Gutek)
30 Listopad 2007 22:45
#4
usuń wpis HJT
Wklej do Notatnika:
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Po tym nowy log z Combo