Prosze o analize loga....amvo.exe

tomass47 · 6 Luty 2009 16:35

ComboFix 09-02-05.04 - tomass47 2009-02-06 17:08:22.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.3071.2541 [GMT 1:00]

Uruchomiony z: c:\documents and settings\tomass47\Pulpit\ComboFix.exe

* Utworzono nowy punkt przywracania

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\amvo.exe

c:\windows\system32\amvo0.dll

c:\windows\system32\AutoRun.inf

c:\windows\system32\tmp60.tmp

c:\windows\system32\tmp61.tmp

.

((((((((((((((((((((((((( Pliki utworzone od 2009-01-06 do 2009-02-06 )))))))))))))))))))))))))))))))

.

2009-02-06 17:04 . 2009-02-06 17:04

2009-02-06 17:04 . 2009-02-06 17:05

2009-02-06 17:04 . 2009-02-06 17:04 21,512 --a------ c:\windows\system32\drivers\pxscan.sys

2009-02-06 17:04 . 2009-02-06 17:04 67 --a------ c:\windows\wininit.ini

2009-02-04 07:09 . 2009-02-04 07:09

2009-02-04 07:08 . 2009-02-04 07:08 3,914 --a------ c:\windows\system32\ealregsnapshot1.reg

2009-01-31 00:51 . 2009-01-31 00:51

2009-01-31 00:51 . 2009-01-31 00:51 410,984 --a------ c:\windows\system32\deploytk.dll

2009-01-31 00:51 . 2009-01-31 00:51 73,728 --a------ c:\windows\system32\javacpl.cpl

2009-01-30 22:21 . 2009-01-30 22:21 54,156 --ah----- c:\windows\QTFont.qfn

2009-01-30 22:21 . 2009-01-30 22:21 1,409 --a------ c:\windows\QTFont.for

2009-01-29 13:36 . 2009-01-29 13:36 151 --a------ c:\windows\PhotoSnapViewer.INI

2009-01-29 13:29 . 2009-01-29 13:29

2009-01-29 13:28 . 2009-01-29 13:28

2009-01-29 13:28 . 2007-03-17 17:11 675,840 -ra------ c:\windows\system32\hpowiax3.dll

2009-01-29 13:28 . 2007-03-17 17:11 569,344 -ra------ c:\windows\system32\hpotscl3.dll

2009-01-29 13:28 . 2007-03-08 05:20 364,544 -ra------ c:\windows\system32\hppldcoi.dll

2009-01-29 13:28 . 2007-03-08 05:20 309,760 -ra------ c:\windows\system32\difxapi.dll

2009-01-29 13:28 . 2007-03-17 17:11 303,104 -ra------ c:\windows\system32\hpovst10.dll

2009-01-29 13:28 . 2007-03-30 16:07 267,864 -ra------ c:\windows\system32\hpzids01.dll

2009-01-29 13:28 . 2007-03-28 14:01 117,760 --a------ c:\windows\system32\hpzll5ha.dll

2009-01-29 13:28 . 2007-03-08 05:20 49,920 -ra------ c:\windows\system32\drivers\HPZid412.sys

2009-01-29 13:28 . 2007-03-08 05:20 21,568 -ra------ c:\windows\system32\drivers\HPZius12.sys

2009-01-29 13:28 . 2007-03-08 05:20 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys

2009-01-29 13:28 . 2006-09-13 18:19 15,104 --a------ c:\windows\system32\drivers\usbscan.sys

2009-01-29 13:27 . 2009-01-29 13:27

2009-01-27 01:46 . 2009-01-27 01:46

2009-01-27 01:46 . 2008-05-30 14:11 3,850,760 --a------ c:\windows\system32\D3DX9_38.dll

2009-01-27 01:46 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll

2009-01-27 01:46 . 2008-05-30 14:11 467,984 --a------ c:\windows\system32\d3dx10_38.dll

2009-01-25 11:26 . 2009-01-25 11:26

2009-01-25 11:15 . 2009-01-25 11:15

2009-01-23 13:13 . 2009-01-23 13:13

2009-01-16 11:30 . 2009-01-16 11:30

2009-01-16 11:24 . 2009-01-16 11:24

2009-01-16 10:42 . 2009-01-16 10:42 717,296 --a------ c:\windows\system32\drivers\sptd.sys

2009-01-15 23:25 . 2009-01-15 23:25

2009-01-15 23:00 . 2009-02-06 17:00

2009-01-15 23:00 . 2009-01-15 23:00

2009-01-15 23:00 . 2009-02-06 17:00

2009-01-15 23:00 . 2009-02-06 17:08

2009-01-15 09:09 . 2009-01-15 09:09

2009-01-14 23:48 . 2009-01-14 23:48

2009-01-14 23:47 . 2009-01-14 23:47

2009-01-14 23:46 . 2009-01-14 23:46

2009-01-14 23:45 . 2009-01-14 23:48

2009-01-14 23:45 . 2006-09-13 18:18 25,856 --a------ c:\windows\system32\drivers\usbprint.sys

2009-01-14 23:34 . 2009-01-29 13:29 153,520 --a------ c:\windows\hpoins14.dat

2009-01-14 23:34 . 2007-09-20 02:14 2,000 --------- c:\windows\hpomdl14.dat

2009-01-14 23:30 . 2009-01-14 23:30

2009-01-14 23:30 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll

2009-01-14 23:30 . 2005-12-22 12:24 137,884 --a------ c:\windows\system32\drivers\sscdmdm.sys

2009-01-14 23:30 . 2005-12-22 12:24 80,272 --a------ c:\windows\system32\drivers\sscdbus.sys

2009-01-14 23:30 . 2005-12-22 12:24 11,877 --a------ c:\windows\system32\drivers\sscdcmnt.sys

2009-01-14 23:30 . 2005-12-22 12:24 11,877 --a------ c:\windows\system32\drivers\sscdcm.sys

2009-01-14 23:30 . 2005-12-22 12:24 11,188 --a------ c:\windows\system32\drivers\sscdwhnt.sys

2009-01-14 23:30 . 2005-12-22 12:24 11,188 --a------ c:\windows\system32\drivers\sscdwh.sys

2009-01-14 23:30 . 2005-12-22 12:24 10,864 --a------ c:\windows\system32\drivers\sscdmdfl.sys

2009-01-14 23:30 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys

2009-01-14 23:30 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico

2009-01-14 23:28 . 2009-01-14 23:28

2009-01-14 22:03 . 2009-01-14 22:03

2009-01-14 21:57 . 2009-01-14 22:03

2009-01-13 17:17 . 2003-06-19 01:31 17,920 --a------ c:\windows\system32\mdimon.dll

2009-01-13 17:17 . 2009-01-13 17:17 421 --a------ c:\windows\ODBC.INI

2009-01-13 17:16 . 2009-01-13 17:17

2009-01-13 17:12 . 2009-01-13 17:12

2009-01-13 17:10 . 2009-01-13 17:10

2009-01-13 17:10 . 2009-01-13 17:34

2009-01-13 17:10 . 2009-01-13 17:13

2009-01-12 00:22 . 2006-09-13 18:17 12,160 --a------ c:\windows\system32\drivers\mouhid.sys

2009-01-12 00:22 . 2001-08-17 22:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys

2009-01-12 00:01 . 2009-01-20 21:13

2009-01-12 00:00 . 2009-01-12 00:00

2009-01-11 18:25 . 2002-01-11 14:37 235,008 --a------ c:\windows\system32\nod32cc.exe

2009-01-11 18:25 . 2002-01-04 11:38 133,440 --a------ c:\windows\system32\drivers\amon.sys

2009-01-11 18:25 . 2001-06-19 19:33 69,632 --a------ c:\windows\system32\nms32.dll

2009-01-11 18:25 . 2001-04-10 10:19 40,960 --a------ c:\windows\system32\nod32m2.exe

2009-01-11 18:25 . 2002-01-11 12:23 25,168 --a------ c:\windows\system32\nod32cc.hlp

2009-01-11 18:25 . 2001-01-12 01:59 24,064 --a------ c:\windows\system32\drivers\upd_serv.sys

2009-01-11 18:25 . 2009-01-11 18:25 442 --a------ c:\windows\system32\mapisvc.inf

2009-01-11 18:24 . 2009-01-11 18:25

2009-01-11 17:19 . 2009-01-11 17:19

2009-01-11 17:19 . 2009-02-05 01:16 116 --a------ c:\windows\NeroDigital.ini

2009-01-11 16:53 . 2005-04-20 12:32 2,916,352 --------- c:\windows\UNNMP.exe

2009-01-11 16:53 . 2005-10-11 13:00 48,953 --------- c:\windows\UNNMP.cfg

2009-01-11 16:52 . 2001-07-09 11:50 155,648 --a------ c:\windows\system32\NeroCheck.exe

2009-01-11 16:51 . 2009-01-11 16:51

2009-01-11 16:51 . 2005-09-07 17:08 3,006,464 --------- c:\windows\UNNeroVision.exe

2009-01-11 16:51 . 2005-10-11 13:00 200,205 --------- c:\windows\UNNeroVision.cfg

2009-01-11 16:51 . 2007-01-08 22:17 27,168 --------- c:\windows\system32\msxml3a.dll

2009-01-11 16:50 . 2009-01-11 16:50

2009-01-11 16:50 . 2009-01-11 16:53

2009-01-11 16:50 . 2009-01-11 16:50

2009-01-11 16:50 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll

2009-01-11 16:50 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll

2009-01-11 16:50 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll

2009-01-11 16:50 . 2004-07-09 09:43 364,544 --------- c:\windows\system32\TwnLib4.dll

2009-01-11 16:50 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll

2009-01-11 16:50 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll

2009-01-11 16:50 . 2001-06-26 08:15 38,912 --------- c:\windows\system32\picn20.dll

2009-01-09 22:28 . 2009-01-12 00:01 107,888 --a------ c:\windows\system32\CmdLineExt.dll

2009-01-09 22:27 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll

2009-01-09 20:55 . 2009-01-09 20:55

2009-01-09 20:41 . 2009-01-09 20:42

2009-01-09 20:37 . 2009-01-09 20:37

2009-01-09 20:23 . 2009-01-09 20:23

2009-01-09 20:22 . 2009-01-09 20:22

2009-01-09 20:22 . 2006-07-27 19:28 3,596,288 --a------ c:\windows\system32\qt-dx331.dll

2009-01-09 20:21 . 2009-01-09 20:22

2009-01-09 03:11 . 2009-01-09 03:11

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-04 06:08 --------- d-----w c:\program files\Common Files\InstallShield

2009-01-27 18:56 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\CyberLink

2009-01-25 10:06 --------- d–h--w c:\program files\InstallShield Installation Information

2009-01-11 23:00 444,952 ----a-w c:\windows\system32\wrap_oal.dll

2009-01-11 23:00 109,080 ----a-w c:\windows\system32\OpenAL32.dll

2009-01-09 01:28 --------- d-----w c:\documents and settings\tomass47\Dane aplikacji\CyberLink

2009-01-09 01:24 --------- d-----w c:\program files\ASUS

2009-01-09 01:06 --------- d-----w c:\program files\Wireless Console 2

2009-01-09 00:51 --------- d-----w c:\program files\Intel

2009-01-09 00:45 315,392 ----a-w c:\windows\HideWin.exe

2009-01-09 00:45 --------- d-----w c:\program files\Realtek

2009-01-09 00:44 --------- d-----w c:\program files\ATKOSD2

2009-01-09 00:43 --------- d-----w c:\program files\ATK Hotkey

2009-01-09 00:41 --------- d-----w c:\program files\ATKGFNEX

2009-01-09 00:41 --------- d-----w c:\documents and settings\tomass47\Dane aplikacji\InstallShield

2009-01-09 00:23 --------- d-----w c:\program files\Usługi online

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

“{ecdee021-0d17-467f-a1ff-c7a115230949}”= “c:\program files\free-downloads.net\tbfree.dll” [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{ecdee021-0d17-467f-a1ff-c7a115230949}]

2008-09-15 06:47 1784856 --a------ c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

“{3041d03e-fd4b-44e0-b742-2d9b88305f98}”= “c:\program files\AskBarDis\bar\bin\askBar.dll” [2008-09-29 325000]

“{ecdee021-0d17-467f-a1ff-c7a115230949}”= “c:\program files\free-downloads.net\tbfree.dll” [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

“{3041D03E-FD4B-44E0-B742-2D9B88305F98}”= “c:\program files\AskBarDis\bar\bin\askBar.dll” [2008-09-29 325000]

“{ECDEE021-0D17-467F-A1FF-C7A115230949}”= “c:\program files\free-downloads.net\tbfree.dll” [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ASUSTPE”=“c:\windows\system32\ASUSTPE.exe” [2006-10-14 69632]

“Gadu-Gadu”=“c:\program files\Gadu-Gadu\gg.exe” [2008-03-20 2127296]

“Power2GoExpress”=“c:\program files\CyberLink\Power2Go\Power2GoExpress.exe” [2008-03-18 2508072]

“LightScribe Control Panel”=“c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe” [2008-03-17 2289664]

“BitTorrent DNA”=“c:\program files\DNA\btdna.exe” [2009-01-15 342848]

“AlcoholAutomount”=“c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe” [2008-11-23 203720]

“EA Core”=“c:\program files\Electronic Arts\EADM\Core.exe” [2008-07-22 2772992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“HControlUser”=“c:\program files\ATK Hotkey\HcontrolUser.exe” [2008-01-11 98304]

“ATKHOTKEY”=“c:\program files\ATK Hotkey\Hcontrol.exe” [2008-02-01 233472]

“MsgTranAgt”=“c:\program files\ATK Hotkey\MsgTranAgt.exe” [2007-11-04 106496]

“ATKMEDIA”=“c:\program files\ASUS\ATK Media\DMEDIA.EXE” [2006-11-02 61440]

“ATKOSD2”=“c:\program files\ATKOSD2\ATKOSD2.exe” [2008-01-23 7766016]

“NvCplDaemon”=“c:\windows\system32\NvCpl.dll” [2008-09-10 13545472]

“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll” [2008-09-10 86016]

“Wireless Console 2”=“c:\program files\Wireless Console 2\wcourier.exe” [2007-07-05 1040384]

“PCMAgent”=“c:\program files\ASUS\AI TouchMedia\AI TouchMedia\PCMAgent.exe” [2008-06-11 212992]

“CLMLServer”=“c:\program files\ASUS\AI TouchMedia\AI TouchMedia\Kernel\CLML\CLMLSvc.exe” [2008-06-11 196608]

“PlayMovie”=“c:\program files\ASUS\AI TouchMedia\PlayMovie\PMVService.exe” [2008-05-19 172032]

“WinampAgent”=“c:\program files\Winamp\winampa.exe” [2007-02-13 35328]

“NeroFilterCheck”=“c:\windows\system32\NeroCheck.exe” [2001-07-09 155648]

“Nod32CC”=“c:\windows\system32\nod32cc.exe” [2002-01-11 235008]

“RemoteControl”=“c:\program files\CyberLink\PowerDVD\PDVDServ.exe” [2008-04-02 87336]

“LanguageShortcut”=“c:\program files\CyberLink\PowerDVD\Language\Language.exe” [2008-02-22 62760]

“UpdatePPShortCut”=“c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe” [2008-01-04 222504]

“HP Software Update”=“c:\program files\HP\HP Software Update\HPWuSchd2.exe” [2007-03-11 49152]

“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [2009-01-31 136600]

“nwiz”=“nwiz.exe” [2008-09-10 c:\windows\system32\nwiz.exe]

“RTHDCPL”=“RTHDCPL.EXE” [2008-06-27 c:\windows\RTHDCPL.exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

“nltide_3”=“advpack.dll” [2004-08-04 c:\windows\system32\advpack.dll]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-01-09 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.clmp3enc”= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“c:\Program Files\ASUS\AI TouchMedia\PlayMovie\PlayMovie.exe”=

“c:\Program Files\ASUS\AI TouchMedia\PlayMovie\PMVService.exe”=

“c:\Program Files\CyberLink\PowerDVD\PowerDVD.exe”=

“c:\Program Files\CyberLink\PowerDirector\PDR.exe”=

“c:\Program Files\DNA\btdna.exe”=

“c:\Program Files\BitTorrent\bittorrent.exe”=

“e:\games\mirror\Binaries\MirrorsEdge.exe”=

“e:\games\assassin\AssassinsCreed_Dx9.exe”=

“e:\games\assassin\AssassinsCreed_Dx10.exe”=

“e:\games\assassin\AssassinsCreed_Launcher.exe”=

“e:\games\burn\BurnoutLauncher.exe”=

“e:\games\burn\BurnoutConfigTool.exe”=

“e:\games\burn\BurnoutParadise.exe”=

“c:\Program Files\Electronic Arts\EADM\Core.exe”=

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-02-06 21512]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\ASUS\AI TouchMedia\PlayMovie\000.fcl [2009-01-09 02:26:08 61424]

R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-02-06 4107832]

R2 NOD32Service;NOD32 Service;c:\windows\system32\nod32m2.exe [2009-01-11 40960]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2009-01-09 38560]

S2 NOD32ControlCenter;NOD32 Control Center Service;c:\windows\system32\nod32cc.exe [2009-01-11 235008]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-01-09 47616]

— Inne Usługi/Sterowniki w Pamięci —

*NewlyCreated* - CSISCANNER

*NewlyCreated* - PXSCAN

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{e9d08dc0-f434-11dd-a736-0023547c4f93}]

\Shell\AutoRun\command - H:\igxv.cmd

\Shell\explore\Command - H:\igxv.cmd

\Shell\open\Command - H:\igxv.cmd

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

“c:\program files\Common Files\LightScribe\LSRunOnce.exe”

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.ask.com/?o=101764&l=dis

uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi … t=&gc=1&q=%s

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-06 17:09:21

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

“ImagePath”="??\c:\program files\ASUS\AI TouchMedia\PlayMovie\000.fcl"

.

Czas ukończenia: 2009-02-06 17:10:01

ComboFix-quarantined-files.txt 2009-02-06 16:09:59

Przed: 32 911 826 944 bajtów wolnych

Po: 33,032,847,360 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect

286

drozd001 · 6 Luty 2009 16:42

Szanowny Userze - w tym dziale obowiązuje zasada, że pomagamy

przy analizie logów dopiero wtedy, gdy dokładnie wiemy, co robimy.

Mam nadzieję, że otrzymany warn tę wiedzę ugruntuje

Leon1 · 6 Luty 2009 16:42

nie usuwaj plików podanych przez drozda

Wylecz pendriva lub kartę pamięci http://www.softpedia.com/get/Security/S … Tool.shtml

Flash Disinfector http://www.searchengines.pl/index.php?s … ntry369724

lub format

Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

Otwórz notatnik i wklej

zapisz jako CFScript.txt (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

http://img.wklej.org/images/88953CFScri … iemoes.gif

Powinno rozpocząć się usuwanie

Potem log z usuwania Combofix

tomass47 · 6 Luty 2009 17:04

ComboFix 09-02-06.01 - tomass47 2009-02-06 18:00:20.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.3071.2479 [GMT 1:00]

Uruchomiony z: c:\documents and settings\tomass47\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\tomass47\Pulpit\CFScript.txt

* Utworzono nowy punkt przywracania

FILE ::

c:\windows\system32\d3dx9_26.dll

c:\windows\system32\ImagXpr7.dll

c:\windows\system32\ImagXR7.dll

c:\windows\system32\ImagXRA7.dll

c:\windows\system32\picn20.dll

c:\windows\system32\qt-dx331.dll

c:\windows\system32\TwnLib20.dll

c:\windows\system32\TwnLib4.dll