Temp1.exe & temp2.exe

iShiKava · 18 Czerwiec 2007 17:38

nie mogę ich usunąć… ;/ próbowałem już gmer’em i w trybie awaryjnym ręcznie usuwać… co chwile wyskakują błędy… nie moge uruchomić Opery… Format nic nie daje ;/ cały czas są te pliki w C:\WINDOWS\system32\

Co robić?

Jax-MK · 18 Czerwiec 2007 17:48

Pobierz Unlocker

http://dobreprogramy.pl/index.php?dz=2&t=59&id=1571

i zainstaluj go.

Spróbuj usunąć teraz. Wyskoczy ci okienko tego programiku. Wybierz usuń i jeśli nie będzie mógł ich usunąć od razu to spyta się czy usunąć podczas następnego uruchamiania, wybierz “tak”.

grzegorzch · 18 Czerwiec 2007 18:20

jak to format partycji C i reinstalacja systemu windows nic nie daje? co ty to piszesz. nie możesz sformatować, czy po formacie i reinstalacji systemu windiows masz je ponownie?? jeśli masz ponownie, to musisz mieć jakąś lewą wersję instalacyjną, z “dodatkami”.

Monczkin · 18 Czerwiec 2007 18:24

Proponuję poprawić tytuł i uważać na słownictwo. Popraw też błędy - na forum piszemy po polsku. Inaczej temat wyleci

Gutek · 18 Czerwiec 2007 18:48

Daj log z Combofix

iShiKava · 18 Czerwiec 2007 20:04

Na życzenie Log:

ComboFix 07-06-13.7 - C:\Documents and Settings\Levy\Pulpit\ComboFix.exe “Levy” - 2007-06-18 22:01:21 - Dodatek Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) c:\autorun.inf c:\copy.exe c:\host.exe C:\WINDOWS\autorun.inf C:\WINDOWS\svchost.exe C:\WINDOWS\system32\temp1.exe C:\WINDOWS\system32\temp2.exe C:\WINDOWS\xcopy.exe d:\autorun.inf d:\copy.exe d:\host.exe e:\autorun.inf e:\copy.exe e:\host.exe ((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 ))))))))))))))))))))))))))))))) 2007-06-18 21:59 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-18 19:03 2007-06-18 13:51 2007-06-17 23:35 143 --a------ C:\FIX.BAT 2007-06-17 23:23 2007-06-17 18:16 2007-06-17 18:15 24,064 --------- C:\WINDOWS\system32\msxml3a.dll 2007-06-17 18:15 2007-06-17 18:14 2007-06-17 18:13 2007-06-17 17:09 2007-06-17 17:03 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys 2007-06-17 17:03 569,344 --a------ C:\WINDOWS\system32\imagr5.dll 2007-06-17 17:03 544,768 --a------ C:\WINDOWS\system32\imagx5.dll 2007-06-17 17:03 38,912 --a------ C:\WINDOWS\system32\picn20.dll 2007-06-17 17:03 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll 2007-06-17 17:03 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe 2007-06-17 17:03 2007-06-17 17:02 2007-06-17 16:59 2007-06-17 16:58 2007-06-17 16:24 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll 2007-06-17 16:24 2007-06-17 16:24 2007-06-17 16:23 2007-06-17 16:23 2007-06-17 16:10 2007-06-17 16:01 2007-06-17 16:01 2007-06-17 16:00 2007-06-17 15:56 2007-06-17 15:50 2007-06-17 15:45 2007-06-17 15:44 2007-06-17 15:44 2007-06-17 15:44 2007-06-17 15:44 2007-06-17 15:43 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-06-17 15:43 5,120 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-06-17 15:43 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2007-06-17 15:43 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2007-06-17 15:43 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2007-06-17 15:43 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-06-17 15:43 1,415,680 --a------ C:\WINDOWS\system32\WMV9VCM.dll 2007-06-17 15:43 2007-06-17 15:32 2007-06-17 15:01 2007-06-17 14:55 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe 2007-06-17 14:54 2007-06-17 14:53 2007-06-17 14:32 41,984 --------- C:\WINDOWS\Ctregrun.exe 2007-06-17 14:31 90,112 --------- C:\WINDOWS\Updreg.EXE 2007-06-17 14:31 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2007-06-17 14:31 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2007-06-17 14:31 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2007-06-17 14:31 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2007-06-17 14:31 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2007-06-17 14:31 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2007-06-17 14:31 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2007-06-17 14:31 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2007-06-17 14:31 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2007-06-17 14:31 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2007-06-17 14:30 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2007-06-17 14:30 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2007-06-17 14:30 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2007-06-17 14:30 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys 2007-06-17 14:30 133,632 -ra------ C:\WINDOWS\system32\CtDvInst.dll 2007-06-17 14:30 11,264 --a------ C:\WINDOWS\INRES.DLL 2007-06-17 14:30 2007-06-17 14:29 2007-06-17 14:28 2007-06-17 14:28 2007-06-17 14:19 2007-06-17 14:19 2007-06-17 14:18 2007-06-17 14:14 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-06-17 14:12 2007-06-17 14:10 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-06-17 14:02 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2007-06-17 14:02 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2007-06-17 14:02 43,528 --a------ C:\WINDOWS\system32\drivers\PxHelp20.sys 2007-06-17 14:02 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll 2007-06-17 14:02 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2007-06-17 14:02 2007-06-17 14:02 2007-06-17 13:59 2007-06-17 13:49 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys 2007-06-17 13:48 58,624 --a------ C:\WINDOWS\system32\drivers\redbook.sys 2007-06-17 13:46 77,312 --a------ C:\WINDOWS\system32\usbui.dll 2007-06-17 13:45 42,240 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS 2007-06-17 13:45 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys 2007-06-17 13:42 2007-06-17 13:42 2007-06-17 13:42 2007-06-17 13:42 2007-06-17 13:41 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL 2007-06-17 13:41 9,168 --a------ C:\WINDOWS\system\VER.DLL 2007-06-17 13:41 85,532 --a------ C:\WINDOWS\system32\dgsetup.dll 2007-06-17 13:41 83,456 --a------ C:\WINDOWS\system\OLECLI.DLL 2007-06-17 13:41 8,704 --a------ C:\WINDOWS\system32\batt.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-06-17 12:16:33 74,450 ----a-w C:\WINDOWS\system32\perfc015.dat 2007-06-17 12:16:33 448,348 ----a-w C:\WINDOWS\system32\perfh015.dat 2007-06-17 10:02:55 -------- d-----w C:\Program Files\Usługi online 2007-04-05 18:15:55 144,357 ----a-w C:\WINDOWS\system32\atiicdxx.dat 2007-03-23 20:23:23 77,824 ----a-w C:\WINDOWS\system32\Oemdspif.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “UnlockerAssistant”=“C:\Program Files\Unlocker\UnlockerAssistant.exe” [2006-09-07 19:19] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] “NoLowDiskSpaceChecks”=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD\Language\Language.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] C:\WINDOWS\svchost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper] Rundll32 P17.dll,P17Helper [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] C:\WINDOWS\UpdReg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] “wuauserv”=2 (0x2) “wscsvc”=2 (0x2) “UPS”=3 (0x3) “Themes”=2 (0x2) “srservice”=2 (0x2) “Schedule”=2 (0x2) “LmHosts”=2 (0x2) “helpsvc”=2 (0x2) “ATI Smart”=2 (0x2) “Ati HotKey Poller”=2 (0x2) “RichVideo”=2 (0x2) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6681fbf1-1cc6-11dc-b6c9-806d6172696f}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6681fbf2-1cc6-11dc-b6c9-806d6172696f}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6681fbf3-1cc6-11dc-b6c9-806d6172696f}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{78c6a478-1cde-11dc-a509-00c0df083dd4}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f169e8b0-1cd6-11dc-a506-00c0df083dd4}] AutoRun\command- G:\autoplay.exe Contents of the ‘Scheduled Tasks’ folder 2007-06-17 16:00:08 C:\WINDOWS\tasks\1-Click Maintenance.job ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-18 22:02:33 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-06-18 22:03:03 C:\ComboFix-quarantined-files.txt … 2007-06-18 22:02 — E O F —

qrczak13 · 18 Czerwiec 2007 21:43

Do notatnika wklej:

Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6681fbf1-1cc6-11dc-b6c9-806d6172696f}\AutoRun\command] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6681fbf2-1cc6-11dc-b6c9-806d6172696f}\AutoRun\command] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6681fbf3-1cc6-11dc-b6c9-806d6172696f}\AutoRun\command] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{78c6a478-1cde-11dc-a509-00c0df083dd4}\AutoRun\command] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{f169e8b0-1cd6-11dc-a506-00c0df083dd4}\AutoRun\command]

Plik > zapisz jako > zmień rozszerzenie z .txt na wszystkie pliki > zapisz pod nazwą Fix.reg np na

pulpicie > dwuklik na Fix.reg > potwierdzasz > restart.

Czyszczenie rejestru - jv16 PowerTools 2006 1.5.2.350

I powinno być ok.