Zamulenie kompa

Sasori15 · 1 Październik 2007 22:38

Nie wiem dlaczego, ale przy otwieraniu filmów, muszę czekać ok. 5 minut zanim się wszystko ustabilizuje, komp ostro wtedy zamula, nawet ctrl+alt+del działa dopiero po kilku minutach…jak sprawdzałem na hijackthis.de wykryło kilka złych wpisów, ale wolę zasięgnąć porady ekspertów

Oto log:

Logfile of HijackThis v1.99.1

Scan saved at 00:21:48, on 2007-10-02

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Program Files\Last.fm\LastFMHelper.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cidaemon.exe

D:\Kuba\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.175.37.70:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)

O2 - BHO: ADSTechnology module - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll (file missing)

O2 - BHO: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll

O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll (file missing)

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: Expressivo - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\IH_iexplore.dll

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”

O4 - HKLM…\Run: [GrooveMonitor] “C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe”

O4 - HKLM…\Run: [sysCtrl] C:\WINDOWS\system32\sys34.exe

O4 - HKLM…\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [AQQ] C:\DOCUME~1\Komputer\Pulpit\AQQ\AQQ.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe

O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download Link Using Mega Manager… - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra ‘Tools’ menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - http://www.mks.com.pl/skaner/SkanerOnline.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Gutek · 1 Październik 2007 22:42

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

usuń wpisy HJT

Daj log z ComboFix

Sasori15 · 1 Październik 2007 23:02

Przed wklejeniem loga powiem, że po odpaleniu programu antyvir mi zaszczekał, że w katalogu z ComboFixem, bodajże w Cfiles.net jest trojan…Oto log:

ComboFix 07-10-02.2 - Komputer 2007-10-02 0:53:08.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.112 [GMT 2:00]

Running from: C:\Documents and Settings\Komputer\Pulpit\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2007-09-02 to 2007-10-02 )))))))))))))))))))))))))))))))

.

2007-10-02 00:48 51,200 --a------ C:\WINDOWS\NirCmd.exe

2007-10-01 18:07

2007-09-25 15:00

2007-09-23 16:08

2007-09-22 15:38

2007-09-22 15:37

2007-09-22 11:59

2007-09-18 18:12

2007-09-18 14:53

2007-09-18 14:38

2007-09-18 14:36

2007-09-15 21:54

2007-09-15 17:32 0 --ah----- C:\Documents and Settings\Default User\hpothb07.dat

2007-09-15 17:31 164 --ah----- C:\Documents and Settings\All Users\hpothb07.dat

2007-09-15 13:10 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys

2007-09-15 13:10 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

2007-09-15 12:24

2007-09-15 12:23

2007-09-15 12:21 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS

2007-09-13 21:19

2007-09-13 20:25

2007-09-13 20:18

2007-09-12 22:04 64,801 --a------ C:\WINDOWS\BricoPackUninst.cmd

2007-09-12 21:56 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

2007-09-12 21:55

2007-09-12 18:03

2007-09-06 17:13

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-09-30 11:29 --------- d-------- C:\Program Files\DC++

2007-09-26 22:05 --------- d-------- C:\Program Files\FlashGet

2007-09-23 09:05 --------- d-------- C:\Program Files\NAPI-PROJEKT

2007-09-20 21:46 --------- d-------- C:\Program Files\Common Files\InstallShield

2007-09-19 22:26 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help

2007-09-18 14:56 --------- d–h----- C:\Program Files\InstallShield Installation Information

2007-09-15 12:21 --------- d-------- C:\Program Files\Hewlett-Packard

2007-09-13 20:57 --------- d-------- C:\Program Files\Winamp

2007-09-13 20:48 --------- d-------- C:\Documents and Settings\Komputer\Dane aplikacji\Skype

2007-09-13 20:18 --------- d-------- C:\Program Files\Skype

2007-09-13 20:18 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\Skype

2007-09-12 22:04 219648 --a------ C:\WINDOWS\system32\uxtheme.dll

2007-09-12 19:59 --------- d-------- C:\Program Files\SubEdit-Player

2007-09-12 18:07 --------- d-------- C:\Program Files\Combined Community Codec Pack

2007-09-07 17:08 --------- d-------- C:\Program Files\Real Alternative

2007-09-06 12:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-09-06 12:00 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr

2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-09-02 17:36 --------- d-------- C:\Program Files\ToonCar

2007-08-15 16:02 --------- d-------- C:\Program Files\Common Files\Vbox

2007-08-13 18:01 --------- d-------- C:\Program Files\Microsoft Works

2007-08-13 18:00 --------- d-------- C:\Program Files\MSBuild

2007-08-13 17:56 --------- d-------- C:\Program Files\Microsoft.NET

2007-08-13 17:39 --------- d-------- C:\Program Files\Microsoft Visual Studio 8

2007-08-10 15:13 --------- d-------- C:\Program Files\nokcvtr

2007-08-10 15:12 --------- d-------- C:\Documents and Settings\All Users\Dane aplikacji\stamina

2007-08-09 14:19 --------- d-------- C:\Program Files\ivo

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-25 15:41 155648 --a------ C:\WINDOWS\system32\libssl32.dll

--------- C:\Documents and Settings\Komputer\Dane aplikacji\Folder przesyłania Share-to-Web

2006-07-20 15:52:10 14 --sh–w C:\WINDOWS\mswtpdxp.dll

2006-07-20 15:52:25 21 --sh–w C:\WINDOWS\prwttrxp.dll

2006-07-20 15:52:10 21 --sh–w C:\WINDOWS\system32\dpwttaxp.dll

2006-07-20 15:52:10 14 --sh–w C:\WINDOWS\system32\mswtpaxp.dll

2006-07-20 15:52:04 2 --sh–w C:\WINDOWS\system32\verwttxp.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 12:06]

“HPDJ Taskbar Utility”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe” [2002-03-28 11:20]

“nwiz”=“nwiz.exe” [2003-03-20 20:13 C:\WINDOWS\system32\nwiz.exe]

“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2004-11-02 21:24]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe” [2007-03-14 03:43]

“GrooveMonitor”=“C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe” [2006-10-27 00:47]

“Share-to-Web Namespace Daemon”=“C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe” [2002-04-11 04:19]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44]

“Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-04-19 17:43]

“AQQ”=“C:\DOCUME~1\Komputer\Pulpit\AQQ\AQQ.exe” [2007-07-24 20:14]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-20 22:22:41]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06]

Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-09-22 15:37:46]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-20 22:22:41]

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 14:44:06]

Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-09-22 15:37:46]

R1 ISODrive;ISO DVD/CD-ROM Device Driver;??\C:\Program Files\UltraISO\drivers\ISODrive.sys

S3 actser;actser;C:\WINDOWS\system32\drivers\actser.sys

S3 nocashio;nocashio;C:\WINDOWS\system32\drivers\nocashio.sys

S3 siusbmod;siusbmod;C:\WINDOWS\system32\DRIVERS\siusbmod.sys

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-10-02 00:56:03

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-10-02 0:58:03

.

— E O F —

Na koniec coś mi się jeszcze przypomniało: mój napęd nie chce czytać płytek dvd, tzn. widzi je, ale mówi, że ma nieprawidłowy strumień i niezgodne z sys. Windows…

Gutek · 1 Październik 2007 23:09

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Pozdrawiam Gutek2222

Otwórz Notatnik i wklej w nim:

Plik => zapisz pod nazwą CFScript.txt. Plik przeciągnij i upuść na ikonę ComboFixa.

Jak na tym obrazku

Pobierz program SDFix

Sasori15 · 1 Październik 2007 23:40

SDFix: Version 1.107


Run by Komputer on 2007-10-02 at 01:29


Microsoft Windows XP [Wersja 5.1.2600]


Running From: C:\SDFix


Safe Mode:

Checking Services: 



Restoring Windows Registry Values

Restoring Windows Default Hosts File


Rebooting...



Normal Mode:

Checking Files: 


No Trojan Files Found





Removing Temp Files...


ADS Check:


C:\WINDOWS

No streams found. 


C:\WINDOWS\system32

No streams found. 


C:\WINDOWS\system32\svchost.exe

No streams found.


C:\WINDOWS\system32\ntoskrnl.exe

No streams found.




                                 Final Check:


Remaining Services:

------------------





Authorized Application Key Export:


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


Remaining Files:

---------------



Files with Hidden Attributes:


Thu 20 Jul 2006 14 ..SH. --- "C:\WINDOWS\mswtpdxp.dll"

Thu 20 Jul 2006 21 ..SH. --- "C:\WINDOWS\prwttrxp.dll"

Tue 17 Oct 2006 622,080 A.SH. --- "C:\Program Files\Internet Explorer\SET1BF.tmp"

Thu 20 Jul 2006 21 ..SH. --- "C:\WINDOWS\system32\dpwttaxp.dll"

Thu 20 Jul 2006 14 ..SH. --- "C:\WINDOWS\system32\mswtpaxp.dll"

Thu 20 Jul 2006 2 ..SH. --- "C:\WINDOWS\system32\verwttxp.dll"

Sat 22 Jul 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Sat 14 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Sat 14 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"


Finished!

jessica · 2 Październik 2007 06:37

Czy SDFix był użyty po usuwaniu przy pomocy Script ComboFix?

Jeśli tak, to nic się nie usunęło.

Powtórz usuwanie.

Jeśli i tym razem nie zadziała, to:

Ściągnij OTMoveIt

Do pola Paste List of Files/Folders to be Moved wklej poniższe ścieżki:

Następnie wciśnij przycisk MoveIt!

Pojawi się komunikat, że jest potrzebny restart do usunięcia podanych plików/folderów- wciśnij Yes.

Po restarcie usuń ręcznie folder C:** _OTMoveIt** (Prawoklik >>> Usuń >>> Opróżnij Kosz).

I daj nowy log z ComboFixa.

jessi