Skocz do zawartości


Zdjęcie

[wirus]winfile.exe

Rozpoczęty przez kstf , 01 07 2008 20:18

  • Zamknięty Temat jest zamknięty
1 odpowiedź w tym temacie

#1 kstf

kstf

    Nowy

  • 1 postów

Napisano 01 07 2008 - 20:18

mam problem pokazuje mi sie wszedzie winfile.exe i gdy chce wlaczyc jakiex pliki to czasem pokazuje mi sie "this file has been damage" wiem ze to jakis wirus ale kto mi pomoze go usunac antywirusy nie wykryly. Moze jakos przez logi? pomozcie

logi z combofix :

ComboFix 08-06-30.2 - kstf 2008-07-01 19:53:06.1 - NTFSx86Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.756 [GMT 2:00]Running from: D:\Instalki\ComboFix.exe * Created a new restore point<strong class='bbc'>WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED Dołączona grafika</strong>.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\WINDOWS\hosts.(((((((((((((((((((((((((   Files Created from 2008-06-01 to 2008-07-01  ))))))))))))))))))))))))))))))).2008-07-01 19:41 . 2008-07-01 19:41   <DIR>   d--------   C:\WINDOWS\Sun2008-07-01 19:31 . 2008-07-01 19:31   33,824   --a------   C:\WINDOWS\system32\drivers\oreans32.sys2008-06-29 22:17 . 2004-08-03 23:08   31,616   --a------   C:\WINDOWS\system32\drivers\usbccgp.sys2008-06-29 22:17 . 2004-08-03 23:08   31,616   --a--c---   C:\WINDOWS\system32\dllcache\usbccgp.sys2008-06-28 13:52 . 2004-08-03 23:08   26,496   --a--c---   C:\WINDOWS\system32\dllcache\usbstor.sys2008-06-28 11:49 . 2008-06-28 11:49   <DIR>   d--------   C:\Program Files\Common Files\Adobe2008-06-28 11:47 . 2008-06-28 11:47   <DIR>   d--------   C:\WINDOWS\Cache2008-06-27 12:53 . 2008-06-27 12:54   <DIR>   d--------   C:\Program Files\NAPI-PROJEKT2008-06-27 12:41 . 2008-06-27 12:41   <DIR>   d--------   C:\Program Files\MarBit2008-06-26 23:19 . 2008-06-27 12:19   <DIR>   d--------   C:\Program Files\AutoConnect2008-06-25 23:10 . 2008-06-25 23:10   <DIR>   d--h-----   C:\WINDOWS\system32\GroupPolicy2008-06-25 20:28 . 2008-06-25 20:28   8   --a------   C:\WINDOWS\AutoMouse.hint2008-06-24 22:35 . 2008-06-24 22:37   <DIR>   d--------   C:\Program Files\Total Video Converter2008-06-24 22:35 . 2000-05-22 22:58   608,448   --a------   C:\WINDOWS\system32\comctl32.ocx2008-06-24 11:07 . 2008-06-24 11:07   <DIR>   d--h-----   C:\WINDOWS\PIF2008-06-22 14:19 . 2008-06-30 20:26   <DIR>   d--------   C:\Program Files\eMule2008-06-21 15:06 . 2008-06-21 15:06   <DIR>   d--------   C:\Program Files\Blaze Media Pro2008-06-21 15:06 . 2008-06-21 15:06   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\TEMP2008-06-21 15:03 . 2008-06-21 15:06   <DIR>   d--h-----   C:\Documents and Settings\All Users\Dane aplikacji\{0E229466-359B-478E-8B91-68B88090EF56}2008-06-21 14:44 . 2008-06-21 14:44   <DIR>   d--------   C:\Program Files\Alcohol Soft2008-06-21 14:44 . 2004-04-30 09:37   160,640   --a------   C:\WINDOWS\system32\drivers\a347bus.sys2008-06-21 14:44 . 2004-04-30 09:33   5,248   --a------   C:\WINDOWS\system32\drivers\a347scsi.sys2008-06-21 14:39 . 2008-06-21 14:44   <DIR>   d--------   C:\Program Files\DAEMON Tools Lite2008-06-21 14:37 . 2008-06-21 14:37   <DIR>   d--------   C:\Documents and Settings\kstf\Dane aplikacji\DAEMON Tools2008-06-21 14:37 . 2008-06-21 14:37   716,272   --a------   C:\WINDOWS\system32\drivers\sptd.sys2008-06-19 22:33 . 2008-06-19 22:33   <DIR>   d--------   C:\Program Files\Ganymede2008-06-19 22:31 . 2008-06-19 22:31   <DIR>   d--------   C:\Program Files\Sun2008-06-19 22:31 . 2008-03-25 02:37   69,632   --a------   C:\WINDOWS\system32\javacpl.cpl2008-06-19 22:30 . 2008-06-19 22:31   <DIR>   d--------   C:\Program Files\Java2008-06-19 22:30 . 2008-06-19 22:41   <DIR>   d--------   C:\Documents and Settings\kstf\Dane aplikacji\GanymedeNet2008-06-19 22:29 . 2008-06-19 22:29   <DIR>   d--------   C:\Program Files\Common Files\Java2008-06-19 21:51 . 2008-06-19 21:51   <DIR>   d--------   C:\Program Files\Common Files\INCA Shared2008-06-19 21:51 . 2003-07-21 05:17   5,174   --a------   C:\WINDOWS\system32\nppt9x.vxd2008-06-19 21:51 . 2005-01-04 20:43   4,682   --a------   C:\WINDOWS\system32\npptNT2.sys2008-06-19 21:25 . 2008-06-19 21:25   697   ---hs----   C:\comment.htt2008-06-19 21:25 . 2008-06-19 21:25   72   ---hs----   C:\desktop.ini2008-06-19 21:19 . 2008-04-30 19:21   730,840   -ra------   C:\WINDOWS\system32\drivers\cfosspeed.sys2008-06-19 21:16 . 2008-07-01 19:54   <DIR>   d--------   C:\Program Files\cFosSpeed2008-06-19 21:16 . 2008-04-30 19:21   285,912   --a------   C:\WINDOWS\system32\cfosspeed.dll2008-06-19 12:02 . 2008-06-19 12:02   <DIR>   d--------   C:\Program Files\K-Lite Codec Pack2008-06-19 12:01 . 2008-06-19 12:02   <DIR>   d--------   C:\Documents and Settings\kstf\Dane aplikacji\Media Player Classic2008-06-19 12:01 . 2008-06-30 13:00   69   --a------   C:\WINDOWS\NeroDigital.ini2008-06-19 10:03 . 2008-06-19 10:03   <DIR>   d--------   C:\Program Files\uTorrent2008-06-19 10:03 . 2008-06-19 10:10   <DIR>   d--------   C:\Documents and Settings\kstf\Dane aplikacji\uTorrent2008-06-18 19:52 . 2008-06-18 19:52   <DIR>   d--------   C:\WINDOWS\SHELLNEW2008-06-18 19:52 . 2008-06-18 19:52   <DIR>   d--------   C:\Program Files\Microsoft Works2008-06-18 19:50 . 2008-06-18 19:50   <DIR>   dr-h-----   C:\MSOCache2008-06-18 19:50 . 2008-06-18 19:52   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help2008-06-18 14:15 . 2008-06-18 14:15   <DIR>   d--------   C:\Program Files\Avery Dennison2008-06-18 14:15 . 2008-06-18 14:15   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Avery2008-06-18 14:01 . 2008-06-18 14:01   <DIR>   d--------   C:\Program Files\coverXP2008-06-18 13:53 . 2005-11-30 06:00   140,288   --a------   C:\WINDOWS\system32\CNMLM53.DLL2008-06-18 13:53 . 2005-03-08 19:17   90,112   --a------   C:\WINDOWS\system32\CNMCP53.exe2008-06-18 13:53 . 2005-11-30 06:00   8,704   --a------   C:\WINDOWS\system32\CNMVS53.DLL2008-06-18 13:52 . 2008-06-18 13:52   <DIR>   d--h-----   C:\Documents and Settings\All Users\Dane aplikacji\CanonBJ2008-06-18 13:51 . 2004-08-03 23:01   25,856   --a------   C:\WINDOWS\system32\drivers\usbprint.sys2008-06-18 13:51 . 2004-08-03 23:01   25,856   --a--c---   C:\WINDOWS\system32\dllcache\usbprint.sys2008-06-18 13:35 . 2008-06-18 13:36   <DIR>   d--------   C:\Program Files\Common Files\LightScribe2008-06-18 13:35 . 2008-06-18 13:36   <DIR>   d--------   C:\Documents and Settings\kstf\Dane aplikacji\Ahead2008-06-18 13:32 . 2008-06-18 13:32   <DIR>   d--------   C:\Program Files\Nero2008-06-18 13:32 . 2008-06-18 13:35   <DIR>   d--------   C:\Program Files\Common Files\Ahead2008-06-18 13:32 . 2008-06-18 13:32   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Nero2008-06-18 09:38 . 2008-06-18 09:38   <DIR>   d--------   C:\Downloads2008-06-18 09:38 . 2008-06-18 09:38   2,560   --a------   C:\WINDOWS\system32\bitcometres.dll2008-06-18 01:06 . 2004-08-04 01:15   145,792   --a------   C:\WINDOWS\system32\drivers\portcls.sys2008-06-18 01:06 . 2004-08-04 02:44   130,048   --a------   C:\WINDOWS\system32\ksproxy.ax2008-06-18 01:06 . 2004-08-04 02:44   77,312   --a------   C:\WINDOWS\system32\usbui.dll2008-06-18 01:06 . 2004-08-04 01:08   60,288   --a------   C:\WINDOWS\system32\drivers\drmk.sys2008-06-18 01:06 . 2004-08-04 01:07   42,240   --a------   C:\WINDOWS\system32\drivers\VIAAGP.SYS2008-06-18 01:06 . 2001-08-17 22:19   40,704   --a------   C:\WINDOWS\system32\drivers\es1371mp.sys2008-06-18 01:06 . 2004-08-04 00:31   20,992   --a------   C:\WINDOWS\system32\drivers\RTL8139.sys2008-06-18 01:06 . 2004-08-04 01:08   10,624   --a------   C:\WINDOWS\system32\drivers\gameenum.sys2008-06-18 01:06 . 2004-08-04 02:44   4,096   --a------   C:\WINDOWS\system32\ksuser.dll2008-06-18 01:05 . 2008-07-01 19:26   <DIR>   d--hs----   C:\WINDOWS\Installer2008-06-18 01:05 . 2008-06-17 23:30   763,990   --a------   C:\WINDOWS\system32\PerfStringBackup.INI2008-06-18 01:05 . 2008-06-17 23:21   4,382   --a------   C:\WINDOWS\imsins.BAK2008-06-18 01:04 . 2008-06-18 01:04   <DIR>   dr-h-----   C:\Documents and Settings\Default User\Ustawienia lokalne2008-06-18 01:04 . 2008-06-18 01:04   <DIR>   d--------   C:\Documents and Settings\Default User\Ulubione2008-06-18 01:04 . 2008-06-17 23:13   <DIR>   d--h-----   C:\Documents and Settings\Default User\Szablony2008-06-18 01:04 . 2008-06-18 01:04   <DIR>   d--------   C:\Documents and Settings\Default User\Pulpit2008-06-18 01:04 . 2008-06-18 01:04   <DIR>   d--------   C:\Documents and Settings\Default User\Moje dokumenty2008-06-18 01:04 . 2008-06-18 01:04   <DIR>   dr-------   C:\Documents and Settings\Default User\Menu Start2008-06-18 01:04 . 2008-06-18 01:04   <DIR>   dr-h-----   C:\Documents and Settings\Default User\Dane aplikacji2008-06-18 01:04 . 2008-06-18 01:04   <DIR>   d--------   C:\Documents and Settings\All Users\Ulubione2008-06-18 01:04 . 2008-06-19 22:31   <DIR>   d--h-----   C:\Documents and Settings\All Users\Szablony2008-06-18 01:04 . 2008-06-28 11:49   <DIR>   d--------   C:\Documents and Settings\All Users\Pulpit2008-06-18 01:04 . 2008-06-19 22:31   <DIR>   dr-------   C:\Documents and Settings\All Users\Menu Start2008-06-18 01:04 . 2008-06-17 23:15   <DIR>   dr-------   C:\Documents and Settings\All Users\Dokumenty2008-06-18 01:04 . 2008-06-28 11:49   <DIR>   dr-h-----   C:\Documents and Settings\All Users\Dane aplikacji2008-06-18 01:03 . 2008-06-17 23:29   <DIR>   d--h-----   C:\Documents and Settings\Default User2008-06-18 01:03 . 2008-06-25 23:11   <DIR>   d--------   C:\Documents and Settings\All Users2008-06-18 01:03 . 2008-06-17 23:30   <DIR>   d--------   C:\Documents and Settings2008-06-18 01:03 . 2008-06-17 23:21   261   --a------   C:\WINDOWS\system32\$winnt$.inf.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-06-18 12:15   ---------   d-----w   C:\Program Files\Common Files\InstallShield2008-06-17 21:56   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks2008-06-17 21:55   ---------   d-----w   C:\Documents and Settings\kstf\Dane aplikacji\Winamp2008-06-17 21:49   ---------   d-----w   C:\Program Files\Winamp2008-06-17 21:47   ---------   d-----w   C:\Program Files\Winamp Remote2008-06-17 21:45   ---------   d-----w   C:\Program Files\<a href="http://www.download.net.pl/107/Real-Alternative/">Real Alternative</a>2008-06-17 21:43   ---------   d-----w   C:\Documents and Settings\kstf\Dane aplikacji\Gadu-Gadu2008-06-17 21:36   ---------   d--h--w   C:\Program Files\InstallShield Installation Information2008-06-17 21:18   ---------   d-----w   C:\Program Files\microsoft frontpage2008-06-17 21:16   ---------   d-----w   C:\Program Files\Usługi online2008-05-27 23:16   61,440   ----a-w   C:\WINDOWS\system32\NormalizeDSP.dll2008-05-24 16:51   53,765   ----a-w   C:\WINFILE.EXE2008-05-24 16:51   53,765   ----a-w   C:\WINDOWS\Web\PN.exe2008-05-24 16:51   53,765   ----a-w   C:\WINDOWS\Help\NLLIJ1.exe2008-05-24 16:51   53,765   ----a-w   C:\WINDOWS\Help\NLLIJ.exe2008-05-24 16:51   53,765   ----a-w   C:\Documents and Settings\kstf\tvcWINFILE.EXE2008-05-24 16:51   53,765   ----a-w   C:\Documents and Settings\kstf\SMSWINFILE.EXE2008-05-24 16:51   53,765   ----a-w   C:\Documents and Settings\kstf\MSZWINFILE.EXE2008-05-23 13:12   323,584   ----a-w   C:\WINDOWS\system32\AudioGenie2.dll2008-04-16 22:14   233,472   ----a-w   C:\WINDOWS\system32\viscomdvdimg.dll.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"="D:\Programy\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.YV12"= yv12vfw.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]--a------ 2006-12-23 18:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]---h----- 2008-05-24 18:51 53765 D:\Programy\BitComet\BitComet.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cFosSpeed]-ra------ 2008-04-30 19:20 863448 C:\Program Files\cFosSpeed\cfosspeed.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]--a------ 2004-08-04 00:44 15360 C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]--a------ 2008-02-14 01:09 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]--a------ 2007-11-14 12:54 2131392 D:\Programy\Gadu-Gadu\gg.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]--a------ 2007-06-29 00:43 8466432 C:\WINDOWS\system32\nvcpl.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]--a------ 2007-06-29 00:43 81920 C:\WINDOWS\system32\nvmctray.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]--a------ 2008-04-01 03:54 507904 C:\Program Files\Winamp Remote\bin\OrbTray.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavTimeXP]--a------ 2008-05-24 18:51 53765 C:\WINDOWS\Web\PN.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2008-01-16 00:54 37376 C:\Program Files\Winamp\winampa.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]--a------ 2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="D:\\Programy\\Gadu-Gadu\\gg.exe"="D:\\Programy\\BitComet\\BitComet.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"9766:TCP"= 9766:TCP:BitComet 9766 TCP"9766:UDP"= 9766:UDP:BitComet 9766 UDP"65535:TCP"= 65535:TCP:BitComet 65535 TCP"65535:UDP"= 65535:UDP:BitComet 65535 UDPR1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2008-07-01 19:31]*Newly Created Service* - CATCHME.- - - - ORPHANS REMOVED - - - -MSConfigStartUp-AutoConnect - C:\Program Files\AutoConnect\AutoConnect.exe**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-07-01 19:54:07Windows 5.1.2600 Dodatek Service Pack 2 NTFSscanning hidden processes ...scanning hidden autostart entries ...scanning hidden files ...scan completed successfullyhidden files: 0**************************************************************************.Completion time: 2008-07-01 19:55:16ComboFix-quarantined-files.txt  2008-07-01 17:55:12Pre-Run: 5,629,292,544 bajtów wolnychPost-Run: 5,639,012,352 bajtów wolnych205


logi z hijhackthis :

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 19:56:59, on 2008-07-01Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\HELP\NLLIJ1.exeD:\Programy\Gadu-Gadu\gg.exeC:\Program Files\cFosSpeed\spd.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\notepad.exeC:\WINDOWS\explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programy\BitComet\tools\BitCometBHO_1.2.1.2.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKCU\..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /trayO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Programy\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Programy\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Programy\BitComet\BitComet.exe/AddAllLink.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Programy\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe-- End of file - 3968 bytes


  • 0

#2 wncvirus

wncvirus

    Leń !

  • 851 postów

Napisano 01 07 2008 - 23:11

Odpal hjt wybierz opcję do a system scan only zrobi Ci się log i zaznacz kwadra obok poniższego wpisu i daj fix.

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Programy\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)


co do combofix

C:\WINDOWS\Help\NLLIJ1.exe
C:\WINDOWS\Help\NLLIJ.exe

Sprawdź te dwa powyższe pliki na http://virusscan.jotti.org/.

  • 0
Wróć do Bezpieczeństwo (wirusy i trojany)


Użytkownicy przeglądający ten temat: 1

0 użytkowników, 1 gości, 0 anonimowych

  1. Forum Komputerowe Tweaks.pl
  2. Oprogramowanie
  3. Bezpieczeństwo (wirusy i trojany)
  4. Polityka prywatności
  5. Szukaj
  6. Regulamin Forum ·