Problem z plikiem ci.dll

**Posty:** 62 · przez **kris__25** 27 Lut 2009, 08:15

Witam, podczas uruchamiania sysstemu uruchamia mi sie narzedzie do naprawy systemu i po skanowaniu w szczegółach błędów pokazuje mi ze plik ci.dll jest uszkodzony, przeskanowałem ten plik programem Virustotal i otrzymałem taki raport:
http://www.virustotal.com/pl/analisis/76f0337eba04a6a55b299d424370bc12
Proszę o pomoc co z tym dalej robic bo widze ze cos jest nie tak z tym plikiem

**Posty:** 18165 · przez **wojtas** 27 Lut 2009, 14:33

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

**Posty:** 62 · przez **kris__25** 27 Lut 2009, 20:07

Niestety SDFix mi nie poszedl, wypakowalem, uruchomilem laptopa w trybie awaryjnym i nic, nie mam pojecia czemu? Oto logi
- z combofixa

Kod: Zaznacz wszystko: ComboFix 09-02-26.02 - User 2009-02-27 18:47:58.1 - NTFSx86 Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1250.1.1045.18.2037.1277 [GMT 1:00] Uruchomiony z: c:\users\User\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1296 [VPS 090122-0] *On-access scanning enabled* (Updated) . ((((((((((((((((((((((((( Pliki utworzone od 2009-01-27 do 2009-02-27 ))))))))))))))))))))))))))))))) . 2009-02-27 18:40 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix 2009-02-19 17:42 . 2009-02-19 17:43 <DIR> d-------- c:\program files\Tlumacz Komputerowy - Niemiecki 2009-02-13 19:25 . 2009-02-13 19:25 186,133,261 --a------ c:\windows\MEMORY.DMP 2009-02-11 18:09 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll 2009-02-11 18:09 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe 2009-02-11 18:09 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe 2009-02-11 18:09 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll 2009-02-11 18:09 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll 2009-02-11 18:09 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll 2009-02-11 18:09 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl 2009-02-11 18:09 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll 2009-02-11 18:04 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll 2009-02-11 18:04 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll 2009-02-11 18:04 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll 2009-02-11 18:03 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll 2009-02-11 18:03 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll 2009-02-11 09:45 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2009-02-11 09:45 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll 2009-02-09 18:25 . 2009-02-09 18:25 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2009-02-09 18:14 . 2009-02-09 18:14 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-02-06 16:15 . 2009-02-06 16:15 <DIR> d-------- c:\program files\Maxis 2009-02-06 16:11 . 2009-02-06 16:11 <DIR> d-------- c:\program files\SlySoft 2009-02-06 16:11 . 2009-02-06 16:12 24 ---hs---- c:\windows\S8CBEBDE5.tmp 2009-02-01 18:08 . 2009-02-01 18:09 1,905 --a------ c:\windows\diagwrn.xml 2009-02-01 18:08 . 2009-02-01 18:09 1,905 --a------ c:\windows\diagerr.xml . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-17 20:01 --------- d-----w c:\users\User\AppData\Roaming\Skype 2009-02-17 19:34 --------- d-----w c:\users\User\AppData\Roaming\skypePM 2009-02-11 21:52 --------- d-----w c:\program files\Windows Mail 2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys 2009-01-26 14:56 48 ---ha-w c:\users\All Users\ezsidmv.dat 2009-01-26 14:56 48 ---ha-w c:\programdata\ezsidmv.dat 2009-01-26 12:28 --------- d-----w c:\program files\Common Files\Logitech 2009-01-26 12:27 --------- d-----w c:\programdata\Logitech 2009-01-26 12:27 --------- d-----w c:\program files\Logitech 2009-01-26 12:27 --------- d-----w c:\program files\Common Files\Logishrd 2009-01-26 12:12 --------- d-----w c:\programdata\Skype 2009-01-26 12:12 --------- d-----w c:\program files\Skype 2009-01-26 12:12 --------- d-----w c:\program files\Common Files\Skype 2009-01-24 16:43 --------- d-----w c:\users\User\AppData\Roaming\Winamp 2009-01-23 20:27 --------- d-----w c:\users\User\AppData\Roaming\BVS Solitaire Collection 2009-01-23 17:11 --------- d-----w c:\program files\Java 2009-01-23 15:10 --------- d-----w c:\program files\BVS Solitaire Collection 2009-01-23 08:05 174 --sha-w c:\program files\desktop.ini 2009-01-23 07:58 --------- d-----w c:\program files\Windows Sidebar 2009-01-23 07:58 --------- d-----w c:\program files\Windows Photo Gallery 2009-01-23 07:58 --------- d-----w c:\program files\Windows Defender 2009-01-23 07:58 --------- d-----w c:\program files\Windows Collaboration 2009-01-23 07:58 --------- d-----w c:\program files\Windows Calendar 2009-01-23 07:30 82,432 ----a-w c:\windows\System32\axaltocm.dll 2009-01-23 07:30 101,888 ----a-w c:\windows\System32\ifxcardm.dll 2009-01-22 16:46 --------- d-----w c:\programdata\SBT 2009-01-22 16:46 --------- d-----w c:\program files\Przeglądarka migawek 2009-01-22 16:38 --------- d-----w c:\users\User\AppData\Roaming\Microsoft Web Folders 2009-01-22 10:17 269,312 ----a-w c:\windows\System32\es.dll 2009-01-21 20:23 --------- d-----w c:\users\User\AppData\Roaming\Gadu-Gadu 2009-01-21 20:20 --------- d-----w c:\program files\Gadu-Gadu 2009-01-21 18:35 61,440 ----a-w c:\windows\System32\winipsec.dll 2009-01-21 18:35 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL 2009-01-21 18:35 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll 2009-01-21 18:35 272,896 ----a-w c:\windows\System32\polstore.dll 2009-01-21 18:32 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll 2009-01-21 18:32 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll 2009-01-21 18:32 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll 2009-01-21 18:22 --------- d-----w c:\programdata\eMule 2009-01-21 18:22 --------- d-----w c:\program files\eMule 2009-01-21 18:21 296,960 ----a-w c:\windows\System32\gdi32.dll 2009-01-21 18:17 212,480 ----a-w c:\windows\system32\drivers\mrxsmb10.sys 2009-01-21 18:15 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2009-01-21 18:15 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2009-01-21 18:15 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2009-01-21 18:15 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll 2009-01-21 18:15 28,672 ----a-w c:\windows\System32\Apphlpdm.dll 2009-01-21 18:15 2,560 ----a-w c:\windows\AppPatch\AcRes.dll 2009-01-21 18:15 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2009-01-21 18:15 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2009-01-21 18:15 1,695,744 ----a-w c:\windows\System32\gameux.dll 2009-01-21 18:13 303,616 ----a-w c:\windows\System32\wmpeffects.dll 2009-01-21 18:12 2,032,640 ----a-w c:\windows\System32\win32k.sys 2009-01-21 18:11 2,048 ----a-w c:\windows\System32\msxml3r.dll 2009-01-21 18:11 1,191,936 ----a-w c:\windows\System32\msxml3.dll 2009-01-21 18:10 --------- d-----w c:\program files\NAPI-PROJEKT 2009-01-21 18:09 --------- d-----w c:\program files\IrfanView 2009-01-21 18:08 --------- d-----w c:\users\User\AppData\Roaming\Ashampoo 2009-01-21 18:07 --------- d-----w c:\programdata\ashampoo 2009-01-21 18:07 --------- d-----w c:\program files\Ashampoo 2009-01-21 18:05 2,048 ----a-w c:\windows\System32\tzres.dll 2009-01-21 17:59 2,927,104 ----a-w c:\windows\explorer.exe 2009-01-21 17:51 9,892,864 ----a-w c:\windows\System32\NlsLexicons000a.dll 2009-01-21 17:48 988,216 ----a-w c:\windows\System32\winload.exe 2009-01-21 17:48 927,288 ----a-w c:\windows\System32\winresume.exe 2009-01-21 17:48 615,992 ----a-w c:\windows\System32\ci.dll 2009-01-21 17:48 6,656 ----a-w c:\windows\System32\kbd106n.dll 2009-01-21 17:48 46,592 ----a-w c:\windows\System32\setbcdlocale.dll 2009-01-21 17:48 40,960 ----a-w c:\windows\System32\srclient.dll 2009-01-21 17:48 378,368 ----a-w c:\windows\System32\srcore.dll 2009-01-21 17:48 318,464 ----a-w c:\windows\System32\rstrui.exe 2009-01-21 17:48 19,000 ----a-w c:\windows\System32\kd1394.dll 2009-01-21 17:48 14,848 ----a-w c:\windows\System32\srdelayed.exe 2009-01-21 17:46 --------- d-----w c:\program files\Combined Community Codec Pack 2009-01-21 17:45 712,704 ----a-w c:\windows\System32\WindowsCodecs.dll 2009-01-21 17:45 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll 2009-01-21 17:45 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll 2009-01-21 17:43 443,392 ----a-w c:\windows\System32\win32spl.dll 2009-01-21 17:43 37,888 ----a-w c:\windows\System32\printcom.dll 2009-01-21 17:42 288,768 ----a-w c:\windows\system32\drivers\srv.sys 2009-01-21 17:42 14,848 ----a-w c:\windows\System32\wshrm.dll 2009-01-21 17:42 113,664 ----a-w c:\windows\system32\drivers\rmcast.sys 2009-01-21 17:42 --------- d-----w c:\program files\Winamp 2009-01-21 17:41 996,352 ----a-w c:\windows\System32\WMNetMgr.dll 2009-01-21 17:41 98,816 ----a-w c:\windows\System32\mfps.dll 2009-01-21 17:41 94,720 ----a-w c:\windows\System32\logagent.exe 2009-01-21 17:41 53,248 ----a-w c:\windows\System32\rrinstaller.exe 2009-01-21 17:41 24,576 ----a-w c:\windows\System32\mfpmp.exe 2009-01-21 17:41 2,868,736 ----a-w c:\windows\System32\mf.dll 2009-01-21 17:41 2,048 ----a-w c:\windows\System32\mferror.dll 2009-01-21 17:40 84,480 ----a-w c:\windows\System32\INETRES.dll 2009-01-21 17:40 738,304 ----a-w c:\windows\System32\inetcomm.dll 2009-01-21 17:40 1,645,568 ----a-w c:\windows\System32\connect.dll 2009-01-21 17:40 1,314,816 ----a-w c:\windows\System32\quartz.dll 2009-01-21 17:39 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2009-01-21 17:39 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2009-01-21 17:39 --------- d-----w c:\program files\MSXML 4.0 2009-01-21 17:38 2,048 ----a-w c:\windows\System32\msxml6r.dll 2009-01-21 17:38 1,334,272 ----a-w c:\windows\System32\msxml6.dll 2009-01-21 17:17 --------- d-----w c:\program files\Common Files\Symantec Shared . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-02 409264] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-02 493112] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552] "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-07 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-07 81920] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104] "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2006-12-15 577536] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496] "Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2006-12-22 554640] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 284184] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 746520] "LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344] "RtHDVCpl"="RtHDVCpl.exe" [2006-11-07 c:\windows\RtHDVCpl.exe] "NDSTray.exe"="NDSTray.exe" [BU] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{51BE8DD0-E921-4C40-9D0C-434FA4998DAB}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{359DF51C-158F-4E27-AEE1-D175B516377C}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "{17FEEC0A-62E4-41F6-8889-D9ADE9BE82A4}"= c:\program files\Skype\Phone\Skype.exe:Skype "TCP Query User{6957BC1C-6FD4-45BD-928F-96AA873D6844}c:\\program files\\gadu-gadu\\gg.exe"= UDP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny "UDP Query User{8F0EE9C8-551D-4D45-86DA-F55253E46BFD}c:\\program files\\gadu-gadu\\gg.exe"= TCP:c:\program files\gadu-gadu\gg.exe:Gadu-Gadu - program główny R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-01-21 114768] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-01-21 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-01-21 51792] R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [2007-01-04 7168] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc . . ------- Skan uzupełniający ------- . IE: {{C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\mtbkdy81.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-27 18:50:37 Windows 6.0.6001 Service Pack 1 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????????s?????? ???X????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-02-27 18:52:44 ComboFix-quarantined-files.txt 2009-02-27 17:52:39 Przed: 16 510 042 112 bajtów wolnych Po: 16,565,334,016 bajtów wolnych 218 --- E O F --- 2009-02-27 06:15:41

- z hijackthis

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:53:56, on 2009-02-27 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?PL (file missing) O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 6775 bytes

**Posty:** 18165 · przez **wojtas** 27 Lut 2009, 20:26

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

Autor postu otrzymał pochwałę

**Posty:** 62 · przez **kris__25** 27 Lut 2009, 22:38

Zrobiłem wszystko po kolei, Dr. Web Curelt wyświetlił, że komp jest czysty tak samo Kaspersky, a to log z FixIEDef:

Kod: Zaznacz wszystko: ******************************************************************************** * * * FixIEDef Log * * Version 1.7.22.7472 * * * ******************************************************************************** Created at 21:30:14 on Friday, February 27, 2009 Time Zone : (GMT+01:00) Sarajewo, Skopie, Warszawa, Zagrzeb Logged On User : User Operating System : Microsoft® Windows Vista™ Home Basic Service Pack 1 OS Architecture : X86 System Langauge : Polish Keyboard Layout : Polish Processor : X86 Genuine Intel(R) CPU T2300 @ 1.66GHz System Drive : C:\ Windows Directory : C:\Windows System Directory : C:\Windows\system32 System Drive Type : Fixed System Drive Status : READY System Drive Label : Vista System Drive Size : 41.55 GB System Drive Free : 15.57 GB Total Physical Memory: 2037 MB Free Physical Memory : 1080 MB Total Page File : 2037 MB Free Page File : 3304 MB Total Virtual Memory : 2048 MB Free Virtual Memory : 1942 MB Boot State : Normal boot -------------------------------------------------------------------------------- !!! userinit.exe is Clean !!! -------------------------------------------------------------------------------- !!! Files that have been deleted !!! No malicious files found -------------------------------------------------------------------------------- !!! Directories that have been removed !!! No malicious directories to be removed -------------------------------------------------------------------------------- !!! Registry entries that have been removed !!! No malicious Registry entries found ================================================================================ All Done :) ShadowPuterDude Safe Surfing!!!

Dodano 28.02.2009 07:23:58:
Dziś laptop odpalil sie normalnie wiec mam nadzieje ze wszystko jest ok, dzieki bardzo za pomoc

**Posty:** 18165 · przez **wojtas** 28 Lut 2009, 09:51

czysto