czy to możliwe (combofix)

**Posty:** 25 · przez **flisek94** 25 Lip 2008, 21:06

Dziś załapałem virusa ANtivirus 2008 xp, który zabrał mi dysk c;/ i d;/ i menadzera zadań, po włączeniu ComboFixa i poczekaniu 10 min wszystko jest chyba ok

czy to możliwe?

**Posty:** 8001 · przez **Okocza** 25 Lip 2008, 21:08

możliwe, wstaw log z combofixa, inaczej nikt Ci nie powie na 100%

**Posty:** 25 · przez **flisek94** 25 Lip 2008, 21:09

Gdzie mogę znaleźć ten log?

**Posty:** 7956 · przez **Magik** 25 Lip 2008, 21:11

flisek94 napisał(a):Gdzie mogę znaleźć ten log?

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz daj loga z hijacka

HJT
http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

**Posty:** 25 · przez **flisek94** 25 Lip 2008, 21:16

HIJACK

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:13, on 2008-07-25 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\LXSUPMON.EXE C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe C:\Program Files\HakerzyNET AntiVirus\HakerzyNET_MAV.exe C:\Program Files\AVerTV\QuickTV.exe C:\Program Files\TechniSat DVB\bin\Server4PC.exe C:\Program Files\irPC\irPC.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Nowe Gadu-Gadu\gg.exe C:\WINDOWS\explorer.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\HakerzyNET AntiVirus\HakerzyNET_Menu.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.1/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O3 - Toolbar: fdkowvbp - {72585F60-1D5F-4B66-8806-53E3973D64B5} - C:\WINDOWS\fdkowvbp.dll (file missing) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.09\RivaTuner.exe" /S O4 - HKLM\..\Run: [lphcngaj0egac] C:\WINDOWS\system32\lphcngaj0egac.exe O4 - HKLM\..\Run: [SMrhcjgaj0egac] C:\Program Files\rhcjgaj0egac\rhcjgaj0egac.exe O4 - HKLM\..\Run: [HakerzyNET MAV] C:\Program Files\HakerzyNET AntiVirus\HakerzyNET_MAV.exe O4 - HKLM\..\Run: [58a815a5] rundll32.exe "C:\WINDOWS\system32\ketseone.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - S-1-5-18 Startup: irPC.lnk = C:\Program Files\irPC\irPC.exe (User 'SYSTEM') O4 - .DEFAULT Startup: irPC.lnk = C:\Program Files\irPC\irPC.exe (User 'Default user') O4 - Startup: irPC.lnk = C:\Program Files\irPC\irPC.exe O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV\QuickTV.exe O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15102/CTPID.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: eqvwamkl - {B04E4AF3-3AEB-4842-8868-B1B11CBC7D8A} - C:\WINDOWS\eqvwamkl.dll (file missing) O21 - SSODL: wnslvxtf - {DC712639-5EA9-4156-971B-1B529CA0B7B5} - C:\WINDOWS\wnslvxtf.dll (file missing) O23 - Service: Harmonogram automatycznej usługi LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 8755 bytes

ComboFix

Kod: Zaznacz wszystko: ComboFix 08-07-24.6 - Przemek 2008-07-25 22:42:26.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.1178 [GMT 4.5:30] Running from: F:\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Przemek\Dane aplikacji\rhcjgaj0egac C:\Documents and Settings\Przemek\Pulpit\Error Cleaner.url C:\Documents and Settings\Przemek\Pulpit\Privacy Protector.url C:\Documents and Settings\Przemek\Pulpit\Spyware&Malware Protection.url C:\Documents and Settings\Przemek\Ulubione\Error Cleaner.url C:\Documents and Settings\Przemek\Ulubione\Privacy Protector.url C:\Documents and Settings\Przemek\Ulubione\Spyware&Malware Protection.url C:\Program Files\rhcjgaj0egac C:\WINDOWS\eqvwamkl.dll C:\WINDOWS\erfn.exe C:\WINDOWS\fdkowvbp.dll C:\WINDOWS\nfavxwdbmfe.dll C:\WINDOWS\privacy_danger C:\WINDOWS\privacy_danger\images\capt.gif C:\WINDOWS\privacy_danger\images\danger.jpg C:\WINDOWS\privacy_danger\images\down.gif C:\WINDOWS\privacy_danger\images\spacer.gif C:\WINDOWS\privacy_danger\index.htm C:\WINDOWS\system32\avi.dll C:\WINDOWS\system32\byhtdyvi.ini C:\WINDOWS\system32\cpuinf32.dll C:\WINDOWS\system32\DivXsm.exe C:\WINDOWS\system32\ff_liba52.dll C:\WINDOWS\system32\ff_libdts.dll C:\WINDOWS\system32\ff_libfaad2.dll C:\WINDOWS\system32\ff_libmad.dll C:\WINDOWS\system32\ff_realaac.dll C:\WINDOWS\system32\ff_samplerate.dll C:\WINDOWS\system32\ff_tremor.dll C:\WINDOWS\system32\ff_unrar.dll C:\WINDOWS\system32\ff_wmv9.dll C:\WINDOWS\system32\iconv.dll C:\WINDOWS\system32\iifgGYQG.dll C:\WINDOWS\system32\libavcodec.dll C:\WINDOWS\system32\libmpeg2_ff.dll C:\WINDOWS\system32\libmplayer.dll C:\WINDOWS\system32\lphcngaj0egac.exe C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mkunicode.dll C:\WINDOWS\system32\mkx.dll C:\WINDOWS\system32\mkzlib.dll C:\WINDOWS\system32\mmfinfo.dll C:\WINDOWS\system32\mp4.dll C:\WINDOWS\system32\mplvpx.dll C:\WINDOWS\system32\ogg.dll C:\WINDOWS\system32\OggDS.dll C:\WINDOWS\system32\ogm.dll C:\WINDOWS\system32\TCJjlRqr.ini C:\WINDOWS\system32\TCJjlRqr.ini2 C:\WINDOWS\system32\ts.dll C:\WINDOWS\system32\vorbis.dll C:\WINDOWS\system32\vorbisenc.dll C:\WINDOWS\system32\WMV9VCM.dll C:\WINDOWS\system32\xvidcore.dll C:\WINDOWS\system32\xxyxWQGw.dll C:\WINDOWS\wnslvxtf.dll . ((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 ))))))))))))))))))))))))))))))) . 2008-07-25 22:47 . 2008-07-25 22:47 294 ---hs---- C:\WINDOWS\system32\byhtdyvi.ini 2008-07-25 22:42 . 2008-07-25 22:42 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS 2008-07-25 22:32 . 2008-07-25 22:32 <DIR> d-------- C:\Program Files\Lavasoft 2008-07-25 22:32 . 2008-07-25 22:32 <DIR> d-------- C:\Documents and Settings\Przemek\Dane aplikacji\Lavasoft 2008-07-25 21:57 . 2008-07-25 22:24 <DIR> d-------- C:\Program Files\HakerzyNET AntiVirus 2008-07-25 21:45 . 2008-07-25 21:45 94,848 --a------ C:\WINDOWS\system32\ivydthyb.dll 2008-07-25 21:44 . 2008-07-25 21:44 323,584 --a------ C:\WINDOWS\system32\rqRljJCT.dll 2008-07-25 21:38 . 2008-07-25 13:41 86,016 --a------ C:\WINDOWS\grswptdl.exe 2008-07-25 21:36 . 2008-07-25 21:36 <DIR> d-------- C:\Program Files\RM Converter 2008-07-25 19:12 . 2008-07-25 19:13 <DIR> d-------- C:\Program Files\Any Video Converter 2008-07-25 19:12 . 2008-07-25 21:16 <DIR> d-------- C:\Documents and Settings\Przemek\Dane aplikacji\Any Video Converter 2008-07-24 15:40 . 2008-07-24 15:40 <DIR> d-------- C:\Downloads 2008-07-20 16:48 . 2008-07-20 16:48 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-18 22:45 . 2008-07-18 22:45 1,374 --a------ C:\WINDOWS\imsins.BAK 2008-07-05 15:13 . 2003-06-12 23:25 7,062 --a------ C:\WINDOWS\system32\audiopid.vxd 2008-07-04 13:20 . 2008-04-14 00:15 32,128 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2008-07-04 13:20 . 2008-04-14 00:15 32,128 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys 2008-07-04 13:19 . 2008-07-04 13:19 <DIR> d-------- C:\Program Files\Sony 2008-07-02 14:46 . 2008-07-02 14:46 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy 2008-07-02 14:40 . 2008-07-25 13:49 <DIR> d-------- C:\Program Files\Nowe Gadu-Gadu 2008-06-30 22:05 . 2008-07-01 19:41 <DIR> d-------- C:\Documents and Settings\Przemek\Dane aplikacji\Nowe Gadu-Gadu 2008-06-27 13:01 . 2008-06-27 13:01 <DIR> d-------- C:\Program Files\Lavalys 2008-06-27 11:50 . 2008-06-27 11:50 <DIR> d-------- C:\Program Files\CCleaner 2008-06-25 12:59 . 2008-06-25 12:59 754 --a------ C:\WINDOWS\WORDPAD.INI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-25 18:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-07-25 18:01 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-07-25 16:46 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Symantec 2008-07-25 15:52 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\teamspeak2 2008-07-25 15:51 --------- d-----w C:\Program Files\Steam 2008-07-24 09:07 --------- d-----w C:\Program Files\NAPI-PROJEKT 2008-07-08 12:50 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\Skype 2008-07-08 12:19 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\skypePM 2008-07-05 12:53 --------- d-----w C:\Program Files\Gadu-Gadu 2008-07-05 10:54 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\Creative 2008-07-05 10:43 --------- d-----w C:\Program Files\Creative 2008-07-05 07:58 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-03 09:00 --------- d-----w C:\Program Files\eMule 2008-07-02 11:25 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\uTorrent 2008-07-02 08:39 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-06-24 08:36 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\U3 2008-06-21 06:33 --------- d-----w C:\Program Files\IrfanView 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-20 09:50 --------- d-----w C:\Program Files\Futuremark 2008-06-19 09:55 --------- d-----w C:\Program Files\Motherboard Monitor 5 2008-06-19 09:03 --------- d-----w C:\Program Files\AVerTV 2008-06-18 11:05 --------- d-----w C:\Program Files\uTorrent 2008-06-18 07:50 --------- d-----w C:\Program Files\Real Alternative 2008-06-18 07:50 --------- d-----w C:\Program Files\Media Player Classic 2008-06-18 07:50 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\Media Player Classic 2008-06-18 07:45 --------- d-----w C:\Program Files\MarBit 2008-06-18 05:49 --------- d-----w C:\Program Files\AGEIA Technologies 2008-06-18 05:48 --------- d-----w C:\Program Files\DAEMON Tools Lite 2008-06-18 05:45 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-06-18 05:45 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\DAEMON Tools 2008-06-17 16:08 --------- d-----w C:\Program Files\Magic Video Converter 2008-06-17 15:47 81,920 ----a-w C:\Documents and Settings\Przemek\Dane aplikacji\ezpinst.exe 2008-06-17 15:47 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys 2008-06-17 15:47 47,360 ----a-w C:\Documents and Settings\Przemek\Dane aplikacji\pcouffin.sys 2008-06-17 15:47 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\Vso 2008-06-16 05:03 --------- d-----w C:\Program Files\TechniSat DVB 2008-06-16 05:03 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Technisat 2008-06-16 05:02 --------- d-----w C:\Program Files\MainConcept 2008-06-16 04:57 462,224 ----a-w C:\WINDOWS\system32\drivers\SkyNetBDA.sys 2008-06-16 04:57 418,832 ----a-w C:\WINDOWS\system32\drivers\SkyNET.sys 2008-06-16 04:40 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2008-06-16 04:38 --------- d-----w C:\Program Files\RivaTuner v2.09 2008-06-15 18:53 --------- d-----w C:\Program Files\irPC 2008-06-15 18:53 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\Elmak 2008-06-15 14:48 22,328 ----a-w C:\Documents and Settings\Przemek\Dane aplikacji\PnkBstrK.sys 2008-06-15 13:02 --------- d-----w C:\Program Files\Skype 2008-06-15 13:02 --------- d-----w C:\Program Files\Common Files\Skype 2008-06-15 13:02 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2008-06-15 10:22 --------- d-----w C:\Program Files\Teamspeak2_RC2 2008-06-15 08:22 --------- d-----w C:\Program Files\SAGEM 2008-06-15 07:51 --------- d-----w C:\Program Files\Intel 2008-06-15 07:49 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\InstallShield 2008-06-15 07:48 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-06-15 07:48 --------- d-----w C:\Program Files\Realtek 2008-06-15 07:47 15,600 ----a-w C:\WINDOWS\gdrv.sys 2008-06-15 07:42 --------- d-----w C:\Program Files\microsoft frontpage 2008-06-15 07:41 --------- d-----w C:\Program Files\MSXML 6.0 2008-06-15 07:41 --------- d-----w C:\Program Files\MSXML 4.0 2008-06-15 07:40 --------- d-----w C:\Program Files\Usługi online 2008-06-15 07:38 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-06-15 07:09 --------- d-----w C:\Program Files\ToniArts 2008-06-15 06:55 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\Gadu-Gadu 2008-06-15 06:50 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Creative 2008-06-15 06:49 --------- d-----w C:\Program Files\Norton Internet Security 2008-06-15 06:46 --------- d-----w C:\Program Files\Winamp 2008-06-15 06:46 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\Winamp 2008-06-15 06:45 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-06-15 06:45 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-06-15 06:45 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-06-15 06:45 --------- d-----w C:\Program Files\Symantec 2008-06-15 06:38 --------- d-----w C:\Program Files\Common Files\Ahead 2008-06-15 06:38 --------- d-----w C:\Program Files\Ahead 2008-06-15 06:30 --------- d--h--w C:\Program Files\Creative Installation Information 2008-06-15 06:29 --------- d-----w C:\Program Files\Common Files\Creative 2008-06-15 06:21 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-06-15 06:17 --------- d-----w C:\Documents and Settings\Przemek\Dane aplikacji\Symantec 2008-06-15 06:16 --------- d-----w C:\Program Files\Windows Sidebar 2008-06-15 06:14 --------- d-----w C:\Program Files\Common Files\Adobe 2008-06-15 06:11 --------- d-----w C:\Program Files\Common Files\TV 2008-06-15 06:11 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-06-14 17:36 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-13 09:44 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys 2008-06-13 09:44 13,093 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat 2008-06-13 09:44 1,611 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf 2008-06-13 09:43 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys 2008-06-13 09:43 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys 2008-06-13 09:43 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys 2008-06-13 09:43 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys 2008-06-13 09:43 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys 2008-06-13 09:43 184,240 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys 2008-06-13 09:43 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{855CF1AA-011B-4357-B5FF-79E1097F5E18}] 2008-07-25 21:44 323584 --a------ C:\WINDOWS\system32\rqRljJCT.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:51 15360] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 14:09 486856] "Nowe Gadu-Gadu"="C:\Program Files\Nowe Gadu-Gadu\gg.exe" [2008-06-27 12:58 8798816] "CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 14:20 401408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-03 05:46 86016] "LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.EXE" [2002-08-15 14:56 886272] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048] "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-25 01:23 714608] "CTCheck"="C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 11:08 397312] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.09\RivaTuner.exe" [2008-04-28 22:55 2707456] "58a815a5"="C:\WINDOWS\system32\ivydthyb.dll" [2008-07-25 21:45 94848] "HakerzyNET MAV"="C:\Program Files\HakerzyNET AntiVirus\HakerzyNET_MAV.exe" [2008-07-25 21:57 829952] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 12:38 16380416 C:\WINDOWS\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 22:51 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] C:\Documents and Settings\Przemek\Menu Start\Programy\Autostart\ irPC.lnk - C:\Program Files\irPC\irPC.exe [2005-12-30 11:45:02 107520] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ QuickTV.lnk - C:\Program Files\AVerTV\QuickTV.exe [2005-08-30 20:04:30 405504] Server4PC.lnk - C:\Program Files\TechniSat DVB\bin\Server4PC.exe [2008-06-16 09:33:01 338448] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i263_32.drv [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\PnkBstrA.exe"= "C:\\WINDOWS\\system32\\PnkBstrB.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "F:\\Gry\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"= "F:\\Gry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 CX88XBAR;AVerMedia, AVerTV Crossbar (88x);C:\WINDOWS\system32\drivers\CX88XBAR.sys [2005-12-09 14:16] R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 11:02] R3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-04-01 19:46] S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32] S3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2008-06-16 09:27] S3 SkyNetBDA;TechniSat DVB-PC TV Star PCI (BDA);C:\WINDOWS\system32\DRIVERS\SkyNetBDA.sys [2008-06-16 09:27] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ce9fdb6-4100-11dd-bbd4-00d0d70ec3d1}] \Shell\AutoRun\command - I:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a89ae3ef-3abc-11dd-a5db-806d6172696f}] \Shell\AutoRun\command - G:\Run.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e553dfb2-4cf8-11dd-bbf8-001d7d9f1ecc}] \shell\open\command - %SystemRoot%\Explorer.exe /idlist,%I,%L *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2008-07-21 19:08:45 C:\WINDOWS\Tasks\Norton Internet Security - Uruchom pełne skanowanie systemu - Przemek.job"

**Posty:** 8001 · przez **Okocza** 25 Lip 2008, 21:19

Kod: Zaznacz wszystko: O3 - Toolbar: fdkowvbp - {72585F60-1D5F-4B66-8806-53E3973D64B5} - C:\WINDOWS\fdkowvbp.dll (file missing) O4 - HKLM\..\Run: [lphcngaj0egac] C:\WINDOWS\system32\lphcngaj0egac.exe O4 - HKLM\..\Run: [SMrhcjgaj0egac] C:\Program Files\rhcjgaj0egac\rhcjgaj0egac.exe O4 - HKLM\..\Run: [58a815a5] rundll32.exe "C:\WINDOWS\system32\ketseone.dll",b O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA LOKALNA') O21 - SSODL: eqvwamkl - {B04E4AF3-3AEB-4842-8868-B1B11CBC7D8A} - C:\WINDOWS\eqvwamkl.dll (file missing) O21 - SSODL: wnslvxtf - {DC712639-5EA9-4156-971B-1B529CA0B7B5} - C:\WINDOWS\wnslvxtf.dll (file missing)

to na fix w hj

wklej w notatnik:

Kod: Zaznacz wszystko: File:: C:\WINDOWS\system32\byhtdyvi.ini C:\WINDOWS\system32\ivydthyb.dll C:\WINDOWS\system32\rqRljJCT.dll C:\WINDOWS\grswptdl.exe Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ce9fdb6-4100-11dd-bbd4-00d0d70ec3d1}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a89ae3ef-3abc-11dd-a5db-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e553dfb2-4cf8-11dd-bbf8-001d7d9f1ecc}]

to zapisz jako CFScript i przeciagnij na ikonce Combofix.exe

**Posty:** 7956 · przez **Magik** 25 Lip 2008, 21:21

do tego Sdfix :!:

+
http://forum.programosy.pl/program-szukajacy-trojanow-i-malware-vt97108.html

wklej do notatnika

Kod: Zaznacz wszystko: FILE:: C:\WINDOWS\system32\ivydthyb.dll C:\WINDOWS\system32\rqRljJCT.dll C:\WINDOWS\grswptdl.exe

zapisz jako CFScript.txt, przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe

wkelj do notatnika

Kod: Zaznacz wszystko: Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ce9fdb6-4100-11dd-bbd4-00d0d70ec3d1}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a89ae3ef-3abc-11dd-a5db-806d6172696f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e553dfb2-4cf8-11dd-bbf8-001d7d9f1ecc}]

zapisz jako fix.reg i odpal

**Posty:** 25 · przez **flisek94** 25 Lip 2008, 21:35

Kod: Zaznacz wszystko: ******************************************************************************** * * * FixIEDef Log * * Version 1.5.2.6023 * * * ******************************************************************************** Created at 21:30:33 on Friday, July 25, 2008 Time Zone : Logged On User : Przemek Operating System : Microsoft Windows XP Professional Dodatek Service Pack 3 OS Version : 5.1.2600 System Langauge : Polish Keyboard Layout : Polish Processor : X86 Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz System Drive : C:\ Windows Directory : C:\WINDOWS System Directory : C:\WINDOWS\system32 Total Physical Memory : 2095532 KB Free Physical Memory : 1611620 KB Total Virtual Memory : 2097024 KB Free Virtual Memory : 2013784 KB Boot State : Normal boot -------------------------------------------------------------------------------- !!! Files that have been deleted !!! No malicious files found -------------------------------------------------------------------------------- !!! Directories that have been removed !!! No malicious directories to be removed -------------------------------------------------------------------------------- !!! Registry entries that have been removed !!! No malicious Registry entries found ================================================================================ All Done :) ShadowPuterDude Safe Surfing!!!

To z FixIEDef

**Posty:** 8001 · przez **Okocza** 25 Lip 2008, 21:36

jest ok - wykonaj to co dalem w poprzednim poscie

**Posty:** 25 · przez **flisek94** 25 Lip 2008, 21:52

Kod: Zaznacz wszystko: [b]SDFix: Version 1.208 [/b] Run by Przemek on 2008-07-25 at 21:38 Microsoft Windows XP [Wersja 5.1.2600] Running From: C:\SDFix [b]Checking Services [/b]: Restoring Default Security Values Restoring Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value Rebooting [b]Checking Files [/b]: Trojan Files Found: C:\Documents and Settings\Przemek\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted Folder C:\Documents and Settings\Przemek\Dane aplikacji\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed Removing Temp Files [b]ADS Check [/b]: [b]Final Check [/b]: catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-25 21:42:26 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:56,6e,43,73,42,f6,8a,90,f2,62,0b,ef,e8,2c,48,ce,80,1f,2d,93,9b,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,c2,cb,14,8d,fa,15,f8,8d,de,21,b3,f6,e2,0f,bc,6d,74,.. "khjeh"=hex:71,a9,d2,bf,b6,f0,d4,e2,6f,2b,d3,bd,52,bf,8c,d2,b7,11,98,ea,df,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:f2,88,dd,07,16,d9,91,c1,00,83,3d,03,9a,f8,42,d2,f0,4c,f1,aa,45,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools Lite\" "h0"=dword:00000000 "khjeh"=hex:56,6e,43,73,42,f6,8a,90,f2,62,0b,ef,e8,2c,48,ce,80,1f,2d,93,9b,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,c2,cb,14,8d,fa,15,f8,8d,de,21,b3,f6,e2,0f,bc,6d,74,.. "khjeh"=hex:71,a9,d2,bf,b6,f0,d4,e2,6f,2b,d3,bd,52,bf,8c,d2,b7,11,98,ea,df,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:f2,88,dd,07,16,d9,91,c1,00,83,3d,03,9a,f8,42,d2,f0,4c,f1,aa,45,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "DeviceNotSelectedTimeout"="15" "GDIProcessHandleQuota"=dword:00002710 "Spooler"="yes" "swapdisk"="" "TransmissionRetryTimeout"="90" "USERProcessHandleQuota"=dword:00002710 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 [b]Remaining Services [/b]: Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:uTorrent" "F:\\Gry\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"="F:\\Gry\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe:*:Enabled:Medal of Honor Airborne" "F:\\Gry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="F:\\Gry\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) " "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [b]Remaining Files [/b]: File Backups: - C:\SDFix\backups\backups.zip [b]Files with Hidden Attributes [/b]: Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg" Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg" Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\Przemek\Dane aplikacji\U3\temp\Launchpad Removal.exe" Mon 9 Feb 1998 29,952 A..H. --- "C:\Documents and Settings\Przemek\Moje dokumenty\TVSAT2\TVSAT2\borlndmm.dll" Mon 9 Feb 1998 996,872 A..H. --- "C:\Documents and Settings\Przemek\Moje dokumenty\TVSAT2\TVSAT2\cp3240mt.dll" [b]Finished![/b]

SDFix
emo Magik zrobiłem wszystko co powiedziałeś

**Posty:** 8001 · przez **Okocza** 25 Lip 2008, 21:57

Wykonaj to co jest podane w tym temacie

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Przeskanuj komputer pod względem Trojanów tym programem
6. Wstaw na forum screen z zakładki uruchamianie (start – uruchom – msconfig – uruchamianie) może uda się cos wyrzucic stamtąd.

**Posty:** 25 · przez **flisek94** 25 Lip 2008, 22:40

**Posty:** 7956 · przez **Magik** 25 Lip 2008, 22:43

reader

Ctcheck

BTW, antywirus hakrzy net i Symantec'a?? masz 2 av??--->ino chyzio wywalaj jednego

**Posty:** 25 · przez **flisek94** 25 Lip 2008, 22:47

OK już, a tak poza tym wszystko ok?

**Posty:** 8001 · przez **Okocza** 25 Lip 2008, 22:48

tak, czysto

**Posty:** 7956 · przez **Magik** 25 Lip 2008, 22:48

flisek94 napisał(a):OK już, a tak poza tym wszystko ok?

zostaw ten Symantec'a

zmien przegladarke z IE na Firefox'a lub Opere

flisek94 napisał(a):poza tym wszystko ok?

tak

**Posty:** 25 · przez **flisek94** 25 Lip 2008, 22:49

Dzięki chłopaki za szybką i co najważniejsze skuteczną pomoc

Pozdrowienia dla was

**Posty:** 3854 · przez **Dzi@dek** 26 Lip 2008, 02:12

Do kompletu przeczyść rejestr :
http://www.programosy.pl/program,tweaknow-regcleaner.html

czy to możliwe (combofix)

Czy to możliwe (ComboFix)

Kto jest na forum