błąd z aplikacją iexplore.exe - prosze o sprawdzenie

dobry dzien wszystkim aktualnie jak i nie aktualnie przesiadującym na forum. dzis od okolo chyba 18 po odpaleniu przeglądarki wyskakuje mi ze wystąpił błąd z aplikacją iexplore.exe i zostanie ona zamknięta po czym przeglądarka sie zamyka, gdy chce otworzyc to to samo z tym błędem. przeskanowałem a-squared free i odpalilem tez program od rejestru i nic powaznego nie bylo, nizej podaje log z hijacka:

Kod:: Logfile of HijackThis v1.99.1 Scan saved at 19:50:11, on 2008-05-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Eset\nod32kui.exe C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe c:\program files\a-squared free\a2service.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Advanced Registry Doctor\RegManServ.exe C:\WINDOWS\system32\svchost.exe D:\Takie tam\Gadu-Gadu\gg.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Takie tam\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [SpeedX] C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe O4 - HKCU\..\Run: [Gadu-Gadu] "D:\Takie tam\Gadu-Gadu\gg.exe" /tray O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - http://mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176114378140 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe

baaardzo prosze o sprawdzenie czy cos siedzi czy też nie, z gory dziękuje za poświęcenie chwilki na ten temat

Dołączenie: 21 Mar 2008, 10:07

Log czysty

Pokaż log z Combofix

i log z ComboFix wykonany, co dziwne odrazu po odpaleniu programu, wyskoczył mi nod z wirusem który znajduje sie w temp\Av-test.txt wirus - Eicar zbiót testowy. ale czy to napewno wirus???. nizej podaje wynik:

Kod:: ComboFix 08-05-15.2 - Lukasz 2008-05-16 8:46:00.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.251 [GMT 2:00] Running from: C:\Documents and Settings\Lukasz\Pulpit\ComboFix.exe * Created a new restore point * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 ))))))))))))))))))))))))))))))) . 2008-05-08 20:34 . 2008-05-08 20:34 502,208 --a------ C:\WINDOWS\system32\drivers\amon.sys 2008-05-08 20:34 . 2008-05-08 20:34 270,336 --a------ C:\WINDOWS\system32\imon.dll 2008-04-21 15:55 . 2008-04-23 12:44 <DIR> d-------- C:\Program Files\AoA Audio Extractor 2008-04-21 15:33 . 2008-04-21 15:33 <DIR> d-------- C:\Program Files\Smallvideosoft 2008-04-21 15:33 . 2007-03-01 04:18 4,762,112 --a------ C:\WINDOWS\system32\NCMedia.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-16 06:46 --------- d-----w C:\Program Files\ESET 2008-05-15 12:11 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2008-05-12 20:44 --------- d-----w C:\Program Files\a-squared Free 2008-04-27 14:21 --------- d-----w C:\Program Files\Winamp 2008-04-22 05:19 --------- d-----w C:\Program Files\Audacity 2008-04-13 15:24 --------- d-----w C:\Program Files\Ligos 2008-04-13 06:54 0 ----a-r C:\logwmemory.bin 2008-04-12 17:21 --------- d-----w C:\Program Files\Diskeeper Corporation 2008-04-12 17:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Diskeeper Corporation 2008-04-09 20:36 --------- d-----w C:\Program Files\SkanerOnline 2008-03-29 08:36 --------- d-----w C:\Program Files\Project IGI 2008-03-29 08:32 --------- d-----w C:\Program Files\PowerISO 2008-03-25 08:05 --------- d-----w C:\Program Files\EsetOnlineScanner 2007-11-18 16:01 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2007-02-09 18:32 94,080 ----a-w C:\Documents and Settings\Lukasz\Dane aplikacji\ezplay.sys 2007-02-09 18:32 87,608 ----a-w C:\Documents and Settings\Lukasz\Dane aplikacji\ezpinst.exe 2007-02-09 18:32 47,360 ----a-w C:\Documents and Settings\Lukasz\Dane aplikacji\pcouffin.sys 2006-12-31 07:32 88 --sh--r C:\WINDOWS\system32\4751A5B21F.sys 2006-12-31 07:32 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2007-12-22_ 7.51.11.31 ))))))))))))))))))))))))))))))))))))))))) . + 2008-05-16 06:32:06 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE + 2000-08-31 06:00:00 73,728 ----a-w C:\WINDOWS\fdsv.exe + 2000-08-31 06:00:00 80,412 ----a-w C:\WINDOWS\grep.exe + 2008-03-31 18:28:06 65,536 ----a-r C:\WINDOWS\Installer\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}\ARPPRODUCTICON.exe + 2008-03-31 18:28:08 65,536 ----a-r C:\WINDOWS\Installer\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}\NewShortcut1_E3A4979EE8C048379F3D271B50BA9E7C.exe + 2008-03-31 18:28:08 65,536 ----a-r C:\WINDOWS\Installer\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}\NewShortcut2_E3A4979EE8C048379F3D271B50BA9E7C.exe + 2008-03-31 18:28:08 65,536 ----a-r C:\WINDOWS\Installer\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}\NewShortcut4_E3A4979EE8C048379F3D271B50BA9E7C.exe + 2008-04-12 17:21:16 22,486 ----a-r C:\WINDOWS\Installer\{8D94D4CF-A310-4C3D-AEC2-A871A184FFFA}\ARPPRODUCTICON.exe + 2008-04-12 17:21:16 65,536 ----a-r C:\WINDOWS\Installer\{8D94D4CF-A310-4C3D-AEC2-A871A184FFFA}\DiskeeperShortcut.exe + 1998-10-29 17:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe + 2007-03-24 18:03:34 2,938 ----a-w C:\WINDOWS\mozver.dat + 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe + 2006-07-18 08:57:36 2,426 ----a-w C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin + 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe + 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe + 2000-08-31 06:00:00 136,704 ----a-w C:\WINDOWS\swsc.exe + 2000-08-31 06:00:00 212,480 ----a-w C:\WINDOWS\swxcacls.exe + 2001-08-17 19:36:34 2,000 ----a-w C:\WINDOWS\system\KEYBOARD.DRV + 2001-10-26 13:45:18 73,616 ----a-w C:\WINDOWS\system\MCIAVI.DRV + 2001-10-26 13:45:18 25,296 ----a-w C:\WINDOWS\system\MCISEQ.DRV + 2001-10-26 13:45:18 28,160 ----a-w C:\WINDOWS\system\MCIWAVE.DRV + 2001-08-17 19:36:40 2,032 ----a-w C:\WINDOWS\system\MOUSE.DRV + 2001-08-17 19:36:36 1,744 ----a-w C:\WINDOWS\system\SOUND.DRV + 2001-08-17 19:36:30 3,360 ----a-w C:\WINDOWS\system\SYSTEM.DRV + 2001-10-26 14:51:12 4,096 ----a-w C:\WINDOWS\system\TIMER.DRV + 2001-08-17 19:36:40 2,176 ----a-w C:\WINDOWS\system\VGA.DRV + 2001-08-17 19:36:54 13,600 ----a-w C:\WINDOWS\system\WFWNET.DRV + 2004-08-03 22:44:32 146,432 ----a-w C:\WINDOWS\system\WINSPOOL.DRV + 2001-08-17 19:36:36 10,544 ----a-w C:\WINDOWS\system32\comm.drv + 2004-08-03 22:56:48 1,788 ----a-w C:\WINDOWS\system32\Dcache.bin + 2001-08-17 19:36:34 2,000 -c--a-w C:\WINDOWS\system32\dllcache\keyboard.drv + 2001-10-26 15:27:00 2,560 -c--a-w C:\WINDOWS\system32\dllcache\lz32.dll + 2001-10-26 13:45:18 73,616 -c--a-w C:\WINDOWS\system32\dllcache\mciavi.drv + 2001-10-26 13:45:18 25,296 -c--a-w C:\WINDOWS\system32\dllcache\mciseq.drv + 2001-10-26 13:45:18 28,160 -c--a-w C:\WINDOWS\system32\dllcache\mciwave.drv + 2001-08-17 19:36:40 2,032 -c--a-w C:\WINDOWS\system32\dllcache\mouse.drv + 2001-08-17 19:47:40 2,944 -c--a-w C:\WINDOWS\system32\dllcache\null.sys + 2001-08-17 19:36:36 1,744 -c--a-w C:\WINDOWS\system32\dllcache\sound.drv + 2001-08-17 19:36:30 3,360 -c--a-w C:\WINDOWS\system32\dllcache\system.drv + 2001-10-26 14:51:12 4,096 -c--a-w C:\WINDOWS\system32\dllcache\timer.drv + 2004-08-03 21:58:46 15,104 -c--a-w C:\WINDOWS\system32\dllcache\usbscan.sys + 2001-08-17 19:36:40 2,176 -c--a-w C:\WINDOWS\system32\dllcache\vga.drv + 2001-08-17 19:36:54 13,600 -c--a-w C:\WINDOWS\system32\dllcache\wfwnet.drv + 2001-08-17 19:36:46 2,864 -c--a-w C:\WINDOWS\system32\dllcache\winsock.dll + 2004-08-03 22:44:32 146,432 -c--a-w C:\WINDOWS\system32\dllcache\winspool.drv + 2001-08-17 19:36:40 2,112 -c--a-w C:\WINDOWS\system32\dllcache\winspool.exe + 2001-08-17 19:36:52 2,736 -c--a-w C:\WINDOWS\system32\dllcache\wowdeb.exe + 2004-08-03 23:07:58 2,944 ----a-w C:\WINDOWS\system32\drivers\drmkaud.sys + 2001-08-17 22:00:04 2,944 ----a-w C:\WINDOWS\system32\drivers\msmpu401.sys + 2001-08-17 19:47:40 2,944 ----a-w C:\WINDOWS\system32\drivers\null.sys + 2004-04-01 15:30:46 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys + 2008-03-14 06:04:29 46,652 ----a-w C:\WINDOWS\system32\drivers\scdemu.sys + 2004-08-03 21:58:46 15,104 ----a-w C:\WINDOWS\system32\drivers\usbscan.sys + 2000-06-23 12:05:44 136,704 ----a-w C:\WINDOWS\system32\iacenc.dll - 2001-10-26 15:29:32 199,168 ----a-w C:\WINDOWS\system32\ir32_32.dll + 2000-06-26 09:57:16 202,240 ----a-w C:\WINDOWS\system32\ir32_32.dll - 2004-08-03 22:44:02 755,200 ----a-w C:\WINDOWS\system32\ir50_32.dll + 2000-06-23 08:36:48 745,984 ----a-w C:\WINDOWS\system32\ir50_32.dll + 2000-06-22 11:09:24 56,320 ------w C:\WINDOWS\system32\iyvu9_32.dll + 2001-08-17 19:36:34 2,000 ----a-w C:\WINDOWS\system32\keyboard.drv + 2001-10-26 13:45:18 223,680 ----a-w C:\WINDOWS\system32\lanman.drv + 2007-07-27 13:49:02 196,683 ----a-w C:\WINDOWS\system32\lnod32apiA.dll + 2007-07-27 13:49:02 225,355 ----a-w C:\WINDOWS\system32\lnod32apiW.dll + 2005-12-05 18:25:22 139,264 ----a-w C:\WINDOWS\system32\lnod32umc.dll + 2005-12-05 11:37:10 106,496 ----a-w C:\WINDOWS\system32\lnod32upd.dll + 2001-10-26 15:27:00 2,560 ----a-w C:\WINDOWS\system32\lz32.dll + 2001-10-26 13:45:18 73,616 ----a-w C:\WINDOWS\system32\mciavi.drv + 2001-10-26 13:45:18 25,296 ----a-w C:\WINDOWS\system32\mciseq.drv + 2001-10-26 13:45:18 28,160 ----a-w C:\WINDOWS\system32\mciwave.drv + 2001-08-17 19:36:40 2,032 ----a-w C:\WINDOWS\system32\mouse.drv + 2001-10-26 15:30:08 20,992 ----a-w C:\WINDOWS\system32\msacm32.drv + 2004-08-03 22:44:32 188,416 ----a-w C:\WINDOWS\system32\msh261.drv + 2004-08-03 22:44:32 294,912 ----a-w C:\WINDOWS\system32\msh263.drv + 2001-08-17 19:13:24 2,656 ----a-w C:\WINDOWS\system32\netware.drv + 2008-02-11 08:39:26 253,952 ----a-w C:\WINDOWS\system32\OnlineScannerDLLA.dll + 2008-02-11 08:39:18 237,568 ----a-w C:\WINDOWS\system32\OnlineScannerDLLW.dll + 2008-02-08 12:53:46 110,592 ----a-w C:\WINDOWS\system32\OnlineScannerLang.dll + 2008-02-05 07:48:04 77,824 ----a-w C:\WINDOWS\system32\OnlineScannerUninstaller.exe - 2007-10-28 05:45:49 59,440 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-03-30 07:08:54 59,440 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-10-28 05:45:49 75,486 ----a-w C:\WINDOWS\system32\perfc015.dat + 2008-03-30 07:08:54 75,486 ----a-w C:\WINDOWS\system32\perfc015.dat - 2007-10-28 05:45:49 395,200 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-03-30 07:08:54 395,200 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-10-28 05:45:49 451,220 ----a-w C:\WINDOWS\system32\perfh015.dat + 2008-03-30 07:08:54 451,220 ----a-w C:\WINDOWS\system32\perfh015.dat + 2001-10-26 16:29:42 5,632 ----a-w C:\WINDOWS\system32\ptpusb.dll + 2004-08-03 23:44:10 159,232 ----a-w C:\WINDOWS\system32\ptpusd.dll + 2001-08-17 19:36:36 1,744 ----a-w C:\WINDOWS\system32\sound.drv + 2007-02-10 11:17:42 1,985 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp3 Blade Codec.dat + 2007-02-10 10:20:07 2,074 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP mp3PRO Input Codec.dat + 2007-04-20 09:37:29 1,578 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat + 2007-02-10 10:43:53 2,141 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Ogg Vorbis Codec.dat + 2007-02-10 10:46:04 2,181 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9 Codec.dat + 2007-02-10 10:23:42 2,467 ----a-w C:\WINDOWS\system32\SpoonUninstall-dMC mp3PRO (CLI) Encoder.dat + 2007-01-30 11:41:36 2,368 ----a-w C:\WINDOWS\system32\STEC3.sys + 2001-08-17 19:36:30 3,360 ----a-w C:\WINDOWS\system32\system.drv + 2001-10-26 14:51:12 4,096 ----a-w C:\WINDOWS\system32\timer.drv + 2001-08-17 19:36:40 2,176 ----a-w C:\WINDOWS\system32\vga.drv + 2003-12-22 07:20:26 2,272 ----a-w C:\WINDOWS\system32\W95INF16.DLL + 2004-08-03 22:54:52 23,552 ----a-w C:\WINDOWS\system32\wdmaud(2).drv + 2004-08-03 22:54:52 23,552 ----a-w C:\WINDOWS\system32\wdmaud.drv + 2001-08-17 19:36:54 13,600 ----a-w C:\WINDOWS\system32\wfwnet.drv + 2001-08-17 19:36:46 2,864 ----a-w C:\WINDOWS\system32\winsock.dll + 2004-08-03 22:44:32 146,432 ----a-w C:\WINDOWS\system32\winspool.drv + 2001-08-17 19:36:40 2,112 ----a-w C:\WINDOWS\system32\winspool.exe + 2001-08-17 19:36:52 2,736 ----a-w C:\WINDOWS\system32\wowdeb.exe + 2008-05-16 06:32:25 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_264.dat + 2000-08-31 06:00:00 49,152 ----a-w C:\WINDOWS\VFind.exe + 2000-08-31 06:00:00 68,096 ----a-w C:\WINDOWS\zip.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ----a-w 155,648 2001-07-09 09:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe ----a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\NeroCheck.exe ----a-w 65,664 2003-01-15 12:48:10 D:\Gry\Colin McRae Rally 3\Data\Boot\English\Bak\Copy001.dds ----a-w 65,664 2003-06-13 20:57:02 D:\Gry\Colin McRae Rally 3\Data\Boot\English\Copy001.dds ----a-w 65,664 2003-01-15 12:48:10 D:\Gry\Colin McRae Rally 3\Data\Boot\English\Bak\Copy002.dds ----a-w 65,664 2003-06-13 20:57:06 D:\Gry\Colin McRae Rally 3\Data\Boot\English\Copy002.dds ----a-w 65,664 2003-01-15 12:48:10 D:\Gry\Colin McRae Rally 3\Data\Boot\English\Bak\Copy003.dds ----a-w 65,664 2003-06-13 20:57:12 D:\Gry\Colin McRae Rally 3\Data\Boot\English\Copy003.dds ----a-w 80 2003-01-15 12:48:12 D:\Gry\Colin McRae Rally 3\Data\Boot\English\Bak\vssver.scc ----a-w 96 2003-01-15 12:48:10 D:\Gry\Colin McRae Rally 3\Data\Boot\English\vssver.scc . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpeedX"="C:\PROGRA~1\MyPortal\Speed-X\SpeedX.exe" [2006-06-27 14:11 46718] "Gadu-Gadu"="D:\Takie tam\Gadu-Gadu\gg.exe" [2005-03-31 11:18 790528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-03-15 01:50 233472] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-08 20:34 917504] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run] "{2861E568-0686-1045-0729-040505030030}"= "C:\Program Files\Spybot - Search & Destroy\Update.exe" mc-110-12-0000272 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= DivXa32.acm "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MkS_Scan\Service] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\IVT BlueSoleil\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bdbh] --a------ 2004-08-04 00:44 515072 C:\WINDOWS\system32\logonui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Firewall auto setup] C:\DOCUME~1\Lukasz\USTAWI~1\Temp\winlogon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu] --a------ 2005-03-31 11:18 790528 D:\Takie tam\Gadu-Gadu\gg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-08-04 00:55 1667584 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray] --a------ 2004-06-03 20:51 131072 C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDfrgSch] --a------ 2006-06-11 13:57 569344 C:\Program Files\Advanced Registry Doctor\RegDfrgSch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2006-05-03 02:56 36975 C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TClock.exe] C:\Program Files\TClock\tclock_install.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a------ 2006-09-07 19:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2006-12-24 17:11 33792 C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\BearShare\\BearShare.exe"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "D:\\Takie tam\\Gadu-Gadu\\gg.exe"= "D:\\Gry\\NovaLogic\\Delta Force Xtreme\\dfx.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= S0 FO_PAnt;FotoOffice VirtualDisc Driver;C:\WINDOWS\system32\Drivers\FO_PAnt.sys [] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae8eac64-2adb-11dc-840b-00006cbd6e65}] \Shell\AutoRun\command - G:\EXPLORER.EXE \Shell\explore\Command - G:\EXPLORER.EXE \Shell\open\Command - G:\EXPLORER.EXE . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-16 08:48:23 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\Eset\pr_imon.dll . Completion time: 2008-05-16 8:51:00 ComboFix-quarantined-files.txt 2008-05-16 06:50:32 Pre-Run: 1,115,639,808 bajtów wolnych Post-Run: 1,105,321,984 bajtów wolnych 254

Dołączenie: 21 Mar 2008, 10:07

Do wyleczenia pendrive z wirusów użyj
Perlovga Removal Tool
Flash Disinfector
lub format

otwórz notatnik i wklej

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Z menu Notatnika

Plik

Zapisz jako

Zmień rozszerzenie z .txt na wszystkie pliki

zapisz pod nazwą Fix.reg

Uruchom ten plik, uruchom ponownie komputer

To nie jest wirus, tylko fragment kodu wirusa który ma symulować wirusa

jak zawsze można na tym forum na kogoś liczyć... baaardzo dziękuje za pomoc. i jeszcze małe pytanie - od czego tak sie zrobilo i jak w przyszlości ominąc ten problem?

Dołączenie: 21 Mar 2008, 10:07

To była infekcja z pendrive, wyczyść pendrive z wirusów narzędziami które podałem

a myslalem ze jeszcze cos jest nie tak

dobrze wiec zrobie jak pisales. jeszcze raz dziękuje

błąd z aplikacją iexplore.exe - prosze o sprawdzenie

Regulamin forum

błąd z aplikacją iexplore.exe - prosze o sprawdzenie