witam,
temat jest zgoła prosty i już raz z nim sobie poradziłem, ale pojawił sie na nowo, tyle że tym razem jest nie do pokonania.
a to czemu:
-wykasowałem Iconcache.db (nie pomogło)
- zainstalowałem Tweak UI i odnowiłem ikony (nie pomogło)
- zmieniłem rozdzielczość ekranu w panelu (nie pomogło)
i jeszcze kilka innych zdesperowanych sposobów, co mam zrobić?
to log z combo fix:
ComboFix 11-01-15.01 - Grzesiek 2011-01-16 11:15:19.13.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.2038.1560 [GMT 1:00]
Uruchomiony z: C:\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 110115-1] *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Utworzono nowy punkt przywracania
.
((((((((((((((((((((((((( Pliki utworzone od 2010-12-16 do 2011-01-16 )))))))))))))))))))))))))))))))
.
2011-01-06 17:02 . 2011-01-06 17:27 737280 ----a-w- c:\windows\iun6002.exe
2011-01-06 17:02 . 2011-01-06 18:22 -------- d-----w- c:\program files\Tweak-XP Pro 4
2011-01-06 12:36 . 2003-06-25 15:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2011-01-05 13:29 . 1999-11-18 01:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2011-01-05 13:29 . 1999-12-13 01:01 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2011-01-04 18:22 . 2003-11-11 10:08 77824 ------w- c:\windows\system32\ctdvda32.dll
2011-01-04 18:13 . 2011-01-04 18:13 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-03 20:12 . 2011-01-03 20:12 -------- d-----w- c:\documents and settings\Grzesiek\Dane aplikacji\MSN6
2011-01-03 20:12 . 2011-01-03 20:12 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\MSN6
2010-12-21 11:41 . 2010-12-21 11:41 -------- d-----w- c:\documents and settings\Grzesiek\Dane aplikacji\Uniblue
2010-12-18 23:39 . 2010-12-21 13:58 -------- d-----w- c:\program files\All in One Converter
2010-12-17 16:31 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-12-17 16:31 . 2008-09-24 19:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-12-17 16:31 . 2010-01-17 16:18 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-12-17 16:31 . 2010-12-07 18:40 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2010-12-17 16:31 . 2010-12-07 18:22 810496 ----a-w- c:\windows\system32\xvidcore.dll
2010-12-17 16:31 . 2010-11-03 19:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2010-12-17 16:31 . 2010-12-11 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-12-17 16:31 . 2010-12-17 16:32 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-12-17 16:05 . 2010-12-17 16:13 -------- d-----w- c:\program files\WinAVI MP4 Converter
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-16 10:12 . 2010-08-22 17:19 4155240 ----a-r- C:\ComboFix.exe
2011-01-04 18:39 . 2008-09-09 22:13 81920 ----a-w- c:\windows\system32\OpenAL32.dll
2011-01-04 18:39 . 2008-09-09 22:13 221184 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-11 11:55 . 2010-11-11 11:55 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2010-11-11 11:55 . 2010-11-11 11:54 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
------- Sigcheck -------
[-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\aec.sys
[-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[-] 2008-04-13 21:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
[7] 2004-08-03 21:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\ServicePackFiles\i386\aec.sys
.
((((((((((((((((((((((((((((( SnapShot_2011-01-05_12.29.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-16 10:20 . 2011-01-16 10:20 32768 c:\windows\TEMP\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-16 10:07 . 2011-01-16 10:07 16384 c:\windows\TEMP\Perflib_Perfdata_a8.dat
+ 2011-01-16 10:09 . 2011-01-16 10:09 16384 c:\windows\TEMP\Perflib_Perfdata_7d8.dat
+ 2011-01-16 10:20 . 2011-01-16 10:20 32768 c:\windows\TEMP\Historia\History.IE5\index.dat
+ 2011-01-16 10:20 . 2011-01-16 10:20 16384 c:\windows\TEMP\Cookies\index.dat
+ 2011-01-06 17:28 . 2011-01-06 17:30 14848 c:\windows\system32\BASSMOD.dll
+ 2005-12-20 13:41 . 2004-04-08 10:50 360960 c:\windows\system32\txp4lib.dll
- 2000-04-03 18:05 . 2000-04-03 18:05 118784 c:\windows\system32\msstdfmt.dll
+ 2005-12-20 13:41 . 2000-04-03 18:05 118784 c:\windows\system32\msstdfmt.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-10-07 323392]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 45056]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"CTHelper"="CTHELPER.EXE" [2005-02-17 14848]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-11-19 583016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-20 198160]
"CTDVDDET"="c:\program files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"CTSysVol"="c:\program files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTFeatureModeUtility"="c:\program files\Creative\Sound Blaster Audigy 2\Feature Mode Utility\CTModUtl.exe" [2005-01-10 81920]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-01-27 45056]
[HKLM\~\startupfolder\C:^Documents and Settings^Grzesiek^Menu Start^Programy^Autostart^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Grzesiek\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ChomikBox\\ChomikBox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Gadu-Gadu 10\\gg.exe"=
"c:\\Program Files\\Sony\\Media Manager for WALKMAN\\MediaManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-05-07 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-05-07 20560]
S2 gupdate1c9d2497c091d6c;Google Update Service (gupdate1c9d2497c091d6c);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 133104]
S2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe --> c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [?]
S3 CTMSFSYN;Creative SoundFont Synth;c:\windows\system32\drivers\CTMSFSYN.SYS [2005-01-31 159104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2008-12-21 717296]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Zawartość folderu 'Zaplanowane zadania'
2011-01-16 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]
2010-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2011-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 15:02]
2011-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 15:02]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://start.facemoods.com/?a=ost
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Grzesiek\Dane aplikacji\Mozilla\Firefox\Profiles\mx6e9oel.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - ShareMiner.com
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=ost&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Add to Search Bar: add-to-searchbox@maltekraus.de - %profile%\extensions\add-to-searchbox@maltekraus.de
FF - Ext: Google Shortcuts: {5C46D283-ABDE-4dce-B83C-08881401921C} - %profile%\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-16 11:21
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
[HKEY_USERS\S-1-5-21-1993962763-2052111302-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4ED07971-D6B4-3004-B5E4-CE2E55FE6343}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iajdkmeipopagejblb"=hex:6b,61,66,6f,68,69,6e,6c,62,6e,67,61,66,68,69,62,67,69,
66,70,6c,69,00,00
"hadeapfpndghednp"=hex:6b,61,66,6f,68,69,6e,6c,62,6e,67,61,66,68,69,62,67,69,
66,70,6c,69,00,00
"gaiepjdgpgepdd"=hex:61,63,68,6f,62,6a,6a,62,6e,68,6d,68,6c,64,6e,63,6b,6c,68,
66,67,6c,61,6d,6a,62,6e,63,61,68,63,6f,67,6f,61,68,6d,70,6c,64,66,68,6a,68,\
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
- - - - - - - > 'explorer.exe'(3928)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Czas ukończenia: 2011-01-16 11:23:42
ComboFix-quarantined-files.txt 2011-01-16 10:23
ComboFix2.txt 2011-01-06 20:29
ComboFix3.txt 2011-01-05 16:35
ComboFix4.txt 2011-01-05 12:32
ComboFix5.txt 2011-01-16 10:13
Przed: 2 292 355 072 bajtów wolnych
Po: 2 272 096 256 bajtów wolnych
- - End Of File - - FC0D4ADBDE2EED21887EFB7485CB1AEF
HELP!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!1