 |
 |
30.01.2009, 01:21
|
|||
|
|||
problem z MS32DLL.dll.vbs
Najprawdopodobniej mam problem z MS32DLL.dll.vbs co mam zrobić z tym fantem prosze o pomoc.
Ściągnąłem pliczek który miał być piosenką a wsadziło mi pełno syfu. Jak mam oczyścić system? Kod:
ComboFix 09-01-21.04 - Imielok 2009-01-29 23:59:44.1 - NTFSx86
Running from: c:\documents and settings\Imielok\Pulpit\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
c:\windows\system32\vbscript.dll is missing
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
c:\windows\system32\c.ico
c:\windows\system32\m.ico
c:\windows\system32\p.ico
c:\windows\system32\s.ico
.
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))
.
2009-01-29 22:44 . 2009-01-29 22:44 <DIR> d-------- c:\program files\Panda Security
2009-01-29 22:44 . 2008-06-19 16:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys
2009-01-29 15:12 . 2009-01-29 15:12 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-01-29 15:03 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-01-29 15:03 . 2004-09-29 12:12 278,584 --a------ c:\windows\system32\HPZidr12.dll
2009-01-29 15:03 . 2004-09-29 12:15 204,800 --a------ c:\windows\system32\HPZipr12.dll
2009-01-29 15:03 . 2004-09-29 12:09 94,208 --a------ c:\windows\system32\HPZipt12.dll
2009-01-29 15:03 . 2004-09-29 12:14 69,632 --a------ c:\windows\system32\HPZipm12.exe
2009-01-29 15:03 . 2004-09-29 12:08 61,440 --a------ c:\windows\system32\HPZinw12.exe
2009-01-29 15:03 . 2004-09-29 12:09 57,344 --a------ c:\windows\system32\HPZisn12.dll
2009-01-29 15:02 . 2009-01-29 23:27 <DIR> d-------- c:\program files\HP
2009-01-29 15:01 . 2009-01-29 15:01 <DIR> d-------- c:\temp\HP_WebRelease
2009-01-29 15:01 . 2009-01-29 15:01 <DIR> d-------- C:\temp
2009-01-29 15:01 . 2009-01-29 15:12 68,877 --a------ c:\windows\hpoins05.dat
2009-01-29 15:01 . 2004-12-15 16:05 19,696 --------- c:\windows\hpomdl05.dat
2009-01-29 14:42 . 2005-09-01 12:03 127,488 --------- c:\windows\system32\drivers\imagesrv.sys
2009-01-29 14:42 . 2005-09-01 12:03 5,888 --------- c:\windows\system32\drivers\imagedrv.sys
2009-01-29 14:41 . 2009-01-29 14:41 <DIR> d-------- c:\program files\Common Files\Ahead
2009-01-29 14:41 . 2009-01-29 14:41 <DIR> d-------- c:\program files\Ahead
2009-01-29 14:41 . 2004-07-26 17:16 1,568,768 --------- c:\windows\system32\ImagX7.dll
2009-01-29 14:41 . 2004-07-26 17:16 476,320 --------- c:\windows\system32\ImagXpr7.dll
2009-01-29 14:41 . 2004-07-26 17:16 471,040 --------- c:\windows\system32\ImagXRA7.dll
2009-01-29 14:41 . 2004-07-09 09:43 364,544 --------- c:\windows\system32\TwnLib4.dll
2009-01-29 14:41 . 2004-07-26 17:16 262,144 --------- c:\windows\system32\ImagXR7.dll
2009-01-29 14:41 . 2006-01-12 16:40 155,648 --a------ c:\windows\system32\NeroCheck.exe
2009-01-29 14:41 . 2000-06-26 11:45 106,496 --a------ c:\windows\system32\TwnLib20.dll
2009-01-28 22:40 . 2009-01-28 22:40 21,446 --a------ c:\windows\system32\sf.ico
2009-01-28 22:40 . 2009-01-28 22:40 13,942 --a------ c:\windows\system32\m3.ico
2009-01-28 22:40 . 2009-01-28 22:40 3,122 --a------ c:\windows\ios.dat
2009-01-28 22:39 . 2009-01-28 22:39 131,072 --a------ c:\windows\system32\hhsa.dll
2009-01-23 21:59 . 2009-01-23 21:59 <DIR> d-------- c:\program files\NAPI-PROJEKT
2009-01-06 22:11 . 2004-12-14 20:33 51,120 -ra------ c:\windows\system32\drivers\HPZid412.sys
2009-01-06 22:11 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-01-06 22:11 . 2008-04-14 00:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-01-06 22:11 . 2004-12-14 20:33 21,744 -ra------ c:\windows\system32\drivers\HPZius12.sys
2009-01-06 22:11 . 2004-12-14 20:33 16,496 -ra------ c:\windows\system32\drivers\HPZipr12.sys
2009-01-06 22:08 . 2004-12-14 20:33 708,608 -ra------ c:\windows\system32\hpotiop.dll
2009-01-06 22:08 . 2004-12-14 20:33 278,528 -ra------ c:\windows\system32\hpgwiamd.dll
2009-01-06 22:08 . 2004-12-14 20:33 274,432 -ra------ c:\windows\system32\HPZc3212.dll
2009-01-06 22:08 . 2004-12-14 20:33 229,376 -ra------ c:\windows\system32\hpovst08.dll
2009-01-06 22:08 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-06 22:08 . 2008-04-14 00:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-01-06 15:29 . 2001-10-19 14:40 1,683,792 --a------ c:\windows\system32\wmvcore2.dll
2009-01-06 15:29 . 2001-10-19 14:40 665,424 --a------ c:\windows\system32\wmv8dmoe.dll
2009-01-06 15:29 . 2001-10-19 14:39 572,752 --a------ c:\windows\system32\wmvdmoe.dll
2009-01-06 15:29 . 2001-10-19 14:40 438,608 --a------ c:\windows\system32\wmv8dmod.dll
2009-01-06 15:29 . 2001-10-19 02:05 285,184 --a------ c:\windows\system32\wmidx2.ocx
2009-01-06 15:29 . 2009-01-06 15:29 156,910 --a------ c:\windows\WMSysPr8.prx
2009-01-04 18:10 . 2009-01-04 18:10 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Sports Interactive
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-29 23:00 --------- d-----w c:\documents and settings\Imielok\Dane aplikacji\uTorrent
2009-01-22 16:04 --------- d-----w c:\program files\Real Alternative
2009-01-21 18:40 --------- d-----w c:\documents and settings\Imielok\Dane aplikacji\Tlen.pl
2008-12-25 13:40 --------- d-----w c:\documents and settings\Imielok\Dane aplikacji\Sports Interactive
2008-12-25 12:40 --------- d-----w c:\program files\directx
2008-12-19 16:02 --------- d-----w c:\program files\SubEdit-Player
2008-12-17 20:06 --------- d-----w c:\program files\SWiSH Max2
2008-12-17 15:14 --------- d-----w c:\program files\Common Files\SWiSHzone.com
2008-12-16 21:08 --------- d-----w c:\documents and settings\Imielok\Dane aplikacji\Thinstall
2008-12-15 21:12 --------- d-----w c:\documents and settings\Imielok\Dane aplikacji\Skype
2008-12-15 21:09 --------- d-----w c:\documents and settings\Imielok\Dane aplikacji\skypePM
2008-12-15 20:41 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\TrackMania
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 11:41 --------- d-----w c:\documents and settings\Imielok\Dane aplikacji\Media Player Classic
2008-12-03 19:50 --------- d-----w c:\documents and settings\Imielok\Dane aplikacji\Soldat
2008-12-03 19:47 --------- d-----w c:\documents and settings\Imielok\Dane aplikacji\OpenOffice.org
2008-12-03 19:42 --------- d-----w c:\program files\OpenOffice.org 3
2008-12-03 19:40 --------- d-----w c:\documents and settings\Imielok\Dane aplikacji\OpenOffice.org2
2008-12-01 15:07 --------- d-----w c:\program files\Betsson
2008-11-29 21:40 --------- d-----w c:\program files\SopCast
2008-11-29 10:30 --------- d-----w c:\program files\Tlen.pl
2008-11-28 23:49 --------- d-----w c:\program files\uTorrent
2008-11-28 15:49 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-11-28 15:49 --------- d-----w c:\program files\Java
2008-11-24 14:32 57,344 ----a-w c:\windows\system32\ff_vfw.dll
2008-10-29 02:23 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-10-29 02:22 314,880 ----a-w c:\windows\system32\ati2dvag.dll
2008-10-29 02:11 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-10-29 02:11 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-10-29 02:11 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-10-29 02:11 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-10-29 02:10 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-10-29 02:10 10,973,184 ----a-w c:\windows\system32\atioglxx.dll
2008-10-29 02:09 585,728 ----a-w c:\windows\system32\ati2evxx.exe
2008-10-29 02:07 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-10-29 01:57 4,041,472 ----a-w c:\windows\system32\ati3duag.dll
2008-10-29 01:49 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-10-29 01:41 2,472,832 ----a-w c:\windows\system32\ativvaxx.dll
2008-10-29 01:25 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-10-29 01:21 389,120 ----a-w c:\windows\system32\atikvmag.dll
2008-10-29 01:19 44,032 ----a-w c:\windows\system32\atiadlxx.dll
2008-10-29 01:19 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-10-29 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll
2008-10-29 01:12 577,536 ----a-w c:\windows\system32\ati2cqag.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6978074F-9702-4EDB-8172-4DD019693D40}]
2009-01-28 22:39 131072 --a------ c:\windows\system32\hhsa.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-11-26 270128]
"Komunikator"="c:\program files\Tlen.pl\tlen.exe" [2008-11-28 5837800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^Imielok^Menu Start^Programy^Autostart^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Imielok\Menu Start\Programy\Autostart\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-08-08 13:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Komunikator]
--a------ 2008-11-28 11:48 5837800 c:\program files\Tlen.pl\tlen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-07 14:31 21633320 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-28 16:49 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
--a------ 2008-11-26 18:51 270128 c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0220Mon.exe]
--a------ 2006-06-29 01:01 32768 c:\windows\V0220Mon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2008-06-19 16:20 57344 c:\windows\ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2008-10-28 17:18 17331200 c:\windows\RTHDCPL.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Tlen.pl\\tlen.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Gry\\Soldat\\Soldat.exe"=
"c:\\Gry\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-06-19 28544]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
S3 V0220Dev;Live! Cam Video IM;c:\windows\system32\DRIVERS\V0220Dev.sys [2006-06-29 146112]
S3 V0220Vfx;V0220Vfx;c:\windows\system32\DRIVERS\V0220Vfx.sys [2006-06-08 6272]
--- Other Services/Drivers In Memory ---
*Deregistered* - Aavmker4
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - aswFsBlk
*Deregistered* - aswMon2
*Deregistered* - aswRdr
*Deregistered* - aswSP
*Deregistered* - aswTdi
*Deregistered* - aswUpdSv
*Deregistered* - Ati HotKey Poller
*Deregistered* - ATI Smart
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Web Scanner
*Deregistered* - Beep
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - irda
*Deregistered* - Irmon
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - LanmanServer
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - pavboot
*Deregistered* - Pml Driver HPZ12
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasirda
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Udfs
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://ie-security.com/lands/scan/scanner/go.aspx?in=1
FF - ProfilePath - c:\documents and settings\Imielok\Dane aplikacji\Mozilla\Firefox\Profiles\3mtisga8.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-30 00:00:55
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-30 0:01:58
ComboFix-quarantined-files.txt 2009-01-29 23:01:55
Pre-Run: 16˙729˙780˙224 bajt˘w wolnych
Post-Run: 16,825,458,688 bajt˘w wolnych
304 --- E O F --- 2009-01-22 15:22:52
================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:25:00, on 2009-01-30
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIMP2\AIMP2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie-security.com/lands/scan/scanner/go.aspx?in=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: GearTool - {6978074F-9702-4EDB-8172-4DD019693D40} - C:\WINDOWS\system32\hhsa.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pu...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 4565 bytes
Ostatnio edytowane przez Imielok ; 30.01.2009 o 10:54.        
|
 |
 |
|
|
|
30.01.2009, 20:29
|
||||
|
||||
|
Odp: problem z MS32DLL.dll.vbs
Cytat:
Podłącz wszelkie przenośne urządzenia usb z pamięcią (pendrive , telefon, karta pamięci, aparat foto, empetrójka itp.). Otwórz Notatnik i wklej w nim: Kod:
File::
c:\windows\system32\sf.ico
c:\windows\system32\m3.ico
c:\windows\ios.dat
c:\windows\system32\hhsa.dll
C:\WINDOWS\MS32DLL.dll.vbs
C:\MS32DLL.dll.vbs
C:\WINDOWS\boot.ini
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6978074F-9702-4EDB-8172-4DD019693D40}]
W logu widać: Cytat:
expand X:\i386\vbscript.dl_ c:\Windows\system32 gdzie x: to litera napędu CD/DVD) Być może potem trzeba będzie zarejestrować ten plik w windowsie: Menu Start --> Uruchom --> regsvr32 vbscript.dll
__________________
Nie sprawdzam logów z CF, HJT i podobnych na PW oraz gg   
|
|
|
|
| Narzędzia wątku | Przeszukaj ten temat |
| Wygląd | |
Wygląd liniowy
|
|
Podobne wątki
|
||||
| Temat | Autor wątku | Forum | Odpowiedzi | Ostatni post/autor |
| problem Binkw32.dll | piotrjub | problemy techniczne | 36 | 19.12.2011 19:30 |
| nie działają skrypty *.vbs | radarito | windows | 2 | 15.01.2009 21:56 |
| Problem z wxmsw262u.dll | driwer | windows | 6 | 19.04.2008 21:37 |
| Wirus MS32DLL.dll.vbs - pomocy | Roonie | Logi do sprawdzenia | 7 | 07.04.2008 21:01 |
| [vbs] Plik vbs służący do zamykania kilku programów | mateuszbara | programowanie | 1 | 19.12.2007 21:09 |
| Wszystkie czasy w strefie GMT +2. Teraz jest 01:20. |
