gzmrotate.dll

Ostatnio mój komputer zaczął jakoś wolniej działać i przy starcie systemu wyświetla się taki napis: [b][/b]Wystąpił błąd podczas ładowania C:\WINDOWS\system32\gzmrotate.dll[b][/b] proszę o pomoc...:) bo nie wiem co mam z tym zrobić?

Odpowiedzi: 8

OK usunąłem i teraz komputer o wiele szybciej działa... dzieki:)
Dobix
Dodano
27.01.2008 20:25:13
[quote]2008-01-20 12:58---------d-----wC:\Program Files\[color=red][b]Ofb1[/b][/color][/quote] Nie wiem, dlaczego to się nie usunęło. Spróbuj usunąć ręcznie w Trybie Awaryjnym. .
morda
Dodano
27.01.2008 19:04:30
OK dzięki za pomoc http://wklej.org/id/b34fe4c937 - link to Loga po usunięciu
Dobix
Dodano
27.01.2008 18:52:46
Wklej do [b]Notatnika[/b]: [CODE] File:: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\scvhost.exe C:\WINDOWS\system32\AdssiteSocial-uninstall.exe C:\WINDOWS\system32\iebrowserc.dll C:\WINDOWS\system32\adssite_sidebar_uninstall.exe C:\WINDOWS\system32\adssite-remove.exe C:\WINDOWS\system32\gzmrotate.dll Folder:: Program Files\Ofb1 Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hid_start] [/code] [b]>>Plik>>Zapisz jako... >>> [color=red]CFScript[/color][/b] Przeciągnij i upuść plik [color=red][b]CFScript.txt[/b][/color] na plik [b]ComboFix.exe[/b] – podobnie jak na tym obrazku [b][color=blue]-->[/color][/b][img]http://img.wklej.org/images/88953CFScript-createdbyMiekiemoes.gif[/img] Ma się rozpocząć usuwanie. (i powstanie log). [b]Po restarcie[/b] usuń ręcznie folder [b]C: \[color=red]Qoobox[/color][/b]. Daj ten log, który powstanie w trakcie usuwania. .
morda
Dodano
27.01.2008 17:34:26
http://wklej.org/id/8af76d8497 - Link do Loga z Combo Fixa
Dobix
Dodano
27.01.2008 16:18:40
[quote]R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file) O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - (no file) O3 - Toolbar: (no name) - {724d43a0-0d85-11d4-9908-00400523e39a} - (no file) O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programy z CHIPA\RoboFormComFillForms.html (file missing) O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programy z CHIPA\RoboFormComFillForms.html (file missing) O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programy z CHIPA\RoboFormComSavePass.html (file missing) O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programy z CHIPA\RoboFormComSavePass.html (file missing) O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programy z CHIPA\RoboFormComShowToolbar.html (file missing) O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programy z CHIPA\RoboFormComShowToolbar.html (file missing)[/quote] Te w/w wpisy sfiksuj w Hijacku: >>Hijack>>scan(Do a system scan only)>>zaznacz je >>[b]Fix checked[/b]. [quote]O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify O4 - Global Startup: scvhost.exe[/quote] Żeby zobaczyć pozostałe pliki tej infekcji - daj log z -->[url=http://forum.idg.pl/index.php?showtopic=118804][b][color=blue][u]ComboFix[/u][/color][/b][/url]. Log wklej na [url=http://wklej.org/][b][color=blue][u]http://wklej.org/[/u][/color][/b][/url], a w poście daj tylko link.(czyli skopiuj adres z paska adresów) . .
morda
Dodano
27.01.2008 14:09:53
jeszcze raz przepraszam że napisałem drugi post z moim logiem w dziale xp. i był bym wdzięczny jeśli ktoś mógłby sprawdzić ponownie mojego loga którego umieszczę niżej. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:24:14, on 2008-01-26 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe C:\Program Files\ArcaBit\ArcaUpdate\update.exe C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe C:\Program Files\Microsoft SQL Server\MSSQL$MA\Binn\sqlservr.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\system32\UAService7.exe C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe C:\Program Files\ArcaBit\Common\TaskScheduler.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\htpatch.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\BTTray.exe C:\WINDOWS\System32\svchost.exe C:\Programy z CHIPA\down\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: XBTP01621 - {F6104497-54FD-4688-9162-5115CC8AB0FB} - (no file) O3 - Toolbar: (no name) - {724d43a0-0d85-11d4-9908-00400523e39a} - (no file) O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\programy z chipa\Quick Time 6\QTTask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar O4 - HKLM\..\Run: [ArcaCheck] C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe /startup O4 - HKLM\..\Run: [ABRegmon] C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe O4 - HKLM\..\Run: [AvMenu] C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: scvhost.exe O8 - Extra context menu item: Customize Menu &4 - file://C:\Programy z CHIPA\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms &] - file://C:\Programy z CHIPA\RoboFormComFillForms.html O8 - Extra context menu item: Save Forms &[ - file://C:\Programy z CHIPA\RoboFormComSavePass.html O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programy z CHIPA\RoboFormComFillForms.html (file missing) O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Programy z CHIPA\RoboFormComFillForms.html (file missing) O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programy z CHIPA\RoboFormComSavePass.html (file missing) O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Programy z CHIPA\RoboFormComSavePass.html (file missing) O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programy z CHIPA\RoboFormComShowToolbar.html (file missing) O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Programy z CHIPA\RoboFormComShowToolbar.html (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C3D1DAFD-2410-4313-8B73-1716F3D1D504}: NameServer = 194.204.159.1 217.98.63.164 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: TS_LogonListener - C:\WINDOWS\SYSTEM32\TS_LogonListener.dll O23 - Service: ArcaBit FileMonitor (ABFileMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit - C:\Program Files\ArcaBit\ArcaVir\NetMonSV.exe O23 - Service: ArcaBit.Core.Configurator - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe O23 - Service: ArcaBit.Core.LoggingService - ArcaBit - C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe O23 - Service: ArcaBit.TaskScheduler - ArcaBit sp. z o.o. - C:\Program Files\ArcaBit\Common\TaskScheduler.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ArcaBit Update Service (AVUpdate) - ArcaBit - C:\Program Files\ArcaBit\ArcaUpdate\update.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Oprogramowanie interfejsu Bluetooth\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe -- End of file - 10474 bytes
Dobix
Dodano
27.01.2008 01:05:58
Usunąć syf. Temat przenosze do Bezpieczeństwa a Ty sprawdź sobie loga Hijacka, przeskanuj sie czymś ...
Żółty
Dodano
26.01.2008 22:51:47
Dobix
Dodano:
26.01.2008 21:51:18
Komentarzy:
8
Strona 1 / 1