Co to takiego BHO.AKL


(Wkoczur) #1

Witam

Mam następujący problem. System XP

W Program Files tworzy mi się folder Google a w nim plik googletoolbar1.dll który AVG wykrywa jako: Trojan Horse BHO.AKL.

Usunąłem z rejestru wszystkie wpisy Google, usunałem ten folder Google z Program Files, a mimo to po restarcie tworzy się folder z tym plikiem.

Czy to groźne ? Jak się tego pozbyć ?

Z góry dziękuję za pomoc

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:26:26, on 2007-08-06

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\wvremcon.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Philips ToUcam Camera\VProperty.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Dual Wheel Mouse\4dmain.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\Program Files\Kalendarz XP\Kalendarz.exe

C:\Program Files\Logitech\iTouch\kbdtray.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Kerio\Personal Firewall\persfw.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

F3 - REG:win.ini: load=C:\YDPDict\watch.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [wvremcon] C:\WINDOWS\wvremcon.exe

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe

O4 - HKLM..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe

O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM..\Run: [WheelMouse] 4dmain.exe

O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM..\Run: [crtfmon] C:\WINDOWS\CTFRMON.EXE

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [supelek bogiego] c:\program files\supelek bogiego\supb.exe -spr

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://84.205.17.235/activex/AxisCamControl.cab

O16 - DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} (ActiveWebParts Illustration Viewer) - http://parts.husqvarna.com/WebResource. ... 0280000000

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll

O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINDOWS\system32\Lijfcp32.dll (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

--

End of file - 6086 bytes


(qrczak13) #2

Plik na czerwono usuń ręcznie, a wpisy w HJT.

Masz może kartę telewizyjną z pilotem?

Daj log z ComboFix.


(Wkoczur) #3

Witam

Usunąłem to co wskazałeś. Ale folder jak pojawiał się tak pojawia.

Nie mam karty telewizyjnej.

To log z ComboFix

Pozdrawiam

ComboFix 07-08-04.3 - "DOM_" 2007-08-07 18:31:36.3 [GMT 2:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.Prawda

((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))

2007-08-07 18:30

2007-08-07 18:26 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-06 23:21

2007-08-06 22:57 74,230 --a------ C:\WINDOWS\system32\prfc0415.dat

2007-08-06 22:57 448,004 --a------ C:\WINDOWS\system32\prfh0415.dat

2007-08-06 22:24

2007-08-03 08:37 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-08-02 18:14

2007-07-26 22:37 24,576 --a------ C:\WINDOWS\CTFRMON.EXE

2007-07-19 00:09

2007-07-19 00:07 299,520 --a------ C:\WINDOWS\uninst.exe

2007-07-12 22:47

2007-07-12 22:44 327,168 --a------ C:\WINDOWS\IsUn0415.exe

2007-07-12 22:44

2007-07-11 00:07

2007-07-10 23:00

2007-07-10 19:30

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 14:57 --------- d-------- C:\Program Files\Kalendarz XP

2007-08-05 09:18 2090 --a------ C:\WINDOWS\unins000.dat

2007-08-04 17:15 --------- d-------- C:\Program Files\eMule

2007-07-31 19:04 --------- d-------- C:\Program Files\IrfanView

2007-07-28 14:59 --------- d-------- C:\Program Files\Leksykonia

2007-07-26 01:09 --------- d-------- C:\DOCUME~1\DOM_\DANEAP~1\Skype

2007-07-22 16:58 --------- d-------- C:\Program Files\Photocopier

2007-07-12 22:44 74230 --a------ C:\WINDOWS\system32\perfc015.dat

2007-07-12 22:44 448004 --a------ C:\WINDOWS\system32\perfh015.dat

2007-07-02 23:27 2839 --a------ C:\WINDOWS\unins001.dat

2007-07-01 22:57 --------- d-------- C:\DOCUME~1\DOM_\DANEAP~1\Gadu-Gadu

2007-07-01 22:54 --------- d-------- C:\Program Files\Gadu-Gadu

2007-06-25 19:40 --------- d-------- C:\Program Files\Skype

2007-06-25 19:40 --------- d-------- C:\Program Files\Common Files\Skype

2007-05-31 18:03 24040 --a------ C:\DOCUME~1\DOM_\DANEAP~1\GDIPFONTCACHEV1.DAT

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 21:51]

"SoundMan"="SOUNDMAN.EXE" [2006-01-11 16:08 C:\WINDOWS\soundman.exe]

"wvremcon"="C:\WINDOWS\wvremcon.exe" [2004-12-05 20:41]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]

"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22]

"FineReader7NewsReaderPro"="C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-08-19 22:22]

"ToUcamVProperty"="C:\Program Files\Philips ToUcam Camera\VProperty.exe" [2001-11-28 15:50]

"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2001-09-18 02:59]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]

"WheelMouse"="4dmain.exe" []

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-26 17:58]

"crtfmon"="C:\WINDOWS\CTFRMON.EXE" [2007-07-26 22:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:55]

"WebCamRT.exe"="" []

"supelek bogiego"="c:\program files\supelek bogiego\supb.exe" [1998-08-21 19:01]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26]

Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-01-08 20:18:27]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-30 18:03:51]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]

R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys

R3 Amps2prt;PS/2 Port Mouse Filter Driver;C:\WINDOWS\system32\Drivers\Amps2prt.sys

R3 EPPSCSIx;EPPSCSI Driver;C:\WINDOWS\system32\DRIVERS\EPPSCAN.sys

R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys

S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys

S3 Cap7134;%Cap7134.DeviceDescProt%;C:\WINDOWS\system32\DRIVERS\Cap7134.sys

S3 PhTvTune;WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTvTune.sys

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{44BBA844-CC51-11CF-AAFA-AABBCCDDEE01}]

rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\supb.inf,profil.i.nt

Złączono Posta : 07.08.2007 (Wto) 18:47

Witam

Usunąłem to co wskazałeś. Ale folder jak pojawiał się tak pojawia.

Nie mam karty telewizyjnej.

To log z ComboFix

Pozdrawiam

ComboFix 07-08-04.3 - "DOM_" 2007-08-07 18:31:36.3 [GMT 2:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.Prawda

((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))

2007-08-07 18:30

2007-08-07 18:26 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-06 23:21

2007-08-06 22:57 74,230 --a------ C:\WINDOWS\system32\prfc0415.dat

2007-08-06 22:57 448,004 --a------ C:\WINDOWS\system32\prfh0415.dat

2007-08-06 22:24

2007-08-03 08:37 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-08-02 18:14

2007-07-26 22:37 24,576 --a------ C:\WINDOWS\CTFRMON.EXE

2007-07-19 00:09

2007-07-19 00:07 299,520 --a------ C:\WINDOWS\uninst.exe

2007-07-12 22:47

2007-07-12 22:44 327,168 --a------ C:\WINDOWS\IsUn0415.exe

2007-07-12 22:44

2007-07-11 00:07

2007-07-10 23:00

2007-07-10 19:30

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 14:57 --------- d-------- C:\Program Files\Kalendarz XP

2007-08-05 09:18 2090 --a------ C:\WINDOWS\unins000.dat

2007-08-04 17:15 --------- d-------- C:\Program Files\eMule

2007-07-31 19:04 --------- d-------- C:\Program Files\IrfanView

2007-07-28 14:59 --------- d-------- C:\Program Files\Leksykonia

2007-07-26 01:09 --------- d-------- C:\DOCUME~1\DOM_\DANEAP~1\Skype

2007-07-22 16:58 --------- d-------- C:\Program Files\Photocopier

2007-07-12 22:44 74230 --a------ C:\WINDOWS\system32\perfc015.dat

2007-07-12 22:44 448004 --a------ C:\WINDOWS\system32\perfh015.dat

2007-07-02 23:27 2839 --a------ C:\WINDOWS\unins001.dat

2007-07-01 22:57 --------- d-------- C:\DOCUME~1\DOM_\DANEAP~1\Gadu-Gadu

2007-07-01 22:54 --------- d-------- C:\Program Files\Gadu-Gadu

2007-06-25 19:40 --------- d-------- C:\Program Files\Skype

2007-06-25 19:40 --------- d-------- C:\Program Files\Common Files\Skype

2007-05-31 18:03 24040 --a------ C:\DOCUME~1\DOM_\DANEAP~1\GDIPFONTCACHEV1.DAT

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 21:51]

"SoundMan"="SOUNDMAN.EXE" [2006-01-11 16:08 C:\WINDOWS\soundman.exe]

"wvremcon"="C:\WINDOWS\wvremcon.exe" [2004-12-05 20:41]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]

"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22]

"FineReader7NewsReaderPro"="C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-08-19 22:22]

"ToUcamVProperty"="C:\Program Files\Philips ToUcam Camera\VProperty.exe" [2001-11-28 15:50]

"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2001-09-18 02:59]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]

"WheelMouse"="4dmain.exe" []

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-26 17:58]

"crtfmon"="C:\WINDOWS\CTFRMON.EXE" [2007-07-26 22:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:55]

"WebCamRT.exe"="" []

"supelek bogiego"="c:\program files\supelek bogiego\supb.exe" [1998-08-21 19:01]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26]

Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-01-08 20:18:27]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-30 18:03:51]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]

R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys

R3 Amps2prt;PS/2 Port Mouse Filter Driver;C:\WINDOWS\system32\Drivers\Amps2prt.sys

R3 EPPSCSIx;EPPSCSI Driver;C:\WINDOWS\system32\DRIVERS\EPPSCAN.sys

R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys

S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys

S3 Cap7134;%Cap7134.DeviceDescProt%;C:\WINDOWS\system32\DRIVERS\Cap7134.sys

S3 PhTvTune;WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTvTune.sys

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{44BBA844-CC51-11CF-AAFA-AABBCCDDEE01}]

rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\supb.inf,profil.i.nt


(adam9870) #4

Wątpię, by jakiś produkt Google był zainfekowany dlatego podejrzewam, że pojawianie się alertów informujących o zainfekowaniu pliku jest spowodowane nadwrażliwością zainstalowanego oprogramowania zabezpieczającego.

W Dodaj/Usuń programy czy masz zainstalowany jakiś program Google jak np. Google Desktop, a jeśli tak to go odinstaluj.

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.BAT

Otwórz Notatnik i wklej w nim to:

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG

Uruchom system w trybie awaryjnym i uruchom utworzone pliki.

Po wykonaniu wklej log z ComboFix.


(Wkoczur) #5

Witam ponownie

Zrobiłem tak jak napisałeś. Folder pojawia się jak pojawiał. Nie mam nic Google ani desktop ani toolbar.

Też myślę, że to nadwrażliwość AVG, sprawdziłem online na Kasperskim ten googletoolbar1.dll, bez uwag.

Chyba tak musi zostać, bo szkoda nerwów. Zwłaszcza że alarmuje AVG jak klikam na ten plik, to nie będę tego ruszał i spokuj. No ale z czego to się tworzy ?

poniżej aktualny log z Combo, pozdrawiam

ComboFix 07-08-04.3 - "DOM_" 2007-08-07 19:20:35.4 [GMT 2:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.Prawda

((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))

2007-08-07 19:18

2007-08-07 18:26 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-06 23:21

2007-08-06 22:57 74,230 --a------ C:\WINDOWS\system32\prfc0415.dat

2007-08-06 22:57 448,004 --a------ C:\WINDOWS\system32\prfh0415.dat

2007-08-03 08:37 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-08-02 18:14

2007-07-26 22:37 24,576 --a------ C:\WINDOWS\CTFRMON.EXE

2007-07-19 00:09

2007-07-19 00:07 299,520 --a------ C:\WINDOWS\uninst.exe

2007-07-12 22:47

2007-07-12 22:44 327,168 --a------ C:\WINDOWS\IsUn0415.exe

2007-07-12 22:44

2007-07-11 00:07

2007-07-10 23:00

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 19:01 --------- d-------- C:\Program Files\Kalendarz XP

2007-08-05 09:18 2090 --a------ C:\WINDOWS\unins000.dat

2007-08-04 17:15 --------- d-------- C:\Program Files\eMule

2007-07-31 19:04 --------- d-------- C:\Program Files\IrfanView

2007-07-28 14:59 --------- d-------- C:\Program Files\Leksykonia

2007-07-26 01:09 --------- d-------- C:\DOCUME~1\DOM_\DANEAP~1\Skype

2007-07-22 16:58 --------- d-------- C:\Program Files\Photocopier

2007-07-12 22:44 74230 --a------ C:\WINDOWS\system32\perfc015.dat

2007-07-12 22:44 448004 --a------ C:\WINDOWS\system32\perfh015.dat

2007-07-02 23:27 2839 --a------ C:\WINDOWS\unins001.dat

2007-07-01 22:57 --------- d-------- C:\DOCUME~1\DOM_\DANEAP~1\Gadu-Gadu

2007-07-01 22:54 --------- d-------- C:\Program Files\Gadu-Gadu

2007-06-25 19:40 --------- d-------- C:\Program Files\Skype

2007-06-25 19:40 --------- d-------- C:\Program Files\Common Files\Skype

2007-05-31 18:03 24040 --a------ C:\DOCUME~1\DOM_\DANEAP~1\GDIPFONTCACHEV1.DAT

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 21:51]

"SoundMan"="SOUNDMAN.EXE" [2006-01-11 16:08 C:\WINDOWS\soundman.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]

"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22]

"FineReader7NewsReaderPro"="C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-08-19 22:22]

"ToUcamVProperty"="C:\Program Files\Philips ToUcam Camera\VProperty.exe" [2001-11-28 15:50]

"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2001-09-18 02:59]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]

"WheelMouse"="4dmain.exe" []

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-26 17:58]

"crtfmon"="C:\WINDOWS\CTFRMON.EXE" [2007-07-26 22:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:55]

"WebCamRT.exe"="" []

"supelek bogiego"="c:\program files\supelek bogiego\supb.exe" [1998-08-21 19:01]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26]

Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-01-08 20:18:27]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-30 18:03:51]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]

R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys

R3 Amps2prt;PS/2 Port Mouse Filter Driver;C:\WINDOWS\system32\Drivers\Amps2prt.sys

R3 EPPSCSIx;EPPSCSI Driver;C:\WINDOWS\system32\DRIVERS\EPPSCAN.sys

R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys

S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys

S3 Cap7134;%Cap7134.DeviceDescProt%;C:\WINDOWS\system32\DRIVERS\Cap7134.sys

S3 PhTvTune;WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTvTune.sys

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{44BBA844-CC51-11CF-AAFA-AABBCCDDEE01}]

rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\supb.inf,profil.i.nt

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-08-07 19:23:03

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...


(jessica) #6

Niestety, muszę Cię zmartwić - z całą pewnością masz infekcję "Google".

Te poniższe wpisy świadczą o tym na 100%.

Niestety, nie wiem jeszcze, jak się tę infekcję usuwa, nie znalazłam w internecie instrukcji jej usuwania.

W każdym razie zrób przynajmniej to:

Sfiksuj w Hijacku ten wpis:

>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked.

Postaraj się jakoś usunąć ten zaznaczony na czerwono plik.

Możesz np. tak:

>>Start >>> Uruchom >>> wybierz (lub wpisz) cmd >> zastosować tę komendę (po niej wciśnij "ENTER"):

Potem daj nowe kogi z Hijacka i ComboFixa - może w międzyczasie ktoś inny wymyśli, jak tę infekcję usunąć. :frowning:

.


(Wkoczur) #7

Pomogło, nie tworzy się folder Google z ty, Googletoolbar1.dll w środku.

Dzięki za pomoc, problem z głowy !

Poniżej aktualne logi.

Pozdrawiam

HIJACK :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:47, on 2007-08-07

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Philips ToUcam Camera\VProperty.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

C:\Program Files\Dual Wheel Mouse\4dmain.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Program Files\Kalendarz XP\Kalendarz.exe

C:\Program Files\Logitech\iTouch\kbdtray.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Kerio\Personal Firewall\persfw.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O4 - HKLM..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [nwiz] nwiz.exe /install

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe

O4 - HKLM..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe

O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"

O4 - HKLM..\Run: [WheelMouse] 4dmain.exe

O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU..\Run: [supelek bogiego] c:\program files\supelek bogiego\supb.exe -spr

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-19..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://84.205.17.235/activex/AxisCamControl.cab

O16 - DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} (ActiveWebParts Illustration Viewer) - http://parts.husqvarna.com/WebResource. ... 0280000000

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wpmsg - {2E0AC5A0-3597-11D6-B3ED-0001021DC1C3} - C:\Program Files\Spik\url_wpmsg.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

--

End of file - 5715 bytes

COMBOFIX :

ComboFix 07-08-04.3 - "DOM_" 2007-08-07 20:48:18.5 [GMT 2:00] - NTFS

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.Prawda

((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))

2007-08-07 18:26 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-08-06 23:21

2007-08-06 22:57 74,230 --a------ C:\WINDOWS\system32\prfc0415.dat

2007-08-06 22:57 448,004 --a------ C:\WINDOWS\system32\prfh0415.dat

2007-08-03 08:37 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

2007-08-02 18:14

2007-07-19 00:09

2007-07-19 00:07 299,520 --a------ C:\WINDOWS\uninst.exe

2007-07-12 22:47

2007-07-12 22:44 327,168 --a------ C:\WINDOWS\IsUn0415.exe

2007-07-12 22:44

2007-07-11 00:07

2007-07-10 23:00

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 20:41 --------- d-------- C:\Program Files\Kalendarz XP

2007-08-05 09:18 2090 --a------ C:\WINDOWS\unins000.dat

2007-08-04 17:15 --------- d-------- C:\Program Files\eMule

2007-07-31 19:04 --------- d-------- C:\Program Files\IrfanView

2007-07-28 14:59 --------- d-------- C:\Program Files\Leksykonia

2007-07-26 01:09 --------- d-------- C:\DOCUME~1\DOM_\DANEAP~1\Skype

2007-07-22 16:58 --------- d-------- C:\Program Files\Photocopier

2007-07-12 22:44 74230 --a------ C:\WINDOWS\system32\perfc015.dat

2007-07-12 22:44 448004 --a------ C:\WINDOWS\system32\perfh015.dat

2007-07-02 23:27 2839 --a------ C:\WINDOWS\unins001.dat

2007-07-01 22:57 --------- d-------- C:\DOCUME~1\DOM_\DANEAP~1\Gadu-Gadu

2007-07-01 22:54 --------- d-------- C:\Program Files\Gadu-Gadu

2007-06-25 19:40 --------- d-------- C:\Program Files\Skype

2007-06-25 19:40 --------- d-------- C:\Program Files\Common Files\Skype

2007-05-31 18:03 24040 --a------ C:\DOCUME~1\DOM_\DANEAP~1\GDIPFONTCACHEV1.DAT

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 21:51]

"SoundMan"="SOUNDMAN.EXE" [2006-01-11 16:08 C:\WINDOWS\soundman.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]

"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22]

"FineReader7NewsReaderPro"="C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-08-19 22:22]

"ToUcamVProperty"="C:\Program Files\Philips ToUcam Camera\VProperty.exe" [2001-11-28 15:50]

"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2001-09-18 02:59]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]

"WheelMouse"="4dmain.exe" []

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-26 17:58]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:55]

"WebCamRT.exe"="" []

"supelek bogiego"="c:\program files\supelek bogiego\supb.exe" [1998-08-21 19:01]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 08:05:26]

Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-01-08 20:18:27]

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-12-30 18:03:51]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]

R1 fwdrv;Kerio Personal Firewall Driver;C:\WINDOWS\system32\Drivers\fwdrv.sys

R3 Amps2prt;PS/2 Port Mouse Filter Driver;C:\WINDOWS\system32\Drivers\Amps2prt.sys

R3 EPPSCSIx;EPPSCSI Driver;C:\WINDOWS\system32\DRIVERS\EPPSCAN.sys

R3 itchfltr;iTouch Keyboard Filter;C:\WINDOWS\system32\DRIVERS\itchfltr.sys

S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys

S3 Cap7134;%Cap7134.DeviceDescProt%;C:\WINDOWS\system32\DRIVERS\Cap7134.sys

S3 PhTvTune;WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTvTune.sys

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components{44BBA844-CC51-11CF-AAFA-AABBCCDDEE01}]

rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\supb.inf,profil.i.nt


(jessica) #8

Tak, w tych logach nie widzę już nic podejrzanego. :slight_smile:

Miejmy nadzieję, że może naprawdę jest już po kłopocie.

.