Robię generalne porządki i nie mogę usunąć wirusów i trojanow
Loga:
Logfile of HijackThis v1.99.1
Scan saved at 12:11:45, on 2007-09-02
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\G DATA InternetSecurity Trial\AVK\AVKService.exe
C:\Program Files\G DATA InternetSecurity Trial\AVK\AVKWCtl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\EFTP\EFTP3ServerService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G DATA InternetSecurity Trial\Firewall\GDFwSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\Windows\System32\drivers\setup\manager.exe
C:\WINDOWS\system32\hldrrr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\G DATA InternetSecurity Trial\AVKTray\AVKTray.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Windows\System32\drivers\setup\manager.exe
C:\WINDOWS\system32\hldrrr.exe
C:\Documents and Settings\Toshiba\Dane aplikacji\m\flec006.exe
C:\Program Files\G DATA InternetSecurity Trial\Firewall\GDFirewallTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Toshiba\Moje dokumenty\loga\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,c:\program files\g data internetsecurity trial\avkkid\avkcks.exe
O1 - Hosts: 71.234.215.37 bankofamerica.com
O1 - Hosts: 71.234.215.37 www.bankofamerica.com
O1 - Hosts: 71.234.215.37 sitekey.bankofamerica.com
O2 - BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity Trial\Webfilter\AvkWebIE.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity Trial\Webfilter\AvkWebIE.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [Tvs] "C:\Program Files\TOSHIBA\Tvs\TvsTray.exe"
O4 - HKLM\..\Run: [DDWMon] "C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pdfFactory Pro Dyspozytor v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [EFTP3Server] C:\Program Files\EFTP\EFTP3Server.exe
O4 - HKLM\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA InternetSecurity Trial\AVKTray\AVKTray.exe"
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Toshiba\Dane aplikacji\m\flec006.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: NewShortcut2.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - C:\Program Files\WINnerTweak3\PopUp Blocker.exe
O9 - Extra 'Tools' menuitem: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - C:\Program Files\WINnerTweak3\PopUp Blocker.exe
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Tłumacz na angielski - {CCCE5D70-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 - Extra 'Tools' menuitem: Tłumacz na angielski - {CCCE5D70-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 - Extra button: Tłumacz na polski - {CCCE5D71-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 - Extra 'Tools' menuitem: Tłumacz na polski - {CCCE5D71-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 - Extra button: Zachowaj przetłumaczoną stronę - {CCCE5D72-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O9 - Extra 'Tools' menuitem: Zachowaj przetłumaczoną stronę - {CCCE5D72-9AA2-40F1-9C6B-12A255F08500} - C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Usługa konfiguracji Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity Trial\AVK\AVKService.exe
O23 - Service: Strażnik AVK (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity Trial\AVK\AVKWCtl.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EFTP3 Server (EFTP3Server) - Lester Clayton Limited - C:\Program Files\EFTP\EFTP3ServerService.exe
O23 - Service: G DATA Personal Firewall (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity Trial\Firewall\GDFwSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
jessica
(jessica)
2 Wrzesień 2007 11:25
#2
Sama wstawiałaś to do HOSTS?
Jeśli nie to sfiksuj w Hijacku.
Te w/w wpisy sfiksuj w Hijacku:
>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked .
Te czerwone to główne źródło Twoich problemów.
“hldrrr.exe” to Rootkit “Bagle-hidires” z usługą “m__hook”, albo “rosa”, albo z “srosa”.
Usunie go ComboFix (na dole tej strony z linku) -
Log z ComboFix wklej na http://wklej.org/ , a w poście daj tylko link.
Nie znam tych powyższych, a Ty?
Ponieważ ten Rootkit uszkadza Tryb Awaryjny, więc:
jessi
może głupie pytanie, ale skąd będę wiedziała, że Safe Boot Key Repair nie naprawi mi Trybu awaryjnego?
jessica
(jessica)
2 Wrzesień 2007 13:04
#4
Po prostu spróbujesz zastartować do Trybu Awaryjnego .
Po całym usuwaniu chyba trzeba będzie też przeinstalować Twego Antivirusa, bo Rootkit też pewnie go uszkodził - Antivirus będzie niby działał, ale…
jessi
jessica
(jessica)
2 Wrzesień 2007 15:51
#6
Pisałam wyraźnie, że masz zastosować ComboFix , a nie DeckardsSS, bo ComboFix usunąłby tego Rootkita, a DeckardsSS nic nie usuwa.
Tak więc zaczynaj od początku.
Dodatkowo zrób jeszcze to:
Jeśli nie masz jakiegoś narzędzia usuwającego, (ale chyba jeszcze masz Unlockera?), to ściągnij OTMoveIt
Do pola Paste List of Files/Folders to be Moved wklej poniższe ścieżki:
Następnie wciśnij przycisk MoveIt !
Pojawi się komunikat, że jest potrzebny restart do usunięcia podanych plików/folderów- wciśnij Yes .
Po restarcie usuń ręcznie folder C:* * _OTMoveIt** (Prawoklik >>> Usuń >>> Opróżnij Kosz).
Potem rób to, co napisałam w swoim pierwszym poście.
jessi
nie denerwuj się, proszę… próbowałam ale krzyczał że nie może się dostać do pliku, bo inna aplikacja go używa… jakoś tak
Spróbuję jeszcze raz!!
do tego teraz zaczął mi się internet mulić
jessica
(jessica)
2 Wrzesień 2007 16:25
#8
Internet muli, bo jest niedzielne popołudnie.
Jeśli nie wyjdzie nic z tym ComboFixem, to wykonaj przynajmniej to z Unlockerem lub OTMoveIt .
jessi
niestety IOTMoveIt nie znajduje plików i po naciśnięciu Move it nie restartuje kompa…
a unlocker nie chce się odpalić
qrczak13
(qrczak13)
2 Wrzesień 2007 18:29
#10
To spróbuj:
Ściągnij The Avenger ,
wypakuj > uruchom > Input script manually > klikasz w lupkę > w nowo otwartym oknie wklejasz:
Po wklejeniu > Done > klik na zielone światło > ok i będzie restart.
Po restarcie wchodzisz gdzie masz The Avenger wklejasz raport avenger.txt + nowy log z combo.
dzięki serdeczne,… tylko problem w tym że combo mi nie działa tak jak powinien pojawia się komunikat:
proces nie moze uzyskac dostepu do pliku, ponieważ jest on używany przez inny proces
proces nie moze uzyskac dostepu do pliku, ponieważ jest on używany przez inny proces
ComboFix has changed your clock settings. Do not change it back. it schould be restored later.
qrczak13
(qrczak13)
2 Wrzesień 2007 18:51
#12
A robisz wg wskazówek ze strony którą podałem?
Jak nie pójdzie to daj log z Deckard’s System Scanner (DSS)
jessica
(jessica)
2 Wrzesień 2007 18:57
#13
Obawiam się, że to wszystko blokuje ten Rootkit.
Spróbuj jeszcze najpierw usunąć podstawowy plik Rootkita, a dopiero potem podejmij działania zalecone w poprzednim poście przez @qrczaka .
>>Start >>> Uruchom >>> wybierz (lub wpisz) cmd >> zastosować te komendy (po każdej wciśnij “ENTER”):
jessi
niestety nie zdążylam przez mulacy net przeczytac posta od Jessica i odpaliłam the avenger. oto log:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bwikcemi
*******************
Script file located at: \??\C:\WINDOWS\ksybtyaa.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!
Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034
File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!
Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034
Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!
Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Złączono Posta : 02.09.2007 (Nie) 21:33
niestety za każdym razem kiedy daję DEL C:\WINDOWS… pokazuje się ze nie można odnaleźć pliku…
stwierdzenie blondynki: moze ich już po prostu nie ma…po zadzialaniu Hijack This…
jessica
(jessica)
2 Wrzesień 2007 19:48
#15
Hijack nie usuwa nigdy plików! Można nim usunąć inne rzeczy, ale plików nie da się usunąć.
Spróbuj dać log z DeckardsSS, zobaczymy, czy naprawde nie matych plików, bo błąd “034” na to wskazuje.
jessi
log z dss:
Deckard's System Scanner v20070826.66
Run by Toshiba on 2007-09-02 21:57:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------
[color=red]Percentage of Memory in Use: 83% (more than 75%).[/color]
[color=red]Total Physical Memory: 447 MiB (512 MiB recommended).[/color]
[color=red]System Drive C: has 8.49 GiB (less than 15%) free.[/color]
-- HijackThis (run as Toshiba.exe) ---------------------------------------------
Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-09-02 21:57:16
Platform: Windows XP Dodatek Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\G DATA InternetSecurity Trial\AVK\AVKService.exe
C:\Program Files\G DATA InternetSecurity Trial\AVK\AVKWCtl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\EFTP\EFTP3ServerService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe
C:\Program Files\G DATA InternetSecurity Trial\Firewall\GDFwSvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\agrsmmsg.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe
C:\WINDOWS\system32\drivers\setup\manager.exe
C:\Program Files\G DATA InternetSecurity Trial\AVKTray\AVKTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\drivers\setup\manager.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Toshiba\Dane aplikacji\m\flec006.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\G DATA InternetSecurity Trial\Firewall\GDFirewallTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Documents and Settings\Toshiba\Dane aplikacji\Gamers Tower\Multi User Desktop 2004\Default\Web\deckardsystemscanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,c:\program files\g data internetsecurity trial\avkkid\avkcks.exe
O2 - BHO: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity Trial\Webfilter\AvkWebIE.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll
O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity Trial\Webfilter\AvkWebIE.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" hwSetUP
O4 - HKEY_LOCAL_MACHINE\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Tvs] "C:\Program Files\TOSHIBA\Tvs\TvsTray.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [DDWMon] "C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKEY_LOCAL_MACHINE\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [Zooming] ZoomingHook.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [TPSMain] TPSMain.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SVPWUTIL] "C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKEY_LOCAL_MACHINE\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKEY_LOCAL_MACHINE\..\Run: [pdfFactory Pro Dyspozytor v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKEY_LOCAL_MACHINE\..\Run: [EFTP3Server] C:\Program Files\EFTP\EFTP3Server.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKEY_LOCAL_MACHINE\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min
O4 - HKEY_LOCAL_MACHINE\..\Run: [AVKTray] "C:\Program Files\G DATA InternetSecurity Trial\AVKTray\AVKTray.exe"
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [manager] "C:\Windows\System32\drivers\setup\manager.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Toshiba\Dane aplikacji\m\flec006.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
O4 - Global Startup: NewShortcut2.lnk = C:\Program Files\G DATA InternetSecurity Trial\Firewall\GDFirewallTray.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: (no name) - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll
O9 - Extra button: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - C:\Program Files\WINnerTweak3\PopUp Blocker.exe
O9 - Extra 'Tools' menuitem: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - C:\Program Files\WINnerTweak3\PopUp Blocker.exe
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game02.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Usługa konfiguracji Atheros (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EFTP3 Server (EFTP3Server) - Lester Clayton Limited - C:\Program Files\EFTP\EFTP3ServerService.exe /startedbyscm:3FDC8373-40E29588-EFTP3Server
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
O23 - Service: ServiceLayer - Nokia. - "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
-- Files created between 2007-08-02 and 2007-09-02 -----------------------------
2007-09-02 14:50:40 0 d-------- C:\Program Files\Opera
2007-09-01 17:58:39 20096 --a------ C:\WINDOWS\system32\drivers\GDNdisIc.sys
2007-09-01 17:57:19 0 d-------- C:\WINDOWS\gear_dlls
2007-09-01 17:56:24 0 d-------- C:\Program Files\Common Files\G DATA
2007-09-01 17:56:23 0 d-------- C:\Program Files\G DATA InternetSecurity Trial
2007-09-01 14:26:29 0 d-------- C:\Program Files\FlashGet
2007-08-28 21:18:59 588 --a------ C:\starter
2007-08-28 21:06:30 570 --a------ C:\indie podr z zar
2007-08-28 20:51:58 0 d-------- C:\Program Files\WinAVI Video Converter
2007-08-28 00:24:31 156421 --a------ C:\watch
2007-08-27 23:18:43 28672 --a------ C:\WINDOWS\system32\AVEQ.dll
2007-08-27 23:18:41 0 d-------- C:\Program Files\Allok MPEG4 Converter
2007-08-27 21:05:16 0 d-------- C:\Program Files\Allok Video to 3GP Converter
2007-08-27 11:13:52 0 d-------- C:\Program Files\eSkiMoS R2
2007-08-27 11:12:36 0 d-------- C:\Program Files\eSeMeS 3.0
2007-08-27 11:07:05 0 d-------- C:\Program Files\Dragonmount Networks
2007-08-26 23:58:48 0 d-------- C:\Program Files\PopCap Games
2007-08-23 21:27:04 16 --a------ C:\WINDOWS\popcinfo.dat
2007-08-23 02:43:22 0 d-------- C:\Program Files\IncrediMail
2007-08-14 08:43:37 2368 --a------ C:\WINDOWS\system32\SVKP.sys
2007-08-13 17:02:53 0 d-------- C:\Program Files\40tude Dialog
2007-08-07 15:18:59 0 d-------- C:\Program Files\MegauploadToolbar
2007-08-05 16:00:39 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-08-05 15:57:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-04 21:01:36 0 d-------- C:\Program Files\Trend Micro
2007-08-03 21:32:36 164 --a------ C:\install.dat
2007-08-02 12:49:53 0 d-------- C:\Program Files\WinXMedia
2007-08-02 12:47:55 0 d-------- C:\Program Files\Allok 3GP PSP MP4 iPod Video Converter
-- Find3M Report ---------------------------------------------------------------
2007-09-02 21:40:39 0 d-------- C:\Program Files\Symantec AntiVirus
2007-09-02 21:07:26 0 d-------- C:\Program Files\EFTP
2007-09-02 20:36:32 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\MegauploadToolbar
2007-09-02 14:51:55 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Opera
2007-09-02 11:58:58 0 d--h----- C:\Documents and Settings\Toshiba\Dane aplikacji\m
2007-09-02 10:50:27 0 d-------- C:\Program Files\eMule
2007-09-01 17:56:24 0 d-------- C:\Program Files\Common Files
2007-09-01 17:56:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-01 17:55:45 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\InstallShield
2007-09-01 17:30:34 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Azureus
2007-08-29 10:10:38 16686 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-08-27 12:10:39 0 d-------- C:\Program Files\Dictionnaire
2007-08-27 12:10:37 0 d-------- C:\Program Files\DivX
2007-08-27 11:16:57 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\eSkiMoS R2
2007-08-25 22:02:56 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\LimeWire
2007-08-24 18:24:54 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Tlen.pl
2007-08-24 15:00:02 0 d-------- C:\Program Files\Norton Security Scan
2007-08-23 02:35:24 0 d-------- C:\Program Files\Kalendarz XP
2007-08-22 08:48:50 0 d-------- C:\Program Files\Lx_cats
2007-08-13 15:26:59 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Mozilla
2007-08-13 15:26:51 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Thunderbird
2007-08-10 18:38:01 0 d-------- C:\Program Files\QuickTime
2007-08-08 16:17:37 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Grisoft
2007-08-05 16:00:38 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\SUPERAntiSpyware.com
2007-08-03 22:38:11 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\GetRightToGo
2007-08-01 22:37:11 0 d-------- C:\Program Files\HyperSnap 6
2007-08-01 13:02:29 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\WinRAR
2007-08-01 12:44:30 0 d-------- C:\Program Files\YouTube Video Downloader
2007-07-30 20:00:58 0 d-------- C:\Program Files\directx
2007-07-25 06:53:33 447958 --a------ C:\Documents and Settings\Toshiba\Dane aplikacji\NMM-MetaData.db
2007-07-23 19:42:35 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\PC Suite
2007-07-23 00:05:50 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Nokia Multimedia Player
2007-07-22 22:10:35 0 d-------- C:\Program Files\TOSHIBA
2007-07-22 21:57:55 0 d-------- C:\Program Files\Google
2007-07-21 15:15:41 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Skype
2007-07-13 21:17:43 56 -r-hs---- C:\WINDOWS\system32\D587EE2188.sys
2007-07-13 12:18:50 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Ahead
2007-07-13 09:59:20 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\Nokia
2007-07-12 18:59:23 0 d-------- C:\Program Files\IVT Corporation
2007-07-11 23:12:03 0 d-------- C:\Program Files\Common Files\Nokia
2007-07-11 23:12:01 0 d-------- C:\Program Files\Common Files\PCSuite
2007-07-11 23:11:57 0 d-------- C:\Program Files\Nokia
2007-07-11 23:11:44 0 d-------- C:\Program Files\DIFX
2007-07-11 23:11:21 0 d-------- C:\Program Files\PC Connectivity Solution
2007-07-08 16:48:18 0 d-------- C:\Documents and Settings\Toshiba\Dane aplikacji\COWON
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-03-17 15:37]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 22:40]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 15:34]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2006-03-16 13:27]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 13:45]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2006-04-04 14:57]
"SmoothView"="C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe" []
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 13:11]
"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 11:49]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-03-17 13:30]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-05-17 18:40]
"Zooming"="ZoomingHook.exe" [2005-06-06 09:58 C:\WINDOWS\system32\ZoomingHook.exe]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-05-17 18:48]
"TPSMain"="TPSMain.exe" [2005-09-13 10:01 C:\WINDOWS\system32\TPSMain.exe]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 13:45]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-18 06:34 C:\WINDOWS\RTHDCPL.exe]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-11-10 17:06]
"NDSTray.exe"="NDSTray.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 08:22 C:\WINDOWS\agrsmmsg.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-24 11:13]
"pdfFactory Pro Dyspozytor v3"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2007-04-07 10:59]
"EFTP3Server"="C:\Program Files\EFTP\EFTP3Server.exe" [2006-01-10 23:00]
"manager"="C:\Windows\System32\drivers\setup\manager.exe" [2007-07-06 04:15]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"Flashget"="C:\Program Files\FlashGet\flashget.exe" [2007-08-02 08:36]
"AVKTray"="C:\Program Files\G DATA InternetSecurity Trial\AVKTray\AVKTray.exe" [2007-04-24 10:02]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 12:04]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 13:57]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-11 12:59]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2007-02-12 12:01]
"TransparentTaskBar"="" []
"manager"="C:\Windows\System32\drivers\setup\manager.exe" [2007-07-06 04:15]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-08-23 17:22]
"hldrrr"="C:\WINDOWS\system32\hldrrr.exe" []
"mule_st_key"="C:\Documents and Settings\Toshiba\Dane aplikacji\m\flec006.exe" [2007-09-02 20:07]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\Toshiba\Menu Start\Programy\Autostart\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-15 18:22:30]
Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmasy\Tmasy.exe [2007-08-04 21:01:39]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-15 18:22:30]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-01-18 14:48:42]
NewShortcut2.lnk - C:\Program Files\G DATA InternetSecurity Trial\Firewall\GDFirewallTray.exe [2007-09-01 17:58:30]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2007-04-29 12:39:27]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"NoDispCPL"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=0 (0x0)
"NoPropertiesMyComputer"=0 (0x0)
"NoFileAssociate"=0 (0x0)
"NoRun"=0 (0x0)
"NoSMHelp"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=1 (0x1)
"NoRecentDocsHistory"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoTrayItemsDisplay"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,c:\program files\g data internetsecurity trial\avkkid\avkcks.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Google Updater.lnk]
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Toshiba^Menu Start^Programy^Autostart^OpenOffice.org 2.0.3.lnk]
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.3.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CafeNews]
C:\Program Files\Press-Service\CafeNews\CN.exe /autostart
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CFSServ.exe]
CFSServ.exe -NoClient
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EFTP3Server]
C:\Program Files\EFTP\EFTP3Server.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 5200 series]
"C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26ceab12-9f0d-11db-b999-0016e3852cf0}]
Open(&0)\command- Recycled\ctfmon.exe
-- End of Deckard's System Scanner: finished at 2007-09-02 21:59:27 ------------
jessica
(jessica)
2 Wrzesień 2007 20:46
#17
W logu widać, że tego pliku nie ma, więc sfiksuj ten wpis w Hijacku:
>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked .
Też sfiksuj w Hijacku:
>>Hijack>>scan(Do a system scan only)>>zaznacz je >> Fix checked .
Potem:
>>Start >>> Uruchom >>> wybierz (lub wpisz) cmd >> zastosować te komendy (po każdej wciśnij “ENTER”):
Sprawdź je na http://virusscan.jotti.org/
Opis, jak korzystać z JOTTI --> http://otfans.pl/forums/showthread.php?tid=552
albo na http://www.virustotal.com/en/indexf.html
(korzysta się podobnie jak z JOTTI).
Infekcja z pendrive - zrób tak:
EDIT:
Zapomniałam o ukrytych usługach tego Rootkita.
Nawet nie wiemy, jakie w tym przypadku wystąpiły usługi.
Będziemy próbować po kilei te, które znam (jeśli jest jakaś nowa, to nie usuniemy):
>>Start >>> Uruchom >>> wybierz (lub wpisz) cmd >> zastosować te komendy (po każdej wciśnij “ENTER”):
jessi
ło matko brzmi groźnie:) ale się biorę za czytanie i stosowanie dzieki:) zobaczymy jaki będzie skutek…
Złączono Posta : 02.09.2007 (Nie) 23:52
Niby pliki są ok ale: http://img301.imageshack.us/my.php?image=malwareeu2.png link do wyników manager exe
oraz http://img230.imageshack.us/my.php?imag … re3kb3.jpg dla D587EE2188.sys
Gutek
(Gutek)
2 Wrzesień 2007 21:52
#19
Po wszystkim - Pobierz program SDFix
do tego nie znalazł ścieżki:(
Które jeszcze pliki miałam skasować? wklepałam mu jeszcze
C:\WINDOWS\exefnd
C:\WINDOWS\system32\trusted.exe
ale ich nie znalazł.