chorg
(A Placzek)
23 Listopad 2007 17:21
#1
Witam, mam logi z tego zainfekowanego komputera. Co zauważyłem, że wstrzykniętą ramkę na swoim komputerze mam tylko jeżeli na tym zainfekowanym użytkownik jest zalogowany. Po wylogowaniu objawy nie są już widoczne.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:02:25, on 2007-11-23 Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe D:\Program Files\AntiVirenKit 2006\AVKService.exe D:\Program Files\AntiVirenKit 2006\AVKWCtl.exe D:\WINDOWS\System32\nvsvc32.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\System32\RunDLL32.exe D:\WINDOWS\System32\RunDLL32.exe F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe D:\WINDOWS\SOUNDMAN.EXE D:\Program Files\AntiVirenKit 2006\AVKTray\AVKTray.exe D:\WINDOWS\System32\ctfmon.exe D:\Program Files\Messenger\msmsgs.exe D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\WINDOWS\System32\drivers\scvhost.exe D:\WINDOWS\System32\wuauclt.exe D:\WINDOWS\System32\WScript.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = cza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [upxdnd] D:\WINDOWS\upxdnd.exe O4 - HKLM…\Run: [MsPrint32D] D:\WINDOWS\kirsqi.exe O4 - HKLM…\Run: [MsIMMs32] D:\WINDOWS\MsIMMs32.exe O4 - HKLM…\Run: [Kvsc3] D:\WINDOWS\Kvsc3.exe O4 - HKLM…\Run: [cmdbcs] D:\WINDOWS\cmdbcs.exe O4 - HKLM…\Run: [AVPSrv] D:\WINDOWS\AVPSrv.exE O4 - HKLM…\Run: [WinSysM] D:\WINDOWS\919331M.exe O4 - HKLM…\Run: [WinSysW] D:\WINDOWS\919331L.exe O4 - HKLM…\Run: [DbgHlp32] D:\WINDOWS\DbgHlp32.exe O4 - HKLM…\Run: [KVP] D:\WINDOWS\System32\drivers\svchost.exe O4 - HKLM…\Run: [AVKTray] “D:\Program Files\AntiVirenKit 2006\AVKTray\AVKTray.exe” O4 - HKCU…\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “D:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKLM…\Policies\Explorer\Run: [MSDEG32] LYLoader.exe O4 - HKLM…\Policies\Explorer\Run: [MSDWG32] LYLoadbr.exe O4 - HKLM…\Policies\Explorer\Run: [MSDCG32] LYLeador.exe O4 - HKLM…\Policies\Explorer\Run: [MSDOG32] LYLoador.exe O4 - HKLM…\Policies\Explorer\Run: [MSDSG32] LYLoadar.exe O4 - HKLM…\Policies\Explorer\Run: [MSDMG32] LYLoadmr.exe O4 - HKLM…\Policies\Explorer\Run: [MSDHG32] LYLoadhr.exe O4 - HKLM…\Policies\Explorer\Run: [MSDQG32] LYLoadqr.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘USUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘USUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Global Startup: Przyspieszenie uruchomienia programu AutoCAD.lnk = D:\Program Files\Common Files\Autodesk Shared\acstart16.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm O10 - Unknown file in Winsock LSP: d:\windows\system32\videodevice.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\videodevice.dll O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVKProxy - G DATA Software AG - D:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: AVK Service (AVKService) - Unknown owner - D:\Program Files\AntiVirenKit 2006\AVKService.exe O23 - Service: Stranik AVK (AVKWCtl) - Unknown owner - D:\Program Files\AntiVirenKit 2006\AVKWCtl.exe O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe – End of file - 5616 bytes
“Silent Runners.vbs”, revision 52, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “D:\WINDOWS\System32\ctfmon.exe” [MS] “MSMSGS” = ““D:\Program Files\Messenger\msmsgs.exe” /background” [MS] “swg” = “D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++} “MSDEG32” = “LYLoader.exe” [null data] “MSDWG32” = “LYLoadbr.exe” [file not found] "MSDCG32 " = “LYLeador.exe” [file not found] “MSDOG32” = “LYLoador.exe” [file not found] “MSDSG32” = “LYLoadar.exe” [file not found] “MSDMG32” = “LYLoadmr.exe” [file not found] “MSDHG32” = “LYLoadhr.exe” [file not found] “MSDQG32” = “LYLoadqr.exe” [file not found] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “NvCplDaemon” = “RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup” [MS] “nwiz” = “nwiz.exe /install” [“NVIDIA Corporation”] “NvMediaCenter” = “RunDLL32.exe NvMCTray.dll,NvTaskbarInit” [MS] “Adobe Reader Speed Launcher” = ““F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”” [“Adobe Systems Incorporated”] “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “upxdnd” = “D:\WINDOWS\upxdnd.exe” [file not found] “MsPrint32D” = “D:\WINDOWS\kirsqi.exe” [null data] “MsIMMs32” = “D:\WINDOWS\MsIMMs32.exe” [null data] “Kvsc3” = “D:\WINDOWS\Kvsc3.exe” [null data] “cmdbcs” = “D:\WINDOWS\cmdbcs.exe” [null data] “AVPSrv” = “D:\WINDOWS\AVPSrv.exE” [null data] “WinSysM” = “D:\WINDOWS\919331M.exe” [file not found] “WinSysW” = “D:\WINDOWS\919331L.exe” [file not found] “DbgHlp32” = “D:\WINDOWS\DbgHlp32.exe” [null data] “KVP” = “D:\WINDOWS\System32\drivers\svchost.exe” “AVKTray” = ““D:\Program Files\AntiVirenKit 2006\AVKTray\AVKTray.exe”” [“G DATA Software”] HKLM\Software\Microsoft\Active Setup\Installed Components\ {306D6C21-C1B6-4629-986C-E59E1875B8AF}(Default) = (no title provided) \StubPath = ““D:\WINDOWS\System32\rundll32.exe” “D:\Program Files\Messenger\msgsc.dll”,ShowIconsUser” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {AA58ED58-01DD-4d91-8333-CF10577473F7}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Helper” \InProcServer32(Default) = “d:\program files\google\googletoolbar1.dll” [“Google Inc.”] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}(Default) = (no title provided) -> {HKLM…CLSID} = “Google Toolbar Notifier BHO” \InProcServer32(Default) = “D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll” [“Google Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wy�wietlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wy�wietlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “D:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class” -> {HKLM…CLSID} = “DesktopContext Class” \InProcServer32(Default) = “D:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper” -> {HKLM…CLSID} = “NVIDIA CPL Extension” \InProcServer32(Default) = “D:\WINDOWS\System32\nvcpl.dll” [“NVIDIA Corporation”] “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer” -> {HKLM…CLSID} = “Desktop Explorer” \InProcServer32(Default) = “D:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu” -> {HKLM…CLSID} = “nView Desktop Context Menu” \InProcServer32(Default) = “D:\WINDOWS\System32\nvshell.dll” [“NVIDIA Corporation”] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler” -> {HKLM…CLSID} = “Microsoft Office Outlook” \InProcServer32(Default) = “D:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plik�w programu Outlook” \InProcServer32(Default) = “D:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL” [MS] “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Microsoft Office\OFFICE11\msohev.dll” [MS] “{AC1DB655-4F9A-4c39-8AD2-A65324A4C446}” = “Autodesk Drawing Preview” -> {HKLM…CLSID} = “ACTHUMBNAIL” \InProcServer32(Default) = “D:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll” [“Autodesk”] “{36A21736-36C2-4C11-8ACB-D4136F2B57BD}” = “Uchwyt nak�adania ikony podpisu cyfrowego” -> {HKLM…CLSID} = “AcSignIcon” \InProcServer32(Default) = “D:\WINDOWS\System32\AcSignIcon.dll” [“Autodesk”] “{6DEA92E9-8682-4b6a-97DE-354772FE5727}” = “Autodesk DWF Preview” -> {HKLM…CLSID} = “ACDWFTHMBPRXY” \InProcServer32(Default) = “D:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll” [“Autodesk”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{4DF4F122-943D-40f8-B3F2-72BD70E60D6C}” = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\WINDOWS\System32\ProcSvr02.dll” [null data] <> “{6C8BC750-B3E7-4B4A-AC7A-454E6FB9770A}” = (no title provided) -> {HKLM…CLSID} = “HM_WOW” \InProcServer32(Default) = “D:\WINDOWS\System32\qwdiqvbhnt.dll” [MS] HKLM\Software\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “D:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ AVK9CM(Default) = “{CAF4C320-32F5-11D3-A222-004095200FF2}” -> {HKLM…CLSID} = “AVK9ContextMenue” \InProcServer32(Default) = “D:\Program Files\AntiVirenKit 2006\ShellExt.dll” [empty string] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AVK9CM(Default) = “{CAF4C320-32F5-11D3-A222-004095200FF2}” -> {HKLM…CLSID} = “AVK9ContextMenue” \InProcServer32(Default) = “D:\Program Files\AntiVirenKit 2006\ShellExt.dll” [empty string] Default executables: -------------------- HKCU\Software\Classes.scr(Default) = “AutoCADScriptFile” <> HKCU\Software\Classes\AutoCADScriptFile\shell\open\command(Default) = "“D:\WINDOWS\notepad.exe” “%1"” [MS] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “D:\WINDOWS\web\wallpaper\Idylla.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “D:\WINDOWS\web\wallpaper\Idylla.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “D:\WINDOWS\System32\logon.scr” [MS] Startup items in “Wojtek” & “All Users” startup folders: -------------------------------------------------------- D:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Przyspieszenie uruchomienia programu AutoCAD” -> shortcut to: “D:\Program Files\Common Files\Autodesk Shared\acstart16.exe” [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: D:\WINDOWS\System32\videodevice.dll [null data], 01, 15 %SystemRoot%\system32\mswsock.dll [MS], 02 - 04, 07 - 14 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “d:\program files\google\googletoolbar1.dll” [“Google Inc.”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{2318C2B1-4965-11D4-9B18-009027A5CD4F}” = (no title provided) -> {HKLM…CLSID} = “&Google” \InProcServer32(Default) = “d:\program files\google\googletoolbar1.dll” [“Google Inc.”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{FF059E31-CC5A-4E2E-BF3B-96E929D65503}(Default) = “&Badanie” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL” [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ “ButtonText” = “Badanie” Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AVK Service, AVKService, “D:\Program Files\AntiVirenKit 2006\AVKService.exe” [empty string] AVKProxy, AVKProxy, ““D:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe”” [“G DATA Software AG”] NVIDIA Display Driver Service, NVSvc, “D:\WINDOWS\System32\nvsvc32.exe” [“NVIDIA Corporation”] Stra�nik AVK, AVKWCtl, “D:\Program Files\AntiVirenKit 2006\AVKWCtl.exe” [empty string] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll” [MS] ---------- (launch time: 2007-11-23 18:01:59) <>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer “No” at the first message box and “Yes” at the second message box. ---------- (total run time: 172 seconds, including 4 seconds for message boxes)
chorg
(A Placzek)
24 Listopad 2007 07:43
#3
Wklejam raport. Tyle ze dysk przeskanowalem wczesniej antywirusem, doinstalowalem SP2.
Sukces jest połowiczny, po tej moje terapii przeglądarki są ślepe. Nie wyświetlając żadnej strony, FF wywala pusta stronę IE komunikat w stylu ze nie może wyświetlić strony. Połączenie jest, mogę pingować serwery na zewnątrz także po nazwie. Jednak gdy to robie w miejscu gdzie zwykle jest adres IP pojawia sie takie kółeczko jak przy stopniach Celsjusza a po nim kropka tez dziwna bo umieszczona nie na dole wiersza a w jego połowie. Wygląda to mniej więcej tak “Badanie *. z użyciem…”.
Tu wkleiłem log z ComboFix http://wklej.org/id/c2d12b4c50
Gutek
(Gutek)
24 Listopad 2007 14:27
#4
Wklej do Notatnika:
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Po tym nowy log z Combo
chorg
(A Placzek)
24 Listopad 2007 20:28
#5
Dzięki za pomoc, komputer jednak już oddałem sąsiadowi - sam będzie teraz walczył. Pozdrawiam
Gutek
(Gutek)
24 Listopad 2007 23:24
#6
Niech sąsiad da nowy log z Combo