andziak25
(Andziak25)
11 Październik 2007 19:48
#1
Witam!
Mam mały problem. Bardzo często (od paru dni) zawiesza mi się komp w czasie przeglądania netu lub przy kilku otwartych programach. Avast nic nie znalazł za to Ad-aware to (nie wiem czy dobry log):
Ad-Aware SE Build 1.06r1 Logfile Created on:11 października 2007 21:26:50 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R195 08.10.2007 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):4 total references Possible Browser Hijack attempt(TAC index:3):4 total references Tracking Cookie(TAC index:3):4 total references Win32.Trojan.StartPage(TAC index:10):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 2007-10-11 21:26:50 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1202660629-1935655697-1417001333-1003\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 428 ThreadCreationTime : 2007-10-11 10:14:02 BasePriority : Normal #:2 [csrss.exe] FilePath : ??\C:\WINDOWS\system32\ ProcessID : 496 ThreadCreationTime : 2007-10-11 10:14:05 BasePriority : Normal #:3 [winlogon.exe] FilePath : ??\C:\WINDOWS\SYSTEM32\ ProcessID : 520 ThreadCreationTime : 2007-10-11 10:14:06 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 564 ThreadCreationTime : 2007-10-11 10:14:06 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : System operacyjny Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Usługi i aplikacja Kontroler InternalName : services.exe LegalCopyright : © Microsoft Corporation. Wszelkie prawa zastrzeżone. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 576 ThreadCreationTime : 2007-10-11 10:14:06 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 728 ThreadCreationTime : 2007-10-11 10:14:07 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 784 ThreadCreationTime : 2007-10-11 10:14:07 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 852 ThreadCreationTime : 2007-10-11 10:14:07 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 892 ThreadCreationTime : 2007-10-11 10:14:07 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 952 ThreadCreationTime : 2007-10-11 10:14:08 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [aswupdsv.exe] FilePath : C:\Program Files\Alwil Software\Avast4\ ProcessID : 1044 ThreadCreationTime : 2007-10-11 10:14:08 BasePriority : Normal FileVersion : 4, 7, 1043, 0 ProductVersion : 4, 7, 0, 0 ProductName : avast! Antivirus CompanyName : ALWIL Software FileDescription : avast! Antivirus updating service InternalName : aswUpdSv.exe LegalCopyright : Copyright © 2007 ALWIL Software OriginalFilename : aswUpdSv.exe #:12 [ashserv.exe] FilePath : C:\Program Files\Alwil Software\Avast4\ ProcessID : 1108 ThreadCreationTime : 2007-10-11 10:14:08 BasePriority : High FileVersion : 4, 7, 1043, 0 ProductVersion : 4, 7, 0, 0 ProductName : avast! Antivirus CompanyName : ALWIL Software FileDescription : avast! antivirus service InternalName : aswServ LegalCopyright : Copyright © 2007 ALWIL Software OriginalFilename : aswServ.exe #:13 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1280 ThreadCreationTime : 2007-10-11 10:14:10 BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:14 [pastisvc.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1460 ThreadCreationTime : 2007-10-11 10:14:10 BasePriority : Normal #:15 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1484 ThreadCreationTime : 2007-10-11 10:14:10 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:16 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1508 ThreadCreationTime : 2007-10-11 10:14:10 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:17 [ashmaisv.exe] FilePath : C:\Program Files\Alwil Software\Avast4\ ProcessID : 1684 ThreadCreationTime : 2007-10-11 10:14:14 BasePriority : Normal #:18 [ashwebsv.exe] FilePath : C:\Program Files\Alwil Software\Avast4\ ProcessID : 1700 ThreadCreationTime : 2007-10-11 10:14:14 BasePriority : Normal #:19 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 204 ThreadCreationTime : 2007-10-11 10:14:26 BasePriority : Normal FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) ProductVersion : 6.00.2900.3156 ProductName : System operacyjny Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Eksplorator Windows InternalName : explorer LegalCopyright : © Microsoft Corporation. Wszelkie prawa zastrzeżone. OriginalFilename : EXPLORER.EXE #:20 [wgatray.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 248 ThreadCreationTime : 2007-10-11 10:14:27 BasePriority : Normal FileVersion : 1.5.0554.0 ProductVersion : 1.5.0554.0 ProductName : Windows Genuine Advantage CompanyName : Microsoft Corporation FileDescription : Windows Genuine Advantage Notification InternalName : WgaNotify LegalCopyright : © 1995-2006 Microsoft Corporation OriginalFilename : WgaTray.exe #:21 [hpwuschd.exe] FilePath : D:\Drukarka\HP Software Update\ ProcessID : 1040 ThreadCreationTime : 2007-10-11 10:14:39 BasePriority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : Hewlett-Packard hpwuSchd CompanyName : Hewlett-Packard FileDescription : hpwuSchd InternalName : hpwuSchd LegalCopyright : Copyright © 2003 OriginalFilename : hpwuSchd.exe #:22 [ashdisp.exe] FilePath : C:\PROGRA~1\ALWILS~1\Avast4\ ProcessID : 976 ThreadCreationTime : 2007-10-11 10:14:39 BasePriority : Normal FileVersion : 4, 7, 1043, 0 ProductVersion : 4, 7, 0, 0 ProductName : avast! Antivirus CompanyName : ALWIL Software FileDescription : avast! service GUI component InternalName : aswDisp LegalCopyright : Copyright © 2007 ALWIL Software OriginalFilename : aswDisp.exe #:23 [msmsgs.exe] FilePath : C:\Program Files\Messenger\ ProcessID : 1028 ThreadCreationTime : 2007-10-11 10:14:46 BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:24 [hpqtra08.exe] FilePath : D:\Drukarka\Digital Imaging\bin\ ProcessID : 2180 ThreadCreationTime : 2007-10-11 10:14:52 BasePriority : Normal FileVersion : 5.35.0.035 ProductVersion : 005.035.000.035 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP Digital Imaging Monitor (CUE) InternalName : HPQTRA00 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001 OriginalFilename : HPQTRA00.EXE Comments : HP Digital Imaging Monitor (CUE) #:25 [hpohmr08.exe] FilePath : D:\Drukarka\Digital Imaging\bin\ ProcessID : 2200 ThreadCreationTime : 2007-10-11 10:14:52 BasePriority : Normal FileVersion : 4.2.0.020 ProductVersion : 2.4.1.020 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet COM Device Objects InternalName : HPOHMR08 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001 OriginalFilename : HPOHMR08.EXE Comments : HP OfficeJet Series COM Device Objects #:26 [hpotdd01.exe] FilePath : D:\Drukarka\Digital Imaging\bin\ ProcessID : 2216 ThreadCreationTime : 2007-10-11 10:14:52 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Hewlett-Packard hpotdd01 CompanyName : Hewlett-Packard FileDescription : hpotdd01 InternalName : hpotdd01 LegalCopyright : Copyright © 2002 OriginalFilename : hpotdd01.exe #:27 [hpoevm08.exe] FilePath : D:\Drukarka\Digital Imaging\bin\ ProcessID : 2476 ThreadCreationTime : 2007-10-11 10:15:02 BasePriority : Normal FileVersion : 4.2.0.020 ProductVersion : 2.4.1.020 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet COM Event Manager InternalName : HPOEVM08 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001 OriginalFilename : HPOEVM08.EXE Comments : HP OfficeJet COM Event Manager #:28 [hposts08.exe] FilePath : D:\Drukarka\Digital Imaging\Bin\ ProcessID : 2624 ThreadCreationTime : 2007-10-11 10:15:05 BasePriority : Normal FileVersion : 4.2.0.020 ProductVersion : 2.4.1.020 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP OfficeJet Status InternalName : HPOSTS08 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001 OriginalFilename : HPOSTS08.EXE Comments : HP OfficeJet Status #:29 [acrord32.exe] FilePath : D:\KODEKI\Reader\ ProcessID : 2276 ThreadCreationTime : 2007-10-11 14:03:43 BasePriority : Normal FileVersion : 7.0.1.2005030700 ProductVersion : 7.0.1.2005030700 ProductName : Adobe Reader CompanyName : Adobe Systems Incorporated FileDescription : Adobe Reader 7.0 LegalCopyright : Copyright 1984-2005 Adobe Systems Incorporated and its licensors. All rights reserved. OriginalFilename : AcroRd32.exe #:30 [gg.exe] FilePath : D:\Gadu-Gadu\ ProcessID : 1448 ThreadCreationTime : 2007-10-11 18:51:14 BasePriority : Normal #:31 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ProcessID : 2420 ThreadCreationTime : 2007-10-11 19:01:58 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : System operacyjny Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. Wszelkie prawa zastrzeżone. OriginalFilename : IEXPLORE.EXE #:32 [ad-aware.exe] FilePath : D:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 3356 ThreadCreationTime : 2007-10-11 19:26:32 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 4 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Win32.Trojan.StartPage Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid{0eb00690-8fa1-11d3-96c7-829e3ea50c29} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 5 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistant.searchgateway.net Possible Browser Hijack attempt Object Recognized! Type : RegData Data : “http://www.searchgateway.net/search/ ” TAC Rating : 10 Category : Malware Comment : Possible Browser Hijack attempt Rootkey : HKEY_LOCAL_MACHINE Object : Software\Microsoft\Internet Explorer\Search Value : SearchAssistant Data : “http://www.searchgateway.net/search/ ” Possible Browser Hijack attempt : S-1-5-21-1202660629-1935655697-1417001333-1003\Software\Microsoft\Internet Explorer\MainSearch Page.searchgateway.net Possible Browser Hijack attempt Object Recognized! Type : RegData Data : “http://www.searchgateway.net/search/ ” TAC Rating : 10 Category : Malware Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : S-1-5-21-1202660629-1935655697-1417001333-1003\Software\Microsoft\Internet Explorer\Main Value : Search Page Data : “http://www.searchgateway.net/search/ ” Possible Browser Hijack attempt : S-1-5-21-1202660629-1935655697-1417001333-1003\Software\Microsoft\Internet Explorer\MainSearch Bar.searchgateway.net Possible Browser Hijack attempt Object Recognized! Type : RegData Data : “http://www.searchgateway.net/search/ ” TAC Rating : 10 Category : Malware Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : S-1-5-21-1202660629-1935655697-1417001333-1003\Software\Microsoft\Internet Explorer\Main Value : Search Bar Data : “http://www.searchgateway.net/search/ ” Possible Browser Hijack attempt : S-1-5-21-1202660629-1935655697-1417001333-1003\Software\Microsoft\Internet Explorer\SearchURL.searchgateway.net Possible Browser Hijack attempt Object Recognized! Type : RegData Data : “http://www.searchgateway.net/search/%s ” TAC Rating : 10 Category : Malware Comment : Possible Browser Hijack attempt Rootkey : HKEY_USERS Object : S-1-5-21-1202660629-1935655697-1417001333-1003\Software\Microsoft\Internet Explorer\SearchURL Value : Data : “http://www.searchgateway.net/search/%s ” Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 4 Objects found so far: 9 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : anna@tribalfusion[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:anna@tribalfusion.com / Expires : 2008-10-10 21:26:42 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : anna@please[3].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:anna@ad2.pl.mediainter.net /please/ Expires : 2008-09-08 21:02:50 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : anna@please[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:2 Value : Cookie:anna@ad2.eurobb.net /please/ Expires : 2008-09-08 18:20:24 LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking Cookie Object Recognized! Type : IECache Entry Data : anna@hit.gemius[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:108 Value : Cookie:anna@hit.gemius.pl/ Expires : 2013-04-02 21:03:10 LastSync : Hits:108 UseCount : 0 Hits : 108 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 4 Objects found so far: 13 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 13 Deep scanning and examining files (D:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 13 Scanning Hosts file… Hosts file location:“C:\WINDOWS\system32\drivers\etc\hosts”. »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 13 Performing conditional scans… »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 13 21:35:03 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:08:13.78 Objects scanned:150841 Objects identified:9 Objects ignored:0 New critical objects:9
i HJT log:
Logfile of HijackThis v1.99.1 Scan saved at 21:42:22, on 2007-10-11 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WgaTray.exe D:\Drukarka\HP Software Update\HPWuSchd.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe D:\Drukarka\Digital Imaging\bin\hpqtra08.exe D:\Drukarka\Digital Imaging\bin\hpohmr08.exe D:\Drukarka\Digital Imaging\bin\hpotdd01.exe D:\Drukarka\Digital Imaging\bin\hpoevm08.exe D:\Drukarka\Digital Imaging\Bin\hpoSTS08.exe D:\KODEKI\Reader\AcroRd32.exe D:\Gadu-Gadu\gg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\anna\Pulpit\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchgateway.net/search/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\KODEKI\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O4 - HKLM…\Run: [WireLessMouse] C:\Program Files\Multimedia Combo Set\MouseDrv.exe O4 - HKLM…\Run: [WireLessKeyboard] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [HP Software Update] “D:\Drukarka\HP Software Update\HPWuSchd.exe” O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [CreativeMouse] C:\Program Files\Mouse Driver\MouseDrv.exe O4 - HKCU…\Run: [NBJ] “D:\NERO\Nero BackItUp\NBJ.exe” O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Odkurzacz-MCD] D:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [OuterinfoUpdate] “C:\Program Files\Outerinfo\OuterinfoUpdate.exe” O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\KODEKI\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Drukarka\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O15 - Trusted Zone: http://www.mks.com.pl O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/ … uncher.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter: text/html - {0EB00690-8FA1-11D3-96C7-829E3EA50C29} - C:\WINDOWS\ftpsconfig.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
Gutek
(Gutek)
11 Październik 2007 22:42
#2
wpisy do kasacji przez HJt a plik i folder ręcznie usuń
Daj log z ComboFix
andziak25
(Andziak25)
12 Październik 2007 11:54
#3
Zapomniałam się i zrobiłam najpierw Combofix. A gdy robiłam potem HJT to tych błędnych wpisów już nie było. I ponownie Combofix.
Log z Combofix:
ComboFix 07-10-12.4 - anna 2007-10-12 13:46:57.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.285 [GMT 2:00] Running from: C:\Documents and Settings\anna\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-12 to 2007-10-12 ))))))))))))))))))))))))))))))) . 2007-10-12 13:34 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-11 11:55 2007-10-09 19:12 584,192 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-04 21:09 2007-10-04 20:30 2007-10-04 20:30 45,056 --a------ C:\WINDOWS\NCUNINST.EXE 2007-09-26 20:13 2007-09-26 20:12 327,168 --a------ C:\WINDOWS\IsUn0415.exe 2007-09-26 16:55 392,704 --a------ C:\WINDOWS\ftpsconfig.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-12 11:46 --------- d-----w C:\Documents and Settings\anna\Dane aplikacji\Skype 2007-10-11 20:11 --------- d-----w C:\Documents and Settings\anna\Dane aplikacji\PlayFirst 2007-10-11 18:04 --------- d-----w C:\Documents and Settings\anna\Dane aplikacji\Wildfire 2007-10-11 10:12 --------- d-----w C:\Program Files\Multimedia Combo Set 2007-10-11 09:55 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-05 11:27 724,992 ----a-w C:\WINDOWS\iun6002.exe 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-09-04 11:08 --------- d-----w C:\Documents and Settings\anna\Dane aplikacji\Chocolate Castle 2007-08-28 16:59 --------- d-----w C:\Program Files\Skype 2007-08-28 16:59 --------- d-----w C:\Program Files\Common Files\Skype 2007-08-28 16:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-08-26 13:32 --------- d-----w C:\Program Files\DivX 2007-08-22 17:27 248 ----a-w C:\Documents and Settings\anna\score.dat 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-15 15:37 --------- d-----w C:\Program Files\MSXML 4.0 2007-08-14 15:54 --------- d-----w C:\Documents and Settings\anna\Dane aplikacji\INTERIAPL 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-26 23:06 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-07-26 23:06 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-07-26 23:06 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-07-26 23:06 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-07-26 23:06 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-07-26 23:06 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-07-26 23:06 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-07-26 23:06 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-07-26 23:03 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-07-26 23:03 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-07-26 23:03 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-07-26 23:03 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-07-26 23:03 740,442 ----a-w C:\WINDOWS\system32\DivX.dll 2007-07-26 23:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-07-26 23:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-07-26 23:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-07-26 23:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-07-26 23:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-07-26 23:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-07-26 23:03 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-07-26 23:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-05-04 19:29 47,360 ----a-w C:\Documents and Settings\anna\Dane aplikacji\pcouffin.sys 2006-09-28 19:28 774,144 ----a-w C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((( snapshot@2007-10-12_13.38.42.90 ))))))))))))))))))))))))))))))))))))))))) . - 2007-03-25 15:11:06 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-10-12 11:41:44 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-03-25 15:11:06 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat + 2007-10-12 11:41:44 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat - 2007-03-25 15:11:06 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-10-12 11:41:44 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-03-25 15:11:06 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat + 2007-10-12 11:41:44 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WireLessMouse "=“C:\Program Files\Multimedia Combo Set\MouseDrv.exe” [2004-06-27 15:38] "WireLessKeyboard "=“C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe” [2007-10-11 16:10] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50] “HP Software Update”=“D:\Drukarka\HP Software Update\HPWuSchd.exe” [2003-08-04 17:28] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 12:06] "CreativeMouse "=“C:\Program Files\Mouse Driver\MouseDrv.exe” [2007-10-11 16:09] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NBJ”=“D:\NERO\Nero BackItUp\NBJ.exe” [2005-04-08 19:43] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24] “Odkurzacz-MCD”=“D:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-08-17 03:45] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - D:\KODEKI\Reader\reader_sl.exe [2004-12-14 14:44:06] HP Digital Imaging Monitor.lnk - D:\Drukarka\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24] hp psc 1000 series.lnk - D:\Drukarka\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18] hpoddt01.exe.lnk - D:\Drukarka\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58] SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @=“Driver Group” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @=“Driver” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E967-E325-11CE-BFC1-08002BE10318}] @=“DiskDrive” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96A-E325-11CE-BFC1-08002BE10318}] @=“Hdc” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96B-E325-11CE-BFC1-08002BE10318}] @=“Keyboard” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96F-E325-11CE-BFC1-08002BE10318}] @=“Mouse” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E97D-E325-11CE-BFC1-08002BE10318}] @=“System” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @=“Volume” R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys . Contents of the ‘Scheduled Tasks’ folder “2006-10-13 18:45:34 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard #hp psc 1200 series#1135877353.job” - D:\Drukarka\Digital Imaging\Bin\hpqfrucl.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-12 13:48:14 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-12 13:49:12 C:\ComboFix2.txt … 2007-10-12 13:39 . — E O F —
i nowy log z HJT:
Logfile of HijackThis v1.99.1 Scan saved at 13:42:40, on 2007-10-12 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Multimedia Combo Set\MouseDrv.exe C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe D:\Drukarka\HP Software Update\HPWuSchd.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe D:\KODEKI\Reader\reader_sl.exe D:\Drukarka\Digital Imaging\bin\hpqtra08.exe D:\Drukarka\Digital Imaging\bin\hpohmr08.exe D:\Drukarka\Digital Imaging\bin\hpotdd01.exe D:\Drukarka\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\wuauclt.exe D:\Drukarka\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\WgaTray.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\anna\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\KODEKI\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O4 - HKLM…\Run: [WireLessMouse] C:\Program Files\Multimedia Combo Set\MouseDrv.exe O4 - HKLM…\Run: [WireLessKeyboard] C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [HP Software Update] “D:\Drukarka\HP Software Update\HPWuSchd.exe” O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [CreativeMouse] C:\Program Files\Mouse Driver\MouseDrv.exe O4 - HKCU…\Run: [NBJ] “D:\NERO\Nero BackItUp\NBJ.exe” O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Odkurzacz-MCD] D:\Program Files\Odkurzacz\odk_mcd.exe O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\KODEKI\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Drukarka\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O15 - Trusted Zone: http://www.mks.com.pl O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/ … uncher.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
jessica
(jessica)
14 Październik 2007 08:45
#4
Wklej do Notatnika :
File::
C:\WINDOWS\ftpsconfig.dll
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Masz uszkodzony Tryb Awaryjny.
.
Daj jeszcze raz log z ComboFixa.
jessi
andziak25
(Andziak25)
14 Październik 2007 15:25
#5
Log z Combofix
ComboFix 07-10-12.4 - anna 2007-10-14 17:11:54.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.260 [GMT 2:00] Running from: C:\Documents and Settings\anna\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\anna\Pulpit\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 ))))))))))))))))))))))))))))))) . 2007-10-12 13:34 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-11 11:55 2007-10-09 19:12 584,192 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-04 20:30 2007-10-04 20:30 45,056 --a------ C:\WINDOWS\NCUNINST.EXE 2007-09-26 20:13 2007-09-26 20:12 327,168 --a------ C:\WINDOWS\IsUn0415.exe 2007-09-26 16:55 392,704 --a------ C:\WINDOWS\ftpsconfig.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-14 15:06 --------- d-----w C:\Documents and Settings\anna\Dane aplikacji\Skype 2007-10-13 20:22 --------- d-----w C:\Documents and Settings\anna\Dane aplikacji\Wildfire 2007-10-12 15:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2007-10-11 20:11 --------- d-----w C:\Documents and Settings\anna\Dane aplikacji\PlayFirst 2007-10-11 10:12 --------- d-----w C:\Program Files\Multimedia Combo Set 2007-10-11 09:55 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-05 11:27 724,992 ----a-w C:\WINDOWS\iun6002.exe 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-28 16:59 --------- d-----w C:\Program Files\Skype 2007-08-28 16:59 --------- d-----w C:\Program Files\Common Files\Skype 2007-08-28 16:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-08-26 13:32 --------- d-----w C:\Program Files\DivX 2007-08-22 17:27 248 ----a-w C:\Documents and Settings\anna\score.dat 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-14 15:54 --------- d-----w C:\Documents and Settings\anna\Dane aplikacji\INTERIAPL 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-26 23:06 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-07-26 23:06 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-07-26 23:06 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-07-26 23:06 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-07-26 23:06 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-07-26 23:06 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-07-26 23:06 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-07-26 23:06 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-07-26 23:03 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-07-26 23:03 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-07-26 23:03 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-07-26 23:03 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-07-26 23:03 740,442 ----a-w C:\WINDOWS\system32\DivX.dll 2007-07-26 23:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-07-26 23:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-07-26 23:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-07-26 23:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-07-26 23:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-07-26 23:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-07-26 23:03 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-07-26 23:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-05-04 19:29 47,360 ----a-w C:\Documents and Settings\anna\Dane aplikacji\pcouffin.sys 2006-09-28 19:28 774,144 ----a-w C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((( snapshot@2007-10-12_13.38.42.90 ))))))))))))))))))))))))))))))))))))))))) . - 2007-03-25 15:11:06 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat + 2007-10-12 11:41:44 52,764 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-03-25 15:11:06 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat + 2007-10-12 11:41:44 67,078 ----a-w C:\WINDOWS\system32\perfc015.dat - 2007-03-25 15:11:06 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat + 2007-10-12 11:41:44 380,350 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-03-25 15:11:06 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat + 2007-10-12 11:41:44 435,978 ----a-w C:\WINDOWS\system32\perfh015.dat + 2007-10-14 14:59:59 16,384 ------w C:\WINDOWS\Temp\Perflib_Perfdata_460.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WireLessMouse "=“C:\Program Files\Multimedia Combo Set\MouseDrv.exe” [2004-06-27 15:38] "WireLessKeyboard "=“C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe” [2007-10-11 16:10] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50] “HP Software Update”=“D:\Drukarka\HP Software Update\HPWuSchd.exe” [2003-08-04 17:28] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 12:06] "CreativeMouse "=“C:\Program Files\Mouse Driver\MouseDrv.exe” [2007-10-11 16:09] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NBJ”=“D:\NERO\Nero BackItUp\NBJ.exe” [2005-04-08 19:43] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24] “Odkurzacz-MCD”=“D:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-08-17 03:45] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - D:\KODEKI\Reader\reader_sl.exe [2004-12-14 14:44:06] HP Digital Imaging Monitor.lnk - D:\Drukarka\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24] hp psc 1000 series.lnk - D:\Drukarka\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18] hpoddt01.exe.lnk - D:\Drukarka\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58] SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @=“Driver Group” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @=“Driver” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E967-E325-11CE-BFC1-08002BE10318}] @=“DiskDrive” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96A-E325-11CE-BFC1-08002BE10318}] @=“Hdc” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96B-E325-11CE-BFC1-08002BE10318}] @=“Keyboard” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E96F-E325-11CE-BFC1-08002BE10318}] @=“Mouse” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{4D36E97D-E325-11CE-BFC1-08002BE10318}] @=“System” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @=“Volume” R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys . Contents of the ‘Scheduled Tasks’ folder “2006-10-13 18:45:34 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard #hp psc 1200 series#1135877353.job” - D:\Drukarka\Digital Imaging\Bin\hpqfrucl.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-14 17:13:09 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … ************************************************************************** . Completion time: 2007-10-14 17:14:12 . — E O F —
a po użyciu programu do naprawy trybu awaryjnego wyskoczył tylko log
jessica
(jessica)
14 Październik 2007 15:47
#6
Tryb Awaryjny naprawiony prawidłowo.
To jednak dalej siedzi.
Jeśli nie masz jakiegoś narzędzia usuwającego, to ściągnij OTMoveIt
Do pola Paste List of Files/Folders to be Moved wklej poniższe ścieżki:
Następnie wciśnij przycisk MoveIt !
Pojawi się komunikat, że jest potrzebny restart do usunięcia podanych plików/folderów- wciśnij Yes .
Po restarcie usuń ręcznie folder C:* * _OTMoveIt** (Prawoklik >>> Usuń >>> Opróżnij Kosz).
I daj nowy log z ComboFixa, by zobaczyć, czy tym razem udało się to usunąć.
jessi
andziak25
(Andziak25)
14 Październik 2007 16:22
#7
Niby się usunęło, nie było komunikatu o restarcie ale zrestartowałam.
Podczas skanowania Combofixem wyskoczył mi komunikat, ze wystąpił problem z aplikacją sed.cfexe i zostanie ona zamknięta. I działał dalej.
Oto log:
ComboFix 07-10-12.4 - anna 2007-10-14 18:13:20.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.312 [GMT 2:00] Running from: C:\Documents and Settings\anna\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-09-14 to 2007-10-14 ))))))))))))))))))))))))))))))) . 2007-10-12 13:34 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-11 11:55 2007-10-09 19:12 584,192 -----c— C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-04 20:30 2007-10-04 20:30 45,056 --a------ C:\WINDOWS\NCUNINST.EXE 2007-09-26 20:13 2007-09-26 20:12 327,168 --a------ C:\WINDOWS\IsUn0415.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-14 16:12 --------- d-----w C:\Documents and Settings\anna\Dane aplikacji\Skype 2007-10-13 20:22 --------- d-----w C:\Documents and Settings\anna\Dane aplikacji\Wildfire 2007-10-12 15:05 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2007-10-11 20:11 --------- d-----w C:\Documents and Settings\anna\Dane aplikacji\PlayFirst 2007-10-11 10:12 --------- d-----w C:\Program Files\Multimedia Combo Set 2007-10-11 09:55 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-05 11:27 724,992 ----a-w C:\WINDOWS\iun6002.exe 2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-09-06 10:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-09-06 10:05 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-09-06 10:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-09-06 10:02 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-09-06 10:00 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-08-28 16:59 --------- d-----w C:\Program Files\Skype 2007-08-28 16:59 --------- d-----w C:\Program Files\Common Files\Skype 2007-08-28 16:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype 2007-08-26 13:32 --------- d-----w C:\Program Files\DivX 2007-08-22 17:27 248 ----a-w C:\Documents and Settings\anna\score.dat 2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-08-14 15:54 --------- d-----w C:\Documents and Settings\anna\Dane aplikacji\INTERIAPL 2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll 2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll 2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe 2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll 2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll 2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll 2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll 2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll 2007-07-26 23:06 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-07-26 23:06 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-07-26 23:06 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-07-26 23:06 144,704 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-07-26 23:06 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-07-26 23:06 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-07-26 23:06 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-07-26 23:06 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-07-26 23:03 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-07-26 23:03 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-07-26 23:03 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-07-26 23:03 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-07-26 23:03 740,442 ----a-w C:\WINDOWS\system32\DivX.dll 2007-07-26 23:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-07-26 23:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-07-26 23:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-07-26 23:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-07-26 23:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-07-26 23:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-07-26 23:03 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-07-26 23:03 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2007-05-04 19:29 47,360 ----a-w C:\Documents and Settings\anna\Dane aplikacji\pcouffin.sys 2006-09-28 19:28 774,144 ----a-w C:\Program Files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WireLessMouse "=“C:\Program Files\Multimedia Combo Set\MouseDrv.exe” [2004-06-27 15:38] "WireLessKeyboard "=“C:\Program Files\Multimedia Combo Set\PS2USBKbdDrv.exe” [2007-10-11 16:10] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 12:50] “HP Software Update”=“D:\Drukarka\HP Software Update\HPWuSchd.exe” [2003-08-04 17:28] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 12:06] "CreativeMouse "=“C:\Program Files\Mouse Driver\MouseDrv.exe” [2007-10-11 16:09] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “NBJ”=“D:\NERO\Nero BackItUp\NBJ.exe” [2005-04-08 19:43] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 18:24] “Odkurzacz-MCD”=“D:\Program Files\Odkurzacz\odk_mcd.exe” [2007-05-03 10:02] “Skype”=“C:\Program Files\Skype\Phone\Skype.exe” [2007-08-17 03:45] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - D:\KODEKI\Reader\reader_sl.exe [2004-12-14 14:44:06] HP Digital Imaging Monitor.lnk - D:\Drukarka\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24] hp psc 1000 series.lnk - D:\Drukarka\Digital Imaging\bin\hpohmr08.exe [2003-04-06 02:17:18] hpoddt01.exe.lnk - D:\Drukarka\Digital Imaging\bin\hpotdd01.exe [2003-04-06 02:06:58] R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys . Contents of the ‘Scheduled Tasks’ folder “2006-10-13 18:45:34 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard #hp psc 1200 series#1135877353.job” - D:\Drukarka\Digital Imaging\Bin\hpqfrucl.exe . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-14 18:15:01 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-14 18:15:57 C:\ComboFix2.txt … 2007-10-14 17:14 . — E O F —
jessica
(jessica)
14 Październik 2007 16:30
#8
Tak, teraz już nie ma tego.
jessi