Powolny internet pomocy

(Michalbiedrawa) #1

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:02, on 2008-06-25

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode with network support

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\Explorer.EXE

E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

E:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - E:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: (no name) - {500DBD6E-6D95-4106-B9A2-DDDCCB2B30D1} - E:\WINDOWS\system32\vtuTjgGY.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {CDCD213B-AC62-4284-BCD4-2A5564C64F01} - E:\WINDOWS\system32\fccaYonO.dll

O4 - HKLM…\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [bMcfda54ca] Rundll32.exe “E:\WINDOWS\system32\vapsinvs.dll”,s

O4 - HKLM…\Run: [447cf1de] rundll32.exe “E:\WINDOWS\system32\gwcstuse.dll”,b

O4 - HKCU…\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE

O4 - HKCU…\RunOnce: [NeroHomeFirstStart] E:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Common\Bin\WinCinemaMgr.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll

O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll (file missing)

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O20 - Winlogon Notify: vtuTjgGY - E:\WINDOWS\SYSTEM32\vtuTjgGY.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Capture Device Service - InterVideo Inc. - E:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe

End of file - 4768 bytes

Wpisy zaznaczone na czerwono nie dają się usunąc

(Spandau) #2

Usuń te wpisy w HJT

Pobierz Combofixale nie uruchamiaj wklej do notatnika:

Zapisz plik jako CFScript.txt najlepiej aby ikonka tego pliku znajdowała się obok ikonki ComboFix.exe

Przeciągnij i upuść plik CFScript.txt na ikonkę ComboFix.exe powinno rozpocząć się usuwanie po tym log na forum

Po tym usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Wykonaj proszę przede wszystkim drugą cześć instrukcji z Combofix.

(Michalbiedrawa) #3

ComboFix 08-06-20.4 - Administrator 2008-06-25 14:30:51.2 - NTFSx86 NETWORK

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.356 [GMT 2:00]

Running from: E:\Documents and Settings\Administrator\Pulpit\ComboFix.exe

Command switches used :: E:\Documents and Settings\Administrator\Pulpit\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

E:\WINDOWS\BMcfda54ca.xml

E:\WINDOWS\pskt.ini

E:\WINDOWS\system32\esutscwg.ini

E:\WINDOWS\system32\fccaYonO.dll

E:\WINDOWS\system32\OnoYaccf.ini

E:\WINDOWS\system32\OnoYaccf.ini2

.

((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))

.

2008-06-25 14:12 . 2008-06-25 14:12

2008-06-25 13:24 . 2008-06-25 13:24 81,920 --a------ E:\WINDOWS\system32\gwcstuse.dll

2008-06-25 13:23 . 2008-06-25 13:23 40,960 --a------ E:\WINDOWS\system32\escufvdo.dll

2008-06-25 13:22 . 2008-06-25 13:22 91,136 --a------ E:\WINDOWS\system32\vapsinvs.dll

2008-06-25 05:01 . 2008-06-25 05:01 81,920 --a------ E:\WINDOWS\system32\eusmbdsb.dll

2008-06-25 04:58 . 2008-06-25 04:58 91,136 --a------ E:\WINDOWS\system32\wuhffadu.dll

2008-06-24 18:21 . 2008-06-24 18:21

2008-06-24 17:58 . 2008-06-24 17:58

2008-06-24 17:55 . 2008-06-25 14:33

2008-06-24 17:55 . 2007-10-17 15:51

2008-06-24 17:55 . 2007-10-17 13:58

2008-06-24 17:55 . 2008-06-25 14:30

2008-06-24 17:55 . 2008-06-25 14:25

2008-06-24 17:55 . 2007-10-17 15:51

2008-06-24 17:55 . 2008-06-25 14:12

2008-06-24 17:55 . 2008-06-24 17:55

2008-06-24 16:50 . 2008-06-24 16:50

2008-06-24 16:50 . 2008-06-24 17:52 94,208 --a------ E:\WINDOWS\system32\pphc1opj0ep83.exe

2008-06-24 16:47 . 2008-06-24 16:47 109,056 --a------ E:\WINDOWS\system32\lkaje3ewrkj.exe

2008-06-24 16:47 . 2008-06-24 16:47 25,600 --a------ E:\WINDOWS\system32\vtuTjgGY.dll

2008-06-24 16:46 . 63,920 E:\WINDOWS\system32\drivers\59631364.sys

2008-06-24 16:43 . 2008-06-24 16:47 109,056 --a------ E:\WINDOWS\system32\lphc1opj0ep83.exe

2008-06-24 16:43 . 2008-06-24 18:02 90,838 --a------ E:\WINDOWS\system32\phc1opj0ep83.bmp

2008-06-24 16:43 . 2008-06-24 18:02 60,928 --a------ E:\WINDOWS\system32\blphc1opj0ep83.scr

2008-06-24 16:43 . 2008-06-24 16:43 45,056 --a------ E:\WINDOWS\system32\sndcom.dll

2008-06-24 16:43 . 2008-06-24 16:47 14,336 --a------ E:\WINDOWS\system32\ldskjf2w.exe

2008-06-24 16:42 . 63,920 E:\WINDOWS\system32\drivers\b05dc26d.sys

2008-06-24 16:41 . 2008-06-24 16:46 45,056 --a------ E:\WINDOWS\system32\bsndcom.dll

2008-06-11 15:30 . 2008-06-14 20:01 273,024 --------- E:\WINDOWS\system32\drivers\bthport.sys

2008-06-11 15:30 . 2008-06-14 20:01 273,024 -----c— E:\WINDOWS\system32\dllcache\bthport.sys

2008-05-29 11:52 . 2008-05-29 11:52

2008-05-29 10:00 . 2008-05-29 10:00

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-24 19:14 --------- d-----w E:\Program Files\Share_Accelerator_MM

2008-06-24 19:14 --------- d-----w E:\Program Files\Google

2008-06-24 19:14 --------- d-----w E:\Program Files\free-downloads.net

2008-06-05 04:18 --------- d-----w E:\Program Files\RegClean

2008-06-05 04:18 --------- d-----w E:\Documents and Settings\Domeczek\Dane aplikacji\RegClean

2008-06-04 13:04 --------- d-----w E:\Documents and Settings\Domeczek\Dane aplikacji\gtk-2.0

2008-05-11 13:24 --------- d-----w E:\Program Files\Gadu-Gadu

2008-05-08 12:28 202,752 ----a-w E:\WINDOWS\system32\drivers\rmcast.sys

2008-05-04 14:35 --------- d-----w E:\Program Files\GIMP-2.0

.

((((((((((((((((((((((((((((( snapshot@2008-06-25_ 6.58.52,37 )))))))))))))))))))))))))))))))))))))))))

.

  • 2008-06-25 04:53:02 2,048 --s-a-w E:\WINDOWS\bootstat.dat
  • 2008-06-25 12:35:20 2,048 --s-a-w E:\WINDOWS\bootstat.dat

  • 2008-06-25 12:35:45 16,384 ----atw E:\WINDOWS\TEMP\Perflib_Perfdata_558.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2007-10-04 22:06 1135968 --a------ E:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{500DBD6E-6D95-4106-B9A2-DDDCCB2B30D1}]

2008-06-24 16:47 25600 --a------ E:\WINDOWS\system32\vtuTjgGY.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= E:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“BitComet”=“D:\Program Files\BitComet\BitComet.exe” [2007-11-07 17:06 1881400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“avast!”=“E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-16 01:19 79224]

“447cf1de”=“E:\WINDOWS\system32\gwcstuse.dll” [2008-06-25 13:24 81920]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“E:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]

E:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

InterVideo WinCinema Manager.lnk - D:\Common\Bin\WinCinemaMgr.exe [2008-01-07 21:28:24 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“DisableLockWorkstation”= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

“WRP”= 0 (0x0)

“DisableChangePassword”= 0 (0x0)

“DisableLockWorkstation”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

“NoLogoff”= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“NoLogoff”= 0 (0x0)

“NoViewOnDrive”= 0 (0x0)

“NoDesktopUpdate”= 0 (0x0)

“NoCloseDragDropBands”= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

“{500DBD6E-6D95-4106-B9A2-DDDCCB2B30D1}”= E:\WINDOWS\system32\vtuTjgGY.dll [2008-06-24 16:47 25600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuTjgGY]

vtuTjgGY.dll 2008-06-24 16:47 25600 E:\WINDOWS\system32\vtuTjgGY.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusOverride”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“E:\Program Files\Gadu-Gadu\gg.exe”=

“D:\GRY\Medal Of Honor\MOHAA.exe”=

“E:\Program Files\The All-Seeing Eye\eye.exe”=

“D:\Program Files\BitComet\BitComet.exe”=

“C:\Gry\Call of Duty\CoDMP.exe”=

“C:\Gry\Call of Duty\CoDUOMP.exe”=

“C:\EMULE\emule.exe”=

“D:\Program Files\BitComet\plugin_emule\plugin_eMule.exe”=

“D:\Program Files\WinDVD.exe”=

“D:\GRY\Call Of Duty 2\CoD2MP_s.exe”=

“D:\GRY\Medal Of Honor\moh_spearhead.exe”=

“D:\GRY\Medal Of Honor\moh_Breakthrough.exe”=

“E:\Program Files\Zapu\Zapu\wDivi.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“7464:TCP”= 7464:TCP:BitComet 7464 TCP(ED2K)

“7464:UDP”= 7464:UDP:BitComet 7464 UDP(ED2K)

“15119:TCP”= 15119:TCP:BitComet 15119 TCP

“15119:UDP”= 15119:UDP:BitComet 15119 UDP

“9821:TCP”= 9821:TCP:BitComet 9821 TCP

“9821:UDP”= 9821:UDP:BitComet 9821 UDP

“20417:TCP”= 20417:TCP:BitComet 20417 TCP(ED2K)

“20417:UDP”= 20417:UDP:BitComet 20417 UDP(ED2K)

R0 AFPAnsi;G-DATA Hidder Ansi;E:\WINDOWS\system32\Drivers\AFPAnsi.sys [2002-10-09 16:53]

R1 aswSP;avast! Self Protection;E:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]

R1 GLogin;GLogin;E:\WINDOWS\system32\drivers\GLogin.sys [2007-06-14 15:14]

R2 aswFsBlk;aswFsBlk;E:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

S3 FGUARD32;FGUARD32;E:\Program Files\Folder Guard 32-bit\FGUARD32.SYS [2008-01-05 01:00]

S3 usbscan;Sterownik skanera USB;E:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

S3 USBSTOR;Sterownik magazynu masowego USB;E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{8e8db9bd-7ee8-11dc-b8c2-000b6a65207c}]

\Shell\AutoRun\command - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

.

Contents of the ‘Scheduled Tasks’ folder

“2008-06-25 01:30:04 E:\WINDOWS\Tasks\RegClean Scheduled Scan.job”

  • E:\Program Files\RegClean\RegClean.ex

  • E:\Program Files\RegClean

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-25 14:36:24

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: E:\WINDOWS\explorer.exe

  • E:\WINDOWS\system32\gwcstuse.dll

  • E:\WINDOWS\system32\vapsinvs.dll

.

------------------------ Other Running Processes ------------------------

.

E:\WINDOWS\system32\ati2evxx.exe

E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

E:\Program Files\Alwil Software\Avast4\ashServ.exe

E:\WINDOWS\system32\ati2evxx.exe

E:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe

E:\WINDOWS\system32\PnkBstrA.exe

E:\WINDOWS\system32\PnkBstrB.exe

E:\Program Files\Alwil Software\Avast4\ashWebSv.exe

E:\WINDOWS\system32\rundll32.exe

E:\WINDOWS\system32\rundll32.exe

.

**************************************************************************

.

Completion time: 2008-06-25 14:39:58 - machine was rebooted [Domeczek]

ComboFix-quarantined-files.txt 2008-06-25 12:39:50

ComboFix2.txt 2008-06-25 04:59:44

Pre-Run: 1,839,411,200 bajtów wolnych

Post-Run: 1,290,498,048 bajt˘w wolnych

186 — E O F — 2008-06-20 09:19:00

W dniu 25.06.2008 , o godzinie 14:51 został dopisany post przez PaticPL

Pisało mi coś o pasożycie Rootkin

(huber2t) #4

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

E:\WINDOWS\system32\gwcstuse.dll

E:\WINDOWS\system32\escufvdo.dll

E:\WINDOWS\system32\vapsinvs.dll

E:\WINDOWS\system32\eusmbdsb.dll

E:\WINDOWS\system32\wuhffadu.dll

E:\WINDOWS\system32\pphc1opj0ep83.exe

E:\WINDOWS\system32\lkaje3ewrkj.exe

E:\WINDOWS\system32\vtuTjgGY.dll

E:\WINDOWS\system32\lphc1opj0ep83.exe

E:\WINDOWS\system32\phc1opj0ep83.bmp

E:\WINDOWS\system32\blphc1opj0ep83.scr

E:\WINDOWS\system32\sndcom.dll

E:\WINDOWS\system32\ldskjf2w.exe

E:\WINDOWS\system32\drivers\b05dc26d.sys


Folder::

E:\Documents and Settings\Domeczek\Dane aplikacji\rhc5opj0ep83


Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{500DBD6E-6D95-4106-B9A2-DDDCCB2B30D1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"447cf1de"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuTjgGY]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e8db9bd-7ee8-11dc-b8c2-000b6a65207c}]

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://www.wklej.org a w poście dajesz tylko link

(Michalbiedrawa) #5

http://www.wklej.org/id/c075eca8e3

Wyskakuje mi też komunikat żę mam zarażony plik E:\WINDOWS\system32\drivers\59631364.sys ale nie dam rady go usunąć

W dniu 26.06.2008 , o godzinie 6:42 został dopisany post przez PaticPL

http://www.wklej.org/id/c075eca8e3

Wyskakuje mi też komunikat żę mam zarażony plik E:\WINDOWS\system32\drivers\59631364.sys ale nie dam rady go usunąć

(huber2t) #6

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

E:\WINDOWS\system32\drivers\59631364.sys

E:\WINDOWS\system32\esutscwg.ini


Folder::

E:\Documents and Settings\Administrator\Dane aplikacji\rhc5opj0ep83

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://www.wklej.org a w poście dajesz tylko link

(Michalbiedrawa) #7

Wszystko juz smiga dobrze. Wielkie dzieki za pomoc

(huber2t) #8

Daj log z usuwania z combofix