pavel14
(Kajko14)
17 Grudzień 2007 22:38
#1
Witam. Ostatnio dostałem wirem, który uwalał zaporę WINdy. Poradziłem sobie z tym, ale coś chyba jednak zostało (albo coś się wprosiło innego) i mam problem z instalowaniem programów. Mianowicie błąd “dpinst.exe”. Wystawiam logi z Hijack-a i proszę o analizę.
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:24:47, on 2007-12-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe D:\Programy\ABBYY FineReader 9.0\NetworkLicenseServer.exe C:\Program Files\AOL\Active Virus Shield\avp.exe c:\usr\MYSQL\bin\mysqld.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SysInfoMyWork\SysInfoMyWork.exe C:\Program Files\Total Cmd\TOTALCMD.EXE C:\Program Files\Winamp\winamp.exe D:\Programy\Mozilla Firefox\firefox.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Documents and Settings\Pavel\Pulpit\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {645af146-1dd2-11b2-b2bb-8782910e93a0} - C:\WINDOWS\bsjsxyxy.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: (no name) - {257F0149-3042-4F1E-97A1-7602460E97EE} - (no file) O4 - HKLM…\Run: [aol] “C:\Program Files\AOL\Active Virus Shield\avp.exe” O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\RunOnce: [PCSuite.exe] D:\Programy\Nokia\Nokia PC Suite 6\PCSuite.exe -onlytray O4 - HKCU…\RunOnce: [PcSync2.exe] D:\Programy\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU…\RunOnce: [GetConnected.exe] D:\Programy\Nokia\Nokia PC Suite 6\GetConnected.exe /instsupp O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O4 - Startup: SysInfoMyWork.lnk = C:\Program Files\SysInfoMyWork\SysInfoMyWork.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda … 5287745796 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: xcvwer - {8F7656AC-31AE-4391-8009-3BAFD93EC15C} - (no file) O21 - SSODL: hjoqor - {B077C16A-4A4C-4550-931E-526297F9FB69} - (no file) O23 - Service: Usługa licencjonowania programu ABBYY FineReader 9.0 (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - D:\Programy\ABBYY FineReader 9.0\NetworkLicenseServer.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe (file missing) O23 - Service: MySql - Unknown owner - c:\usr/MYSQL/bin/mysqld.exe O23 - Service: NBService - Nero AG - D:\Programy\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe – End of file - 6049 bytes
Gutek
(Gutek)
17 Grudzień 2007 22:43
#2
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2 O2 - BHO: (no name) - {645af146-1dd2-11b2-b2bb-8782910e93a0} - C:\WINDOWS\bsjsxyxy.dll O21 - SSODL: xcvwer - {8F7656AC-31AE-4391-8009-3BAFD93EC15C} - (no file) O21 - SSODL: hjoqor - {B077C16A-4A4C-4550-931E-526297F9FB69} - (no file)
usuń wpisy HJT
Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym - Daj log z ComboFix
pavel14
(Kajko14)
17 Grudzień 2007 23:42
#3
Załączam logi z ComboFixa po zastosowaniu SmitFraudFix .
ComboFix 07-12-17.1 - Pavel 2007-12-18 0:29:30.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.560 [GMT 1:00] Running from: C:\Documents and Settings\Pavel\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-17 to 2007-12-17 ))))))))))))))))))))))))))))))) . 2007-12-18 00:22 . 2007-12-18 00:22 1,370 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-17 23:09 . 2007-12-17 23:09 2007-12-17 23:09 . 2007-12-17 23:09 2007-12-17 23:07 . 2007-12-17 23:07 2007-12-17 22:59 . 2007-12-17 23:02 2007-12-16 10:17 . 2007-12-16 10:17 2007-12-16 09:36 . 2007-12-16 09:36 2007-12-16 09:32 . 2007-12-16 10:50 2007-12-16 09:32 . 2006-12-30 18:51 2007-12-16 09:32 . 2006-12-30 18:53 2007-12-16 09:32 . 2007-12-18 00:19 2007-12-16 09:32 . 2007-12-16 10:29 2007-12-16 09:32 . 2006-12-30 18:51 2007-12-16 09:32 . 2007-12-18 00:13 2007-12-13 19:29 . 2007-12-16 23:42 2007-12-13 19:29 . 2007-12-13 19:29 2007-12-01 21:49 . 2007-12-01 21:52 831 --a------ C:\WINDOWS\QIII.INI 2007-11-28 23:32 . 2007-11-28 23:32 2007-11-28 23:23 . 2007-11-28 23:35 2007-11-24 11:46 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll 2007-11-24 11:46 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll 2007-11-24 11:46 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll 2007-11-24 11:46 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll 2007-11-24 11:46 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll 2007-11-24 11:46 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll 2007-11-24 11:46 . 2007-06-20 20:46 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll 2007-11-24 11:46 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll 2007-11-24 11:46 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll 2007-11-24 11:46 . 2007-06-20 20:45 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll 2007-11-24 11:45 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2007-11-24 11:45 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll 2007-11-23 23:40 . 2007-11-23 23:40 38 --a------ C:\WINDOWS\avisplitter.INI . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-17 23:32 1,108,256 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-12-17 23:31 33,601,824 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-17 23:26 --------- d-----w C:\Documents and Settings\Pavel\Dane aplikacji\Nokia 2007-12-17 23:07 452,972 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-17 23:07 106,892 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-12-16 10:08 --------- d-----w C:\Documents and Settings\Pavel\Dane aplikacji\ViStart 2007-12-15 21:25 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-12-14 22:29 --------- d-----w C:\Documents and Settings\Pavel\Dane aplikacji\Skype 2007-12-06 20:57 --------- d-----w C:\Documents and Settings\Pavel\Dane aplikacji\OpenOffice.org2 2007-12-02 21:31 --------- d-----w C:\Documents and Settings\Pavel\Dane aplikacji\Notepad++ 2007-11-23 21:43 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-21 18:50 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Microsoft Help 2007-11-15 22:19 --------- d-----w C:\Program Files\Java 2007-11-15 21:44 --------- d-----w C:\Program Files\Desktop 2007-11-14 20:01 --------- d-----w C:\Documents and Settings\Pavel\Dane aplikacji\Nokia Multimedia Player 2007-11-14 19:57 --------- d-----w C:\Documents and Settings\Pavel\Dane aplikacji\PC Suite 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-10 19:13 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-11-06 08:20 831,048 ----a-w C:\WINDOWS\system32\WudfUpdate_01005.dll 2007-11-05 22:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\Nokia 2007-10-30 22:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji\PC Suite 2007-10-30 22:36 --------- d-----w C:\Program Files\DIFX 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-28 17:54 --------- d-----w C:\Program Files\Common Files\COWON 2007-10-28 17:54 --------- d-----w C:\Documents and Settings\Pavel\Dane aplikacji\COWON 2007-10-28 08:56 36 ----a-w C:\Documents and Settings\Pavel\klextlock.dat 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-09-28 17:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-09-28 17:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-09-28 17:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll 2007-01-21 18:19 262,144 ----a-w C:\Program Files\xp-AntiSpy.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-05-10 15:36] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44] “PC Suite Tray”=“D:\Programy\Nokia\Nokia PC Suite 6\PCSuite.exe” [2007-12-10 10:12] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “aol”=“C:\Program Files\AOL\Active Virus Shield\avp.exe” [2006-05-30 11:13] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-03 23:44] “Nokia.PCSync”=“D:\Programy\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-11-07 17:35] C:\Documents and Settings\Pavel\Menu Start\Programy\Autostart\ SysInfoMyWork.lnk - C:\Program Files\SysInfoMyWork\SysInfoMyWork.exe [2004-09-21 17:23:27] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programy^Autostart^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pavel^Menu Start^Programy^Autostart^OpenOffice.org 2.2.lnk] path=C:\Documents and Settings\Pavel\Menu Start\Programy\Autostart\OpenOffice.org 2.2.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.2.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] 2007-03-12 12:49 153136 --a------ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner] C:\Program Files\CCleaner\ccleaner.exe /AUTO [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2004-08-03 23:44 15360 --a------ C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2003-03-11 11:08 172032 --a------ C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-09 17:53 153136 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] nwiz.exe /install [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] D:\Programy\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2] C:\Program Files\USoft\usoft32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SCANINICIO] C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp] 2002-06-26 17:36 90112 --a------ C:\Program Files\Analog Devices\SoundMAX\Smtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\thebat_startup] D:\Programy\The Bat!\thebat.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tray] D:\Programy\Pogoda\pogoda.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\yvcdyjyd] rundll32.exe C:\Program Files\yvcdyjyd\kpofufuv.dll,Init R2 ABBYY.Licensing.FineReader.Professional.9.0;Usługa licencjonowania programu ABBYY FineReader 9.0;“D:\Programy\ABBYY FineReader 9.0\NetworkLicenseServer.exe” -service [] S3 msloop;Sterownik karty Microsoft Loopback;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 20:53] S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\System32\PavSRK.sys [] S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\System32\PavTPK.sys [] S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2004-12-08 18:24] *Newly Created Service* - SERVICELAYER . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-18 00:32:26 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-18 0:33:34 . 2007-12-12 17:58:48 — E O F —
Tak ma to wyglądać
Asterisk
Gutek
(Gutek)
18 Grudzień 2007 20:02
#4
pavel14
(Kajko14)
18 Grudzień 2007 20:50
#5
Dzięki wielkie. Już to zrobiłem :).