system
(system)
17 Styczeń 2008 16:18
#1
zauwazyłem dzisiaj ze nie moge otworzyc dysków z okna Mojego Komputera. zrobilem pare skanow i znalazlem min. psw.sboy.a i avmo.exe. nie chce ryzykowac i sam tego usuwac bo to pierwsze siedzi w explorer.exe…
wiec prosze o pomoc fachowców. ponizej logi z hijackthis i combofixa
hijack:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:12:39, on 2008-01-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\windows\RTHDCPL.EXE C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\windows\system32\RUNDLL32.EXE C:\windows\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\BelkinMonitor.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\windows\system32\nvsvc32.exe C:\windows\system32\svchost.exe C:\windows\system32\wscntfy.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\IDM\IDMan.exe C:\windows\system32\EXPLORER.EXE C:\Program Files\Opera\Opera.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Miroslav\Pulpit\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza F2 - REG:system.ini: UserInit=userinit.exe,EXPLORER.EXE O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\IDM\IDMIECC.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM…\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe O4 - HKLM…\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU…\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\PowerGG.exe” /clone:Ja O4 - HKCU…\Run: [DAEMON Tools Pro Agent] “C:\Program Files\DAEMON Tools Pro\DTProAgent.exe” O4 - HKCU…\Run: [wsctf.exe] wsctf.exe O4 - HKCU…\Run: [EXPLORER.EXE] EXPLORER.EXE O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk = C:\WINDOWS\system32\BelkinMonitor.exe O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\IDM\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\IDM\IEGetVL.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\IDM\IEExt.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {B015B944-7316-49AE-AC84-ACCA9379EA32} (IPCamPlugIn Control) - http://81.168.250.222/IPCamPluginMJPEG.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe – End of file - 7780 bytes
combofix:
ComboFix 08-01-17.5 - Miroslav 2008-01-17 17:14:10.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1379 [GMT 1:00] Running from: C:\Documents and Settings\Miroslav\Pulpit\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\windows\system32\amvo.exe C:\windows\system32\amvo1.dll C:\windows\system32\explorer.exe . ((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))) . 2008-01-17 17:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-17 16:59 . 2008-01-17 16:59 31,074 --a------ C:\WINDOWS\system32\drivers\Partizan.sys 2008-01-17 16:59 . 2008-01-17 16:59 25,600 --a------ C:\WINDOWS\system32\Partizan.exe 2008-01-17 16:58 . C:\windows(2) C:\ComboFix\winstart.bat 2008-01-17 10:44 . 2008-01-17 10:43 105,525 -r-hs---- C:\m1t8ta.com 2008-01-17 10:43 . 2008-01-04 22:28 105,854 -r-hs---- C:\semo2x.exe 2008-01-17 10:43 . 2008-01-17 16:09 604 -r-hs---- C:\autorun.inf 2008-01-09 17:12 . 2008-01-09 17:12 2008-01-03 19:18 . 2008-01-03 19:20 2008-01-02 14:20 . 2008-01-02 14:20 4,096 --a------ C:\WINDOWS\d3dx.dat 2007-12-27 14:19 . 2007-12-27 14:19 2007-12-27 14:18 . 2007-12-27 14:19 2007-12-27 14:18 . 2007-12-27 14:19 2007-12-26 21:26 . 2007-12-26 21:26 2007-12-24 11:05 . 2007-12-24 11:05 2007-12-22 20:51 . 2007-12-22 20:51 2007-12-17 20:03 . 2007-12-17 20:03 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-17 15:10 --------- d-----w C:\Program Files\DAEMON Tools 2008-01-17 15:08 --------- d-----w C:\Program Files\PowerArchiver 2008-01-17 14:56 --------- d-----w C:\Documents and Settings\Miroslav\Dane aplikacji\DMCache 2008-01-17 08:45 5,112 ----a-w C:\windows\GPCIDrv.sys 2008-01-17 08:45 19,039 ----a-w C:\windows\system32\drivers\GVTDrv.sys 2008-01-15 17:10 --------- d-----w C:\Documents and Settings\Miroslav\Dane aplikacji\Skype 2008-01-15 15:02 --------- d-----w C:\Documents and Settings\Miroslav\Dane aplikacji\skypePM 2008-01-13 17:30 --------- d-----w C:\Program Files\Cheat Engine 2008-01-10 18:02 --------- d-----w C:\Program Files\EAGLE-4.16r2 2008-01-10 08:59 --------- d-----w C:\Program Files\Last.fm 2008-01-08 20:17 --------- d-----w C:\Program Files\IDM 2008-01-05 10:23 --------- d-----w C:\Program Files\Virtual Earth 3D 2007-12-27 12:09 --------- d-----w C:\Program Files\GetRight 2007-12-27 10:46 --------- d-----w C:\Program Files\NAPI-PROJEKT 2007-12-24 13:16 --------- d-----w C:\Program Files\Wiedźmin 2007-12-23 15:45 --------- d-----w C:\Program Files\eMule 2007-12-22 19:51 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-12-16 14:19 5,120 ----a-w C:\windows\system32\BReWErS.dll 2007-12-14 14:54 --------- d-----w C:\Documents and Settings\Miroslav\Dane aplikacji\PlayFirst 2007-12-06 09:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-06 09:30 --------- d-----w C:\Program Files\AGEIA Technologies 2007-12-04 22:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Trymedia 2007-12-02 22:31 --------- d-----w C:\Program Files\Java 2007-12-01 18:48 --------- d-----w C:\Program Files\DivX 2007-11-29 09:54 --------- d-----w C:\Program Files\Guitar Pro 5 2007-11-29 08:42 --------- d-----w C:\Program Files\InTune 2007-11-28 22:52 --------- d-----w C:\Program Files\MoorHunt 2007-11-26 09:46 --------- d-----w C:\Program Files\Microsoft Reader 2007-11-25 12:07 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-25 11:52 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2007-11-25 11:52 --------- d-----w C:\Program Files\Common Files\Skype 2007-11-25 11:27 4,608 ----a-w C:\windows\system32\w95inf32.dll 2007-11-25 11:27 --------- d-----w C:\Program Files\ArcSoft 2007-11-25 11:25 --------- d-----w C:\Program Files\D-Link CIF Webcam 2007-11-23 08:17 413,696 ----a-w C:\windows\system32\wrap_oal.dll 2007-11-23 08:17 110,592 ----a-w C:\windows\system32\OpenAL32.dll 2007-11-22 17:47 22,328 ----a-w C:\windows\system32\drivers\PnkBstrK.sys 2007-11-22 17:47 103,736 ----a-w C:\windows\system32\PnkBstrB.exe 2007-11-21 13:36 20,480 ----a-w C:\windows\system32\H@tKeysH@@k.DLL 2007-11-20 17:13 66,872 ----a-w C:\windows\system32\PnkBstrA.exe 2007-11-18 20:05 --------- d-----w C:\Documents and Settings\Miroslav\Dane aplikacji\IDM 2007-11-13 09:54 70,944 ----a-w C:\windows\system32\PhysXLoader.dll 2007-11-08 07:55 45,056 ----a-w C:\windows\NCUNINST.EXE 2007-11-07 09:29 723,968 ----a-w C:\windows\system32\lsasrv.dll 2007-10-29 22:44 1,291,264 ----a-w C:\windows\system32\quartz.dll 2007-10-25 09:00 230,912 ----a-w C:\windows\system32\wmasf.dll 2007-10-25 08:04 73,216 ----a-w C:\windows\ST6UNST.EXE 2007-10-25 08:04 249,856 ------w C:\windows\Setup1.exe 2007-10-20 00:56 200,704 ----a-w C:\windows\system32\ssldivx.dll 2007-10-20 00:56 1,044,480 ----a-w C:\windows\system32\libdivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\windows\system32\ctfmon.exe” [2004-08-04 13:00 15360] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24 1694208] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\PowerGG.exe” [2002-11-17 18:15 21551] “DAEMON Tools Pro Agent”=“C:\Program Files\DAEMON Tools Pro\DTProAgent.exe” [2007-09-06 14:08 136136] “wsctf.exe”=“wsctf.exe” [] “EXPLORER.EXE”=“EXPLORER.EXE” [2007-06-13 14:23 1034752 C:\WINDOWS\explorer.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SkyTel”=“SkyTel.EXE” [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] “RTHDCPL”=“RTHDCPL.EXE” [2006-05-27 03:47 16208384 C:\WINDOWS\RTHDCPL.exe] “GBB36X Configure”=“C:\WINDOWS\system32\JMRaidTool.exe” [2006-06-02 09:46 385024] “VGAUtil”=“C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe” [2006-07-25 10:10 544768] “OSSelectorReinstall”=“C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe” [2006-04-12 14:15 1261475] “NvCplDaemon”=“C:\windows\system32\NvCpl.dll” [2007-10-04 17:14 8491008] “nwiz”=“nwiz.exe” [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496] “NvMediaCenter”=“C:\windows\system32\NvMcTray.dll” [2007-10-04 17:14 81920] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 13:00 15360] C:\Documents and Settings\Miroslav\Menu Start\Programy\Autostart\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-08-05 15:16:18] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-25 13:04:37] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 06:05:26] Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk - C:\WINDOWS\system32\BelkinMonitor.exe [2007-07-31 11:26:57] Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-08-15 21:40:01] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56] R0 hotcore;hotcore;C:\windows\system32\drivers\hotcore.sys [2004-11-04 11:02] R3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2);C:\windows\system32\DRIVERS\BEL6001P.sys [2002-11-07 04:43] R3 GPCIDrv;GPCIDrv;C:\WINDOWS\GPCIDrv.sys [2008-01-17 09:45] R3 GVTDrv;GVTDrv;C:\WINDOWS\system32\Drivers\GVTDrv.sys [2008-01-17 09:45] R3 pcand5bk;PCAND5BK PCANDIS5 Protocol Driver;C:\WINDOWS\system32\pcand5bk.SYS [2002-09-19 22:34] S0 Partizan;Partizan;C:\windows\system32\drivers\Partizan.sys [2008-01-17 16:59] S3 CCCP106;D-Link CIF Webcam;C:\windows\system32\DRIVERS\cccp106.sys [2003-04-09 11:17] S3 GVCplDrv;GVCplDrv;C:\windows\system32\drivers\GVCplDrv.sys [2004-05-02 09:47] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{05f16b30-3f55-11dc-9e91-0030bde08766}] \Shell\AutoRun\command - I:\semo2x.exe \Shell\explore\Command - I:\semo2x.exe \Shell\open\Command - I:\semo2x.exe *Newly Created Service* - PROCEXP90 *Newly Created Service* - SDCER . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-17 17:15:05 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\windows\explorer.exe [6.00.2900.3156] - C:\Program Files\Gadu-Gadu\ggwhook.dll . Completion time: 2008-01-17 17:15:24 ComboFix-quarantined-files.txt 2008-01-17 16:15:17 . 2008-01-09 22:22:30 — E O F —
Leon1
(Leon$)
17 Styczeń 2008 16:42
#2
Otwórz notatnik i wklej
File::
C:\m1t8ta.com
C:\semo2x.exe
C:\autorun.inf
I:\semo2x.exe
C:\WINDOWS\system32\wsctf.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"wsctf.exe"=-
"EXPLORER.EXE"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
zapisz jako CFScript (zapisz by ikonka CFScript.txt była obok ikonki ComboFix.exe) >> Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe
http://img.wklej.org/images/88953CFScri … iemoes.gif
na pytanie “1 or 2” - to wpisz 1 i naciśnij ENTER
Powinno rozpocząć się usuwanie
daj log Combofixa z tego usuwania
potem nowy z HijackThis
system
(system)
17 Styczeń 2008 17:28
#3
log combofix’a po usunieciu:
ComboFix 08-01-17.5 - Miroslav 2008-01-17 18:25:39.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1462 [GMT 1:00] Running from: C:\Documents and Settings\Miroslav\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\Miroslav\Pulpit\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED FILE C:\autorun.inf C:\m1t8ta.com C:\semo2x.exe C:\WINDOWS\system32\wsctf.exe I:\semo2x.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf C:\m1t8ta.com C:\semo2x.exe D:\Autorun.inf D:\semo2x.exe E:\Autorun.inf E:\semo2x.exe . ((((((((((((((((((((((((( Files Created from 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))) . 2008-01-17 17:13 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-17 16:59 . 2008-01-17 16:59 31,074 --a------ C:\WINDOWS\system32\drivers\Partizan.sys 2008-01-17 16:59 . 2008-01-17 16:59 25,600 --a------ C:\WINDOWS\system32\Partizan.exe 2008-01-17 16:58 . C:\windows(2) C:\ComboFix\winstart.bat 2008-01-09 17:12 . 2008-01-09 17:12 2008-01-03 19:18 . 2008-01-03 19:20 2008-01-02 14:20 . 2008-01-02 14:20 4,096 --a------ C:\WINDOWS\d3dx.dat 2007-12-27 14:19 . 2007-12-27 14:19 2007-12-27 14:18 . 2007-12-27 14:19 2007-12-27 14:18 . 2007-12-27 14:19 2007-12-26 21:26 . 2007-12-26 21:26 2007-12-24 11:05 . 2007-12-24 11:05 2007-12-22 20:51 . 2007-12-22 20:51 2007-12-17 20:03 . 2007-12-17 20:03 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-17 16:38 --------- d-----w C:\Program Files\PowerArchiver 2008-01-17 15:10 --------- d-----w C:\Program Files\DAEMON Tools 2008-01-17 14:56 --------- d-----w C:\Documents and Settings\Miroslav\Dane aplikacji\DMCache 2008-01-17 08:45 5,112 ----a-w C:\windows\GPCIDrv.sys 2008-01-17 08:45 19,039 ----a-w C:\windows\system32\drivers\GVTDrv.sys 2008-01-15 17:10 --------- d-----w C:\Documents and Settings\Miroslav\Dane aplikacji\Skype 2008-01-15 15:02 --------- d-----w C:\Documents and Settings\Miroslav\Dane aplikacji\skypePM 2008-01-13 17:30 --------- d-----w C:\Program Files\Cheat Engine 2008-01-10 18:02 --------- d-----w C:\Program Files\EAGLE-4.16r2 2008-01-10 08:59 --------- d-----w C:\Program Files\Last.fm 2008-01-08 20:17 --------- d-----w C:\Program Files\IDM 2008-01-05 10:23 --------- d-----w C:\Program Files\Virtual Earth 3D 2007-12-27 12:09 --------- d-----w C:\Program Files\GetRight 2007-12-27 10:46 --------- d-----w C:\Program Files\NAPI-PROJEKT 2007-12-24 13:16 --------- d-----w C:\Program Files\Wiedźmin 2007-12-23 15:45 --------- d-----w C:\Program Files\eMule 2007-12-22 19:51 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-12-16 14:19 5,120 ----a-w C:\windows\system32\BReWErS.dll 2007-12-14 14:54 --------- d-----w C:\Documents and Settings\Miroslav\Dane aplikacji\PlayFirst 2007-12-06 09:31 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-12-06 09:30 --------- d-----w C:\Program Files\AGEIA Technologies 2007-12-04 22:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Trymedia 2007-12-02 22:31 --------- d-----w C:\Program Files\Java 2007-12-01 18:48 --------- d-----w C:\Program Files\DivX 2007-11-29 09:54 --------- d-----w C:\Program Files\Guitar Pro 5 2007-11-29 08:42 --------- d-----w C:\Program Files\InTune 2007-11-28 22:52 --------- d-----w C:\Program Files\MoorHunt 2007-11-26 09:46 --------- d-----w C:\Program Files\Microsoft Reader 2007-11-25 12:07 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-25 11:52 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2007-11-25 11:52 --------- d-----w C:\Program Files\Common Files\Skype 2007-11-25 11:27 4,608 ----a-w C:\windows\system32\w95inf32.dll 2007-11-25 11:27 --------- d-----w C:\Program Files\ArcSoft 2007-11-25 11:25 --------- d-----w C:\Program Files\D-Link CIF Webcam 2007-11-23 08:17 413,696 ----a-w C:\windows\system32\wrap_oal.dll 2007-11-23 08:17 110,592 ----a-w C:\windows\system32\OpenAL32.dll 2007-11-22 17:47 22,328 ----a-w C:\windows\system32\drivers\PnkBstrK.sys 2007-11-22 17:47 103,736 ----a-w C:\windows\system32\PnkBstrB.exe 2007-11-21 13:36 20,480 ----a-w C:\windows\system32\H@tKeysH@@k.DLL 2007-11-20 17:13 66,872 ----a-w C:\windows\system32\PnkBstrA.exe 2007-11-18 20:05 --------- d-----w C:\Documents and Settings\Miroslav\Dane aplikacji\IDM 2007-11-13 09:54 70,944 ----a-w C:\windows\system32\PhysXLoader.dll 2007-11-08 07:55 45,056 ----a-w C:\windows\NCUNINST.EXE 2007-11-07 09:29 723,968 ----a-w C:\windows\system32\lsasrv.dll 2007-10-29 22:44 1,291,264 ----a-w C:\windows\system32\quartz.dll 2007-10-25 09:00 230,912 ----a-w C:\windows\system32\wmasf.dll 2007-10-25 08:04 73,216 ----a-w C:\windows\ST6UNST.EXE 2007-10-25 08:04 249,856 ------w C:\windows\Setup1.exe 2007-10-20 00:56 200,704 ----a-w C:\windows\system32\ssldivx.dll 2007-10-20 00:56 1,044,480 ----a-w C:\windows\system32\libdivx.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-17_17.15.09,39 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-17 16:14:02 229,376 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-17 17:25:37 229,376 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-17 16:14:02 8,192 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-17 17:25:37 8,192 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-17 16:14:02 229,376 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-17 17:25:37 229,376 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-17 16:14:03 8,192 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-17 17:25:37 8,192 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-17 16:14:03 5,730,304 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-17 17:25:37 5,746,688 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-17 16:14:03 290,816 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-17 17:25:38 290,816 ----a-w C:\windows\erdnt\Hiv-backup\Users\00000006\UsrClass.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\windows\system32\ctfmon.exe” [2004-08-04 13:00 15360] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24 1694208] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\PowerGG.exe” [2002-11-17 18:15 21551] “DAEMON Tools Pro Agent”=“C:\Program Files\DAEMON Tools Pro\DTProAgent.exe” [2007-09-06 14:08 136136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SkyTel”=“SkyTel.EXE” [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe] “RTHDCPL”=“RTHDCPL.EXE” [2006-05-27 03:47 16208384 C:\WINDOWS\RTHDCPL.exe] “GBB36X Configure”=“C:\WINDOWS\system32\JMRaidTool.exe” [2006-06-02 09:46 385024] “VGAUtil”=“C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe” [2006-07-25 10:10 544768] “OSSelectorReinstall”=“C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe” [2006-04-12 14:15 1261475] “NvCplDaemon”=“C:\windows\system32\NvCpl.dll” [2007-10-04 17:14 8491008] “nwiz”=“nwiz.exe” [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11 132496] “NvMediaCenter”=“C:\windows\system32\NvMcTray.dll” [2007-10-04 17:14 81920] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 13:00 15360] C:\Documents and Settings\Miroslav\Menu Start\Programy\Autostart\ Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-08-05 15:16:18] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-25 13:04:37] Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 06:05:26] Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk - C:\WINDOWS\system32\BelkinMonitor.exe [2007-07-31 11:26:57] Kalendarz XP.lnk - C:\Program Files\Kalendarz XP\Kalendarz.exe [2007-08-15 21:40:01] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 19:05:56] R0 hotcore;hotcore;C:\windows\system32\drivers\hotcore.sys [2004-11-04 11:02] R3 BEL6001P;Belkin 11Mbps Wireless Desktop Adapter (F5D6001 V.2);C:\windows\system32\DRIVERS\BEL6001P.sys [2002-11-07 04:43] R3 GPCIDrv;GPCIDrv;C:\WINDOWS\GPCIDrv.sys [2008-01-17 09:45] R3 GVTDrv;GVTDrv;C:\WINDOWS\system32\Drivers\GVTDrv.sys [2008-01-17 09:45] R3 pcand5bk;PCAND5BK PCANDIS5 Protocol Driver;C:\WINDOWS\system32\pcand5bk.SYS [2002-09-19 22:34] S0 Partizan;Partizan;C:\windows\system32\drivers\Partizan.sys [2008-01-17 16:59] S3 CCCP106;D-Link CIF Webcam;C:\windows\system32\DRIVERS\cccp106.sys [2003-04-09 11:17] S3 GVCplDrv;GVCplDrv;C:\windows\system32\drivers\GVCplDrv.sys [2004-05-02 09:47] *Newly Created Service* - PROCEXP90 *Newly Created Service* - SDCER . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-17 18:26:10 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\windows\explorer.exe [6.00.2900.3156] - C:\Program Files\Gadu-Gadu\ggwhook.dll . Completion time: 2008-01-17 18:26:30 ComboFix-quarantined-files.txt 2008-01-17 17:26:22 ComboFix2.txt 2008-01-17 16:15:25 . 2008-01-09 22:22:30 — E O F — i nowy hijack" Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:27:32, on 2008-01-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe C:\windows\RTHDCPL.EXE C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\windows\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Pro\DTProAgent.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\BelkinMonitor.exe C:\Program Files\Last.fm\LastFMHelper.exe C:\windows\system32\nvsvc32.exe C:\windows\system32\svchost.exe C:\windows\system32\wscntfy.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\IDM\IDMan.exe C:\Program Files\Opera\Opera.exe C:\windows\explorer.exe C:\windows\system32\notepad.exe C:\Documents and Settings\Miroslav\Pulpit\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\IDM\IDMIECC.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM…\Run: [skyTel] SkyTel.EXE O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM…\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe O4 - HKLM…\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU…\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\PowerGG.exe” /clone:Ja O4 - HKCU…\Run: [DAEMON Tools Pro Agent] “C:\Program Files\DAEMON Tools Pro\DTProAgent.exe” O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Belkin 11Mbps Wireless Desktop Network Card Monitor.lnk = C:\WINDOWS\system32\BelkinMonitor.exe O4 - Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Download all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\IDM\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\IDM\IEGetVL.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\IDM\IEExt.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll ,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {B015B944-7316-49AE-AC84-ACCA9379EA32} (IPCamPlugIn Control) - http://81.168.250.222/IPCamPluginMJPEG.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe – End of file - 7403 bytes wszystko ok?
Leon1
(Leon$)
17 Styczeń 2008 18:45
#4
wpis
O16 - DPF: {B015B944-7316-49AE-AC84-ACCA9379EA32} (IPCamPlugIn Control) - http://81.168.250.222/IPCamPluginMJPEG.cab
usuń profilaktycznie HijackThisem
usuń ręcznie folder C: \Qoobox
ten syf przenoszą pendrive , karty pamięci itd jeśli możesz sformatuj pena
w logach wygląda czysto
system
(system)
17 Styczeń 2008 19:02
#5
super, dzieki za pomoc. =D> ![-o<
Gutek
(Gutek)
17 Styczeń 2008 23:23
#6
C:\Program Files\Gadu-Gadu\ggwhook.dll usuń ten plik
Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350