Sam wysyła spam

jondero · 22 Grudzień 2007 16:22

Jak w temcie. svchost korzysta z całego łącza. Narazie zablokowałem go netlimiter’em ale wolałbym to naprawić.

hijackthis:

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:17:43, on 2007-12-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\NetLimiter 2 Pro\nlsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Program Files\NetLimiter 2 Pro\NLClient.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Windows Media Player\WMPNetwk.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\HijackThis\HijackThis.exe C:\Program Files\Opera\Opera.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\notepad.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM…\Run: [NBKeyScan] “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” O4 - HKLM…\Run: [sDTray] “C:\Program Files\Spyware Doctor\SDTrayApp.exe” O4 - HKLM…\Run: [RegDoctor] C:\Program Files\RegDoctor\RegDoctor.exe -Quick O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [H/PC Connection Agent] “C:\Program Files\Microsoft ActiveSync\wcescomm.exe” O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe” O4 - HKCU…\Run: [OM2_Monitor] “C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe” -NoStart O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra ‘Tools’ menuitem: Create Mobile Favorite… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O20 - Winlogon Notify: iismui32 - C:\WINDOWS\SYSTEM32\iismui32.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

ComboFiix:

2007-12-20 20:48 . 2007-12-20 20:48 2007-12-20 20:47 . 2007-12-20 20:50 2007-12-20 20:47 . 2007-12-20 20:47 2007-12-20 19:54 . 2007-12-20 19:55 2007-12-20 19:54 . 2005-02-12 16:43 245,760 --a------ C:\WINDOWS\system32\vbalColumnTreeView6.ocx 2007-12-20 19:54 . 2004-03-08 19:00 152,848 --a------ C:\WINDOWS\system32\Comdlg32.ocx 2007-12-20 19:54 . 1999-08-02 17:11 57,344 --a------ C:\WINDOWS\system32\CGZipLibrary.DLL 2007-12-20 19:54 . 2003-01-26 14:41 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll 2007-12-20 19:54 . 1999-03-12 02:20 18,728 --a------ C:\WINDOWS\system32\ISHF_Ex.tlb 2007-12-20 19:54 . 1998-03-18 17:45 8,096 --a------ C:\WINDOWS\system32\OLEGUIDS.TLB 2007-12-19 23:30 . 2007-12-20 19:52 2007-12-18 22:24 . 2007-12-20 11:09 2007-12-18 22:24 . 2007-12-18 22:24 2007-12-18 22:24 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2007-12-18 22:24 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2007-12-18 22:24 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2007-12-18 22:24 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2007-12-18 22:24 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2007-12-18 21:24 . 2007-12-18 21:24 2007-12-18 21:18 . 2007-12-18 21:18 2007-12-18 20:33 . 2007-12-18 20:33 72,704 --a------ C:\WINDOWS\cadkasdeinst01e.exe 2007-12-06 22:52 . 2007-12-11 21:43 2007-12-03 20:18 . 2007-12-03 20:18 2007-12-02 14:05 . 2007-12-02 14:05 2007-11-27 19:19 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-11-27 19:19 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-11-27 19:19 . 2004-08-03 22:58 15,104 --a–c— C:\WINDOWS\system32\dllcache\usbscan.sys 2007-11-27 19:19 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-11-27 19:13 . 2007-11-27 19:13 2007-11-25 23:44 . 2007-11-25 23:44 2007-11-24 16:18 . 2007-12-03 07:18 2007-11-24 16:15 . 2007-11-24 16:15 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-24 14:22 . 2007-11-24 14:22 2007-11-22 21:06 . 2007-11-22 21:06 2007-11-22 20:59 . 2007-11-22 20:59 2007-11-22 20:59 . 2007-11-22 21:03 2007-11-22 20:59 . 2007-11-22 20:59 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-22 15:46 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP 2007-12-22 15:17 --------- d-----w C:\Program Files\cFosSpeed 2007-12-22 04:08 --------- d-----w C:\Program Files\eMule 2007-12-21 20:20 --------- d-----w C:\Program Files\Opera 2007-12-18 20:27 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-12-13 22:27 --------- d-----w C:\Program Files\SubEdit-Player 2007-12-06 21:51 --------- d-----w C:\Program Files\NAPI-PROJEKT 2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-12-01 14:31 --------- d-----w C:\Program Files\Microsoft ActiveSync 2007-11-27 18:14 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer 2007-11-22 19:44 --------- d-----w C:\Program Files\Ahead 2007-11-22 19:43 --------- d-----w C:\Program Files\Common Files\Ahead 2007-11-20 19:12 --------- d-----w C:\Program Files\Trojan Remover 2007-11-18 15:04 --------- d-----w C:\Program Files\HP 2007-11-18 14:31 --------- d-----w C:\Program Files\Ontrack 2007-11-18 14:29 --------- d-----w C:\Program Files\HeroCraft 2007-11-14 20:44 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-14 19:15 --------- d-----w C:\Program Files\FLVPlayer 2007-11-14 18:16 --------- d-----w C:\Program Files\mediaRECOVER 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-11-09 19:39 --------- d-----w C:\Documents and Settings\Administrator\Dane aplikacji\dvdcss 2007-11-05 06:03 --------- d-----w C:\Program Files\MSXML 4.0 2007-11-04 13:51 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\HP 2007-11-04 13:47 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2007-11-04 09:17 --------- d-----w C:\Program Files\Aspecto Software 2007-11-03 18:49 --------- d-----w C:\Program Files\CABviaActiveSync 2007-11-03 16:57 --------- d-----w C:\Program Files\Paint Mobile for Windows Mobile 5.0 2007-11-03 15:35 --------- d-----w C:\Program Files\Microsoft.NET 2007-10-29 22:44 1,291,264 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-28 10:38 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE 2007-10-28 10:38 249,856 ------w C:\WINDOWS\Setup1.exe 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-23 16:05 --------- d-----w C:\Program Files\Neostrada TP 2007-10-22 16:23 --------- d-----w C:\Program Files\Java 2007-10-09 17:23 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2007-10-09 17:23 60,273 ----a-w C:\WINDOWS\system32\pthreadGC2.dll 2007-07-22 13:33 81,920 ----a-w C:\Documents and Settings\Administrator\Dane aplikacji\ezpinst.exe 2007-07-22 13:33 47,360 ----a-w C:\Documents and Settings\Administrator\Dane aplikacji\pcouffin.sys 2006-09-09 15:29 63,488 ----a-w C:\Documents and Settings\Administrator\TT6_kg_4_C4Pda.exe . ((((((((((((((((((((((((((((( snapshot@2007-12-22_17.04.34,80 ))))))))))))))))))))))))))))))))))))))))) . - 2007-12-22 15:50:51 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\MSHist012007122220071223\index.dat + 2007-12-22 16:14:30 32,768 --sha-w C:\WINDOWS\Temp\History\History.IE5\MSHist012007122220071223\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44] “Gadu-Gadu”=“C:\Program Files\Gadu-Gadu\gg.exe” [2007-07-09 08:39] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 17:24] “H/PC Connection Agent”=“C:\Program Files\Microsoft ActiveSync\wcescomm.exe” [2006-06-20 21:36] “BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe” [2007-08-03 12:51] “OM2_Monitor”=“C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe” [2007-09-11 18:43] “WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2006-12-01 10:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “nwiz”=“nwiz.exe” [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“RUNDLL32.exe” [2004-08-03 23:44 C:\WINDOWS\system32\rundll32.exe] “QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2007-06-29 05:24] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11] “snpstd”=“C:\WINDOWS\vsnpstd.exe” [2006-08-23 13:36] “NeroFilterCheck”=“C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe” [2007-03-01 15:57] “NBKeyScan”=“C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” [2007-08-08 09:25] “SDTray”=“C:\Program Files\Spyware Doctor\SDTrayApp.exe” [2007-11-02 17:24] “RegDoctor”=“C:\Program Files\RegDoctor\RegDoctor.exe” [2006-06-07 14:43] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44] “Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-06-19 09:17] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Reader Speed Launch.lnk - C:\WINDOWS\Installer{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe [2007-07-24 21:10:47] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iismui32] iismui32.dll 2004-04-14 05:25 8704 C:\WINDOWS\system32\iismui32.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 12:03] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 09:25] S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [] S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [] S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgNW.sys [] S3 Devx;Devx;C:\WINDOWS\system32\drivers\Devx.sys [2001-09-06 13:21] S3 VtPr;VtPr;C:\WINDOWS\system32\drivers\VtPr.sys [2001-10-10 15:10] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . Contents of the ‘Scheduled Tasks’ folder “2007-12-12 11:38:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job” - C:\Program Files\Apple Software Update\SoftwareUpdate.exe

Z góry dziekuję za pomoc.

Gutek · 22 Grudzień 2007 22:02

usuń wpisy HJT

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.