bartsone
(Knpbeer)
5 Listopad 2007 20:53
#1
Na wejscie podam log:
Logfile of HijackThis v1.99.1 Scan saved at 21:28:10, on 2007-11-05 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) - uzywam Firefox’a, ale domyslna mam ustawiony IE. Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\avmwlanstick\WlanNetService.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Borland\Firebird_1_5\bin\fbguard.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Borland\Firebird_1_5\bin\fbserver.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Zrzutka\Kacper\Kacper E\Pulpit\Hiajck This\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\DOCUME~1\Zidi\USTAWI~1\Temp\tmp2.tmp.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {d13ed026-7a31-47fa-a3b8-6ce51d0b073d} - C:\WINDOWS\system32\attclt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGetDx\iebar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM…\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM…\Run: [Toshiba Hotkey Utility] “C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe” /lang PL O4 - HKLM…\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM…\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM…\Run: [smoothView] C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM…\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe” O4 - HKLM…\Run: [iS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE “REBOOT” O4 - HKLM…\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe O4 - HKLM…\Run: [sSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM…\Run: [Lexmark X1100 Series] “C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe” O4 - HKLM…\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe O4 - HKLM…\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe O4 - HKLM…\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM…\Run: [systemOptimizer] rundll32.exe “C:\WINDOWS\byvvuv.dll”,forkonce O4 - HKCU…\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Pobierz przez ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Pobierz &wszystko przez ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1F831FAC-42FC-11D4-95A6-0080AD30DCE1} (NOXLATE) - file://C:\Program Files\AutoCAD LT 2000i Plk\InstFred.ocx O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2000i Plk\AcPreview.ocx O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_30.cab O20 - AppInit_DLLs: O20 - Winlogon Notify: attclt - C:\WINDOWS\SYSTEM32\attclt.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Borland\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Borland\Firebird_1_5\bin\fbserver.exe O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
Uzywam jak widac w logu Nortona, nie wiem jakim cudem wzial sie wirus. Nie chodze po zadnych “nie znajomych” stronach, ale przejde dalej. Z miesiac temu Norton pokazywal ze jest wirus, jakis malo szkodliwy, ale nie moze go usunac.
Nie zauwazylem zadnych skutkow bycia tego wirusa wiec wrzucilem na luz. Teraz probuje otworzyc dysk, normalnie z mojego komputera i nagle bum. Dysk zmapowany, ALERT od Nortona (W32.Fakerency). Poczytalem na stronie Symanatec o tym wirusie nic szkodliwego tylko ten pieprzony maping. W logach nic nie znalazlem co do tego robaka/trojana. Jesli bedziecie mi w stanie pomoc bede wdzieczny. Dodam ze pracuje na laptopie - nie za dobrym
jessica
(jessica)
5 Listopad 2007 21:30
#2
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\DOCUME~1\Zidi\USTAWI~1\Temp\tmp2.tmp.dll O2 - BHO: (no name) - {d13ed026-7a31-47fa-a3b8-6ce51d0b073d} - C:\WINDOWS\system32\attclt.dll O4 - HKLM…\Run: [Lexmark_X79-55] C:\WINDOWS\system32\lsasss.exe O4 - HKLM…\Run: [systemOptimizer] rundll32.exe “C:\WINDOWS\byvvuv.dll”,forkonce O20 - AppInit_DLLs: O20 - Winlogon Notify: attclt - C:\WINDOWS\SYSTEM32\attclt.dll
Ściągnij -->ComboFix .
Wklej do Notatnika :
File::
C:\Documents and Settings\Zidi\Ustawienia Lokalne\Temp\tmp2.tmp.dll
C:\WINDOWS\system32\attclt.dll
C:\WINDOWS\byvvuv.dll
C:\WINDOWS\system32\lsasss.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark_X79-55"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemOptimizer"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\attclt]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d13ed026-7a31-47fa-a3b8-6ce51d0b073d}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F6581D5-AA53-4b73-A6F9-41420C6B61F1}]
>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )
– podobnie jak na tym obrazku –>
(jeśli pojawi się pytanie " 1 or 2 " - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: * * Qoobox**.
Daj ten log.
jessi
bartsone
(Knpbeer)
5 Listopad 2007 22:27
#3
ComboFix 07-11-05.2 - kAc 2007-11-05 22:49:09.1 - NTFSx86 Running from: C:\Documents and Settings\kAc\Pulpit\ComboFix.exe Command switches used :: C:\Documents and Settings\kAc\Pulpit\CFScript.txt * Created a new restore point FILE:: C:\Documents and Settings\Zidi\Ustawienia Lokalne\Temp\tmp2.tmp.dll C:\WINDOWS\byvvuv.dll C:\WINDOWS\system32\attclt.dll C:\WINDOWS\system32\lsasss.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Zidi\Ustawienia Lokalne\Temp\tmp2.tmp.dll C:\WINDOWS\byvvuv.dll C:\WINDOWS\cookies.ini C:\WINDOWS\efegjl.ini C:\WINDOWS\gebbxw.dll C:\WINDOWS\ljgefe.dll C:\WINDOWS\system32\attclt.dll C:\WINDOWS\system32\tmp1.tmp.dll C:\WINDOWS\system32\tmp1E.tmp.dll C:\WINDOWS\system32\tmp2.tmp.dll C:\WINDOWS\system32\tmp5.tmp.dll C:\WINDOWS\wxbbeg.ini . ((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 ))))))))))))))))))))))))))))))) . 2007-11-05 22:46 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-05 10:46 2007-10-24 19:50 2007-10-23 17:09 2007-10-23 17:09 2007-10-13 12:34 555 --a------ C:\WINDOWS\eReg.dat 2007-10-12 22:46 2007-10-12 22:46 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-24 15:09 --------- d-----w C:\Documents and Settings\kAc\Dane aplikacji\GanymedeNet 2007-10-23 16:10 --------- d-----w C:\Program Files\Winamp 2007-10-13 11:41 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-10-13 11:36 29,392 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-09 18:19 --------- d-----w C:\Program Files\Gadu-Gadu . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] 2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] “{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968] [HKEY_CLASSES_ROOT\CLSID{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1] [HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [] “HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [] “Toshiba Hotkey Utility”=“C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe” [] “SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [] “SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [] “PadTouch”=“C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe” [] “SmoothView”=“C:\Program Files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe” [] “NDSTray.exe”=“NDSTray.exe” [] “ccApp”=“C:\Program Files\Common Files\Symantec Shared\ccApp.exe” [2007-02-22 09:58] “IS CfgWiz”=“C:\Program Files\Norton Internet Security\cfgwiz.exe” [] “URLLSTCK.exe”=“C:\Program Files\Norton Internet Security\UrlLstCk.exe” [] “SSC_UserPrompt”=“C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe” [2004-12-20 16:22] “NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [] “Lexmark X1100 Series”=“C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe” [] “AVMWlanClient”=“C:\Program Files\avmwlanstick\wlangui.exe” [] “Symantec NetDriver Monitor”=“C:\PROGRA~1\SYMNET~1\SNDMon.exe” [2007-05-19 09:57] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “TOSCDSPD”=“C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe” [] “MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-08-04 00:55] “ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 12:00] C:\Documents and Settings\KNovy\Menu Start\Programy\Autostart\ Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 08:03:44] C:\Documents and Settings\Zidi\Menu Start\Programy\Autostart\ Szybkie uruchamianie programu Microsoft Office OneNote 2003.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-17 08:03:44] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-08-20 13:43:52] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk] path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\HP Image Zone - szybkie uruchamianie.lnk backup=C:\WINDOWS\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08] C:\Program Files\HP\Digital Imaging{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime R1 SMBHC;Sterownik kontrolera hosta magistrali zarządzania systemem firmy Microsoft;C:\WINDOWS\system32\DRIVERS\SMBHC.sys R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Borland\Firebird_1_5\bin\fbguard.exe -s R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;“C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe” R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Borland\Firebird_1_5\bin\fbserver.exe -s R3 FWLANUSB;AVM FRITZ!WLAN;C:\WINDOWS\system32\DRIVERS\fwlanusb.sys R3 qkbfiltr;Quanta HotKey Keyboard Filter Driver;C:\WINDOWS\system32\drivers\qkbfiltr.sys R3 qmofiltr;Quanta HotKey Mouse Filter Driver;C:\WINDOWS\system32\drivers\qmofiltr.sys R3 SMBBATT;Sterownik baterii inteligentnej Microsoft;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys S3 IPN2220;INPROCOMM IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys . Contents of the ‘Scheduled Tasks’ folder “2007-11-03 19:00:01 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job” - C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-05 23:08:07 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-05 23:23:36 - machine was rebooted . — E O F —
Po dlugim wzmaganiu z Norton’em bo zablokowal dostep skryptu wydaje mi sie ze wszystko jest ok, dysk nie mapowany dzieki wielkie… tylko czy to koniec?
Gutek
(Gutek)
5 Listopad 2007 22:30
#4
bartsone
(Knpbeer)
5 Listopad 2007 22:33
#5
a mam pytanie, moge to zrobic jutro? przez reboot nic sie nie stanie, bo padam juz. ale nie moge nic stracic z kompa bo mnie z pracy wyrzuca.
@/ Dzieki wielkie
Gutek
(Gutek)
5 Listopad 2007 22:36
#6
Nic nie stracisz, czekamy na log - a więc do jutro.