jabar2 utworzono 22 czerwca 2007 utworzono 22 czerwca 2007 Logfile of HijackThis v1.99.1 Scan saved at 18:34:25, on 2006-12-23 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: E:WINDOWSSystem32smss.exe E:WINDOWSsystem32winlogon.exe E:WINDOWSsystem32services.exe E:WINDOWSsystem32lsass.exe E:WINDOWSsystem32svchost.exe E:WINDOWSSystem32svchost.exe E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe E:Program FilesAlwil SoftwareAvast4ashServ.exe E:WINDOWSsystem32spoolsv.exe E:WINDOWSSystem32svchost.exe E:Program FilesAlwil SoftwareAvast4ashWebSv.exe E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe E:WINDOWSSystem32WgaTray.exe E:WINDOWSExplorer.EXE E:WINDOWSsystem32hkcmd.exe E:WINDOWSsystem32igfxpers.exe E:WINDOWSRTHDCPL.EXE E:PROGRA~1ALWILS~1Avast4ashDisp.exe E:Program FilesMicrosoft IntelliType Protype32.exe E:Program FilesMicrosoft IntelliPointpoint32.exe E:Program FilesJavajre1.6.0_01binjusched.exe E:WINDOWSsystem32LVCOMSX.EXE E:Program FilesLogitechVideoLogiTray.exe E:Program FilesQuickTimeqttask.exe E:Program FilesCommon FilesRealUpdate_OBrealsched.exe E:WINDOWSSystem32ctfmon.exe E:Program FilesSpyware Doctorswdoctor.exe E:Program FilesTlen.pltlen.exe E:Program FilesGadu-Gadugg.exe E:Program FilesWinampwinampa.exe E:Program FilesLogitechVideoFxSvr2.exe E:WINDOWSSystem32wuauclt.exe E:Program FilesAlwil SoftwareAvast4ashSimpl.exe E:PROGRA~1MOZILL~1FIREFOX.EXE E:Documents and SettingswasylPulpithijackthisHijackThis.exe R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/ R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - E:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:PROGRA~1SPYWAR~2toolsiesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:Program FilesJavajre1.6.0_01binssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:PROGRA~1SPYWAR~2toolsiesdpb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:WINDOWSsystem32msdxm.ocx O4 - HKLM..Run: [igfxTray] E:WINDOWSsystem32igfxtray.exe O4 - HKLM..Run: [HotKeysCmds] E:WINDOWSsystem32hkcmd.exe O4 - HKLM..Run: [Persistence] E:WINDOWSsystem32igfxpers.exe O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM..Run: [avast!] E:PROGRA~1ALWILS~1Avast4ashDisp.exe O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE O4 - HKLM..Run: [type32] "E:Program FilesMicrosoft IntelliType Protype32.exe" O4 - HKLM..Run: [intelliPoint] "E:Program FilesMicrosoft IntelliPointpoint32.exe" O4 - HKLM..Run: [sunJavaUpdateSched] "E:Program FilesJavajre1.6.0_01binjusched.exe" O4 - HKLM..Run: [LVCOMSX] E:WINDOWSsystem32LVCOMSX.EXE O4 - HKLM..Run: [LogitechVideoRepair] E:Program FilesLogitechVideoISStart.exe O4 - HKLM..Run: [LogitechVideoTray] E:Program FilesLogitechVideoLogiTray.exe O4 - HKLM..Run: [LaunchList] E:Program FilesPinnacleStudio 9LaunchList.exe O4 - HKLM..Run: [QuickTime Task] "E:Program FilesQuickTimeqttask.exe" -atboottime O4 - HKLM..Run: [H2O] E:Program FilesSyncroSoftPosH2Ocledx.exe O4 - HKLM..Run: [TkBellExe] "E:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot O4 - HKCU..Run: [CTFMON.EXE] E:WINDOWSSystem32ctfmon.exe O4 - HKCU..Run: [spyware Doctor] "E:Program FilesSpyware Doctorswdoctor.exe" /Q O4 - HKCU..Run: [LogitechSoftwareUpdate] "E:Program FilesLogitechVideoManifestEngine.exe" boot O4 - HKCU..Run: [Komunikator] "E:Program FilesTlen.pltlen.exe" --confdir=home O4 - HKCU..Run: [updateMgr] "E:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU..Run: [Gadu-Gadu] "E:Program FilesGadu-Gadugg.exe" /tray O4 - Global Startup: Adobe Gamma Loader.lnk = E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe O8 - Extra context menu item: Download All by FlashGet - E:Program FilesFlashGetjc_all.htm O8 - Extra context menu item: Download using FlashGet - E:Program FilesFlashGetjc_link.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:PROGRA~1MICROS~4Office10EXCEL.EXE/3000 O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:Program FilesFlashGetjc_link.htm O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - E:Program FilesFlashGetjc_all.htm O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:PROGRA~1SPYWAR~2toolsiesdpb.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:WINDOWSwebrelated.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:WINDOWSwebrelated.htm O10 - Broken Internet access because of LSP provider 'e:windowssystem32wshbth.dll' missing O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: igfxcui - E:WINDOWSSYSTEM32igfxdev.dll O20 - Winlogon Notify: PCANotify - E:WINDOWSSYSTEM32PCANotify.dll O20 - Winlogon Notify: WgaLogon - E:WINDOWSSYSTEM32WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:WINDOWSsystem32WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - E:Program FilesAlwil SoftwareAvast4ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - E:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing) O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - E:Program FilesSymantecpcAnywhereawhost32.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - E:Program FilesiPodbiniPodService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)
CatchMe komentarz 22 czerwca 2007 komentarz 22 czerwca 2007 Pogrubione pliki usuń z dysku a wpisy skasuj w HijackThis: O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - E:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE Następnie wklej logi z HijackThis + Silent Runners + ComboFix.
jabar2 komentarz 22 czerwca 2007 Autor komentarz 22 czerwca 2007 O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE usunalem a MyGlobalSearch nie moge wykasowac bo wyskakuje :"blad usuwania pliku lub folderu.nie mozna usunac mgsbar.dll:odmowa dostepu. Sprawdz czy dysk nie jest zapelniony lub chroniony przed zapisem oraz,czy plik nie jest aktualnie uzywany" nie wiem czy jest obecnie uzywany i czy jest chroniony. a tak na marginesie mozesz mi powiedziec dlaczego mam te pliki usunac i co to za pliki?wirusy?
CatchMe komentarz 22 czerwca 2007 komentarz 22 czerwca 2007 To nie są wirusy tylko spyware. http://pl.wikipedia.org/wiki/Spyware ComboFix powinien to usunąć. Wklej logi, o które prosiłem.
The ONE komentarz 22 czerwca 2007 komentarz 22 czerwca 2007 Spróbuj przeskanować kompa tym może obejdzie się bez hijackthis KLIKNIJ
CatchMe komentarz 22 czerwca 2007 komentarz 22 czerwca 2007 The ONE, kolejny mistrz w usuwaniu syfu. Uważasz, że wszystko usuniesz skanerem on-line? A masz coś zastępczego za ComboFix?
The ONE komentarz 22 czerwca 2007 komentarz 22 czerwca 2007 Nie wiem o co CI chodzi koleś. Jeżeli ktos nie zna się zbytnio na tego typu programach to nie będę mu radził żeby napisał sobie własnego anty Spyware'a Może niech najpierw sprawdzi standardowymi metodami a jeśli to nie pomoże to wtedy można poradzić coś konkretniejszego. Nie widze powodów żeby zaczynać od końca...
Dziniu komentarz 22 czerwca 2007 komentarz 22 czerwca 2007 usuń wszystkie pliki z katalogu MyGlobalSearch programem PocketKillbox opcją Delete on Reboot czy jakos tak
jabar2 komentarz 22 czerwca 2007 Autor komentarz 22 czerwca 2007 "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++} "CTFMON.EXE" = "E:WINDOWSSystem32ctfmon.exe" [MS] "Spyware Doctor" = ""E:Program FilesSpyware Doctorswdoctor.exe" /Q" ["PCTools"] "LogitechSoftwareUpdate" = ""E:Program FilesLogitechVideoManifestEngine.exe" boot" ["Logitech Inc."] "updateMgr" = ""E:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1" ["Adobe Systems Incorporated"] "Gadu-Gadu" = ""E:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."] HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++} "IgfxTray" = "E:WINDOWSsystem32igfxtray.exe" ["Intel Corporation"] "HotKeysCmds" = "E:WINDOWSsystem32hkcmd.exe" ["Intel Corporation"] "Persistence" = "E:WINDOWSsystem32igfxpers.exe" ["Intel Corporation"] "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "avast!" = "E:PROGRA~1ALWILS~1Avast4ashDisp.exe" ["ALWIL Software"] "type32" = ""E:Program FilesMicrosoft IntelliType Protype32.exe"" [MS] "IntelliPoint" = ""E:Program FilesMicrosoft IntelliPointpoint32.exe"" [MS] "SunJavaUpdateSched" = ""E:Program FilesJavajre1.6.0_01binjusched.exe"" ["Sun Microsystems, Inc."] "LVCOMSX" = "E:WINDOWSsystem32LVCOMSX.EXE" ["Logitech Inc."] "LogitechVideoRepair" = "E:Program FilesLogitechVideoISStart.exe " ["Logitech Inc."] "LogitechVideoTray" = "E:Program FilesLogitechVideoLogiTray.exe" ["Logitech Inc."] "LaunchList" = "E:Program FilesPinnacleStudio 9LaunchList.exe" [file not found] "QuickTime Task" = ""E:Program FilesQuickTimeqttask.exe" -atboottime" ["Apple Computer, Inc."] "H2O" = "E:Program FilesSyncroSoftPosH2Ocledx.exe" ["Team H2O"] "TkBellExe" = ""E:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot" ["RealNetworks, Inc."] "MSConfig" = "E:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto" [MS] HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" InProcServer32(Default) = "E:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"] {37B85A21-692B-4205-9CAD-2626E4993404}(Default) = "My Global Search Bar BHO" -> {HKLM...CLSID} = "My Global Search Bar BHO" InProcServer32(Default) = "E:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL" ["My Global Search"] {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}(Default) = (no title provided) -> {HKLM...CLSID} = "PCTools Site Guard" InProcServer32(Default) = "E:PROGRA~1SPYWAR~2toolsiesdsg.dll" [null data] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" InProcServer32(Default) = "E:Program FilesJavajre1.6.0_01binssv.dll" ["Sun Microsystems, Inc."] {B56A7D7D-6927-48C8-A975-17DF180C71AC}(Default) = (no title provided) -> {HKLM...CLSID} = "PCTools Browser Monitor" InProcServer32(Default) = "E:PROGRA~1SPYWAR~2toolsiesdpb.dll" ["GuideWorks Pty. Ltd."] HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" InProcServer32(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" InProcServer32(Default) = "E:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."] "{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Previous Versions Property Page" -> {HKLM...CLSID} = "Previous Versions Property Page" InProcServer32(Default) = "E:WINDOWSSystem32twext.dll" [file not found] "{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Previous Versions" -> {HKLM...CLSID} = "Previous Versions" InProcServer32(Default) = "E:WINDOWSSystem32twext.dll" [file not found] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "E:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] "{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page" -> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page" InProcServer32(Default) = ""E:Program FilesMicrosoft IntelliType Proitcplzm.dll"" [MS] "{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page" -> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page" InProcServer32(Default) = ""E:Program FilesMicrosoft IntelliType Proitcplwhl.dll"" [MS] "{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page" -> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page" InProcServer32(Default) = ""E:Program FilesMicrosoft IntelliType Proitcplkey.dll"" [MS] "{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page" -> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page" InProcServer32(Default) = ""E:Program FilesMicrosoft IntelliType Proitcplwir.dll"" [MS] "{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page" -> {HKLM...CLSID} = "Wireless Property Page" InProcServer32(Default) = ""E:Program FilesMicrosoft IntelliPointipcplwir.dll"" [MS] "{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page" -> {HKLM...CLSID} = "Wheel Property Page" InProcServer32(Default) = ""E:Program FilesMicrosoft IntelliPointipcplwhl.dll"" [MS] "{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page" -> {HKLM...CLSID} = "Activities Property Page" InProcServer32(Default) = ""E:Program FilesMicrosoft IntelliPointipcplact.dll"" [MS] "{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page" -> {HKLM...CLSID} = "Buttons Property Page" InProcServer32(Default) = ""E:Program FilesMicrosoft IntelliPointipcplbtn.dll"" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" InProcServer32(Default) = "E:Program FilesRealRealOne Playerrpshell.dll" ["RealNetworks, Inc."] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" InProcServer32(Default) = "E:Program FilesiTunesiTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" InProcServer32(Default) = "E:Program FilesMicrosoft OfficeOffice10OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) InProcServer32(Default) = "E:Program FilesMicrosoft OfficeOffice10msohev.dll" [MS] "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures" -> {HKLM...CLSID} = "My Logitech Pictures" InProcServer32(Default) = "E:Program FilesLogitechVideoNamespc2.dll" ["Logitech Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "E:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" InProcServer32(Default) = "E:WINDOWSsystem32WPDShServiceObj.dll" [MS] HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify <<!>> igfxcuiDLLName = "igfxdev.dll" ["Intel Corporation"] <<!>> PCANotifyDLLName = "PCANotify.dll" ["Symantec Corporation"] HKLMSoftwareClassesFoldershellexColumnHandlers {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" InProcServer32(Default) = "E:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."] HKLMSoftwareClasses*shellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "E:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "E:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesDirectoryshellexContextMenuHandlers WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "E:Program FilesWinRARrarext.dll" [null data] HKLMSoftwareClassesFoldershellexContextMenuHandlers avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" InProcServer32(Default) = "E:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"] WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" InProcServer32(Default) = "E:Program FilesWinRARrarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral "Wallpaper" = "E:WINDOWSWebWallpaperIdylla.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCUControl PanelDesktop "Wallpaper" = "E:WINDOWSWebWallpaperIdylla.bmp" Enabled Screen Saver: --------------------- HKCUControl PanelDesktop "SCRNSAVE.EXE" = "E:WINDOWSSystem32scrnsave.scr" [MS] Startup items in "wasyl" & "All Users" startup folders: ------------------------------------------------------- E:Documents and SettingsAll UsersMenu StartProgramyAutostart "Adobe Gamma Loader" -> shortcut to: "E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe" ["Adobe Systems, Inc."] "Adobe Reader Speed Launch" -> shortcut to: "E:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe" ["Adobe Systems Incorporated"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E tries {++} 000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS] 000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS] 000000000004LibraryPath = "%SystemRoot%system32wshbth.dll" [file not found] Transport Service Providers HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En ries {++} 0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 22 %SystemRoot%system32rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" InProcServer32(Default) = "E:Program FilesYahoo!CompanionInstallscpnyt.dll" [file not found] "{37B85A29-692B-4205-9CAD-2626E4993404}" -> {HKLM...CLSID} = "My Global Search Bar" InProcServer32(Default) = "E:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL" ["My Global Search"] Extensions (Tools menu items, main toolbar menu buttons) HKLMSoftwareMicrosoftInternet ExplorerExtensions {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} "ButtonText" = "Spyware Doctor" "CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}" -> {HKLM...CLSID} = "PCTools Browser Monitor" InProcServer32(Default) = "E:PROGRA~1SPYWAR~2toolsiesdpb.dll" ["GuideWorks Pty. Ltd."] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ""E:Program FilesAlwil SoftwareAvast4ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""E:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"] Print Monitors: --------------- HKLMSystemCurrentControlSetControlPrintMonitors EPSON V6 2KMonitorDriver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"] pcAnywhere Remote PrintingDriver = "awmon.dll" ["Symantec Corporation"] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 637 seconds. ---------- (total run time: 3336 seconds)
CatchMe komentarz 22 czerwca 2007 komentarz 22 czerwca 2007 Spyware Doctor - radzę zmienić na jakąś alternatywę. - Gdzie jest log z ComboFix?
jabar2 komentarz 22 czerwca 2007 Autor komentarz 22 czerwca 2007 ComboFix 07-06-21.3 - E:Documents and SettingswasylPulpitComboFix.exe "wasyl" - 2006-12-23 22:13:04 NTFS Rootkit driver xpdt is present. ... attempting disinfection xpdt ...... driver unloaded successfully. ADS removed - system32: deleted 78580 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) E:Program FilesMyGlobalSearch E:Program FilesMyGlobalSearchbar1.binM9FFXTBR.JAR E:Program FilesMyGlobalSearchbar1.binM9FFXTBR.MANIFEST E:Program FilesMyGlobalSearchbar1.binM9NTSTBR.JAR E:Program FilesMyGlobalSearchbar1.binM9NTSTBR.MANIFEST E:Program FilesMyGlobalSearchbar1.binM9PLUGIN.DLL E:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL E:Program FilesMyGlobalSearchbar1.binNPMYGLSH.DLL E:Program FilesMyGlobalSearchbarCache0062109D E:Program FilesMyGlobalSearchbarCache006212DF E:Program FilesMyGlobalSearchbarCachefiles.ini E:Program FilesMyGlobalSearchbarHistorysearch E:Program FilesMyGlobalSearchbarSettingsprevcfg.htm E:WINDOWSb.exe E:WINDOWShosts E:WINDOWSwr.txt ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------LEGACY_NM -------nm ((((((((((((((((((((((((( Files Created from 2006-11-23 to 2006-12-23 ))))))))))))))))))))))))))))))) 2006-12-23 22:10 49,152 --a------ E:WINDOWSnircmd.exe 2006-12-16 20:26 <DIR> d-------- E:WINDOWSspeech 2006-12-14 12:03 83,712 --a------ E:WINDOWSsystem32driversNABTSFEC.sys 2006-12-14 12:03 50,688 --a------ E:WINDOWSsystem32vfwwdm32.dll 2006-12-14 12:03 4,096 --a------ E:WINDOWSsystem32ksuser.dll 2006-12-14 12:03 24,960 --a------ E:WINDOWSsystem32driversusbccgp.sys 2006-12-14 12:03 19,456 --a------ E:WINDOWSsystem32hidserv.dll 2006-12-14 12:03 18,560 --a------ E:WINDOWSsystem32driversWSTCODEC.SYS 2006-12-14 12:03 16,256 --a------ E:WINDOWSsystem32driversCCDECODE.sys 2006-12-14 12:03 14,080 --a------ E:WINDOWSsystem32driverskbdhid.sys 2006-12-11 15:36 2,929 --a------ E:WINDOWSmozver.dat 2006-12-11 15:36 0 --a------ E:WINDOWSnsreg.dat 2006-12-10 15:29 <DIR> d-------- E:DOCUME~1GOEBFF~1DANEAP~1Skype 2006-12-09 22:59 4,212 ---h----- E:WINDOWSsystem32zllictbl.dat 2006-12-09 22:59 11,264 --a------ E:WINDOWSsystem32SpOrder.dll 2006-12-09 22:58 <DIR> d-------- E:WINDOWSInternet Logs 2006-12-09 09:57 1,870,336 --a------ E:WINDOWSsystem32bconvert.dll 2006-12-09 09:57 <DIR> d-------- E:Program FilesCommon FilesNative Instruments 2006-12-07 14:21 <DIR> d-------- E:WINDOWSPrefetch 2006-12-07 13:46 24,576 --a------ E:WINDOWSsystem32xpsp1hfm.exe 2006-12-07 13:46 <DIR> d--h-c--- E:WINDOWS$xpsp1hfm$ 2006-12-07 13:45 <DIR> d-------- E:c7c2b204cce6aa6bf6ad7dd02655b8cd 2006-12-07 13:26 <DIR> d--hs---- E:WINDOWSCSC 2006-12-05 10:36 <DIR> d-------- E:Program FilesPropellerhead 2006-12-03 16:13 <DIR> d-------- E:Program FilesKORG Legacy 2006-12-03 16:13 <DIR> d-------- E:Program FilesCommon FilesKORG 2006-12-03 15:48 <DIR> d-------- E:Program FilesPoiZone 2006-12-01 15:38 <DIR> d-------- E:sample 2006-11-28 21:24 61,440 --a------ E:WINDOWSsystem32NI_DFD_1_5.dll 2006-11-28 21:24 393,216 --a------ E:WINDOWSsystem32NI_IRC_1_2.dll 2006-11-28 21:24 1,990,656 --a------ E:WINDOWSsystem32kconvert.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-28 13:42:08 -------- d-----w E:Program FilesSyncrosoft 2007-05-27 21:38:50 -------- d-----w E:DOCUME~1wasylDANEAP~1Real 2007-05-27 21:34:25 -------- d-----w E:Program FilesCommon Filesxing shared 2007-05-27 21:34:20 -------- d-----w E:Program FilesCommon FilesReal 2007-05-26 21:00:59 -------- d-----w E:DOCUME~1wasylDANEAP~1Skype 2007-05-25 21:18:44 -------- d-----w E:Program FilesGG_RPC2 2007-05-25 19:54:51 -------- d-----w E:Program FilesGadu-Gadu 2007-05-24 19:31:10 1,040,384 ----a-w E:WINDOWSsystem32libeay32.dll 2007-05-24 19:31:06 196,608 ----a-w E:WINDOWSsystem32ssleay32.dll 2007-05-24 19:28:17 -------- d-----w E:Program FilesWinamp 2007-05-24 19:27:49 -------- d-----w E:Program FilesSpyLocked 3.7 2007-05-24 19:26:52 -------- d-----w E:Program FilesAudacity 2007-05-24 18:18:44 1,040,384 ----a-w E:WINDOWSsystem32libeay32(2)(2).dll 2007-05-24 18:18:40 196,608 ----a-w E:WINDOWSsystem32ssleay32(2)(2).dll 2007-05-09 17:31:53 -------- d-----w E:DOCUME~1wasylDANEAP~1Gadu-Gadu 2007-04-30 15:46:10 745,600 ----a-w E:WINDOWSsystem32aswBoot.exe 2007-04-30 15:41:55 85,952 ----a-w E:WINDOWSsystem32driversaswmon.sys 2007-04-30 15:41:42 94,552 ----a-w E:WINDOWSsystem32driversaswmon2.sys 2007-04-30 15:39:41 23,416 ----a-w E:WINDOWSsystem32driversaswRdr.sys 2007-04-30 15:38:51 43,176 ----a-w E:WINDOWSsystem32driversaswTdi.sys 2007-04-30 15:37:23 26,888 ----a-w E:WINDOWSsystem32driversaavmker4.sys 2007-04-30 15:35:28 95,872 ----a-w E:WINDOWSsystem32AVASTSS.scr 2007-04-16 22:45:20 43,352 ----a-w E:WINDOWSsystem32wups2.dll 2007-04-05 19:49:43 -------- d-----w E:Program FilesSONAR 6 Producer Edition 2007-04-05 19:48:57 -------- d-----w E:Program FilesSony 2007-04-04 23:43:15 -------- d-----w E:DOCUME~1wasylDANEAP~1Cakewalk 2007-04-04 23:40:01 -------- d-----w E:Program FilesSonar6 2007-04-04 23:40:00 -------- d-----w E:Program FilesSonar6PlugIns 2007-04-04 17:47:40 -------- d-----w E:Program FilesASIO4ALL v2 2007-04-04 17:25:13 -------- d-----w E:DOCUME~1wasylDANEAP~1Propellerhead Software 2007-04-04 00:41:23 -------- d-----w E:Program FilesCommon FilesDigidesign 2007-04-04 00:25:59 -------- d-----w E:DOCUME~1wasylDANEAP~1Publish Providers 2007-04-04 00:25:59 -------- d-----w E:DOCUME~1wasylDANEAP~1NetMedia Providers 2007-04-03 23:12:40 -------- d-----w E:DOCUME~1wasylDANEAP~1Steinberg 2007-04-03 23:08:23 -------- d-----w E:Program Fileslicense control 2007-04-03 21:14:16 -------- d-----w E:DOCUME~1wasylDANEAP~1Ableton 2007-04-03 21:12:37 -------- d-----w E:Program FilesAbleton 2007-04-03 20:16:51 -------- d-----w E:DOCUME~1wasylDANEAP~1AdobeUM 2007-04-02 23:33:31 -------- d-----w E:Program FilesCommon FilesSymantec Shared 2007-04-02 23:33:22 -------- d-----w E:Program FilesSymantec 2007-04-02 23:33:12 83,168 ----a-w E:WINDOWSsystem32S32EVNT1.DLL 2007-04-02 23:33:12 104,144 ----a-w E:WINDOWSsystem32driversSYMEVENT.SYS 2007-03-26 10:30:40 -------- d-----w E:Program FilesWindows Media Connect 2 2007-03-18 02:25:03 -------- d-----w E:Program Filesgg password recowery 2007-03-18 00:38:10 236,499 ----a-w E:Program Filesuap.exe 2007-03-18 00:36:45 -------- d-----w E:Program FilesWinPcap 2007-03-17 23:02:53 -------- d-----w E:Program Filescoolpro2 2007-03-02 11:25:22 -------- d-----w E:DOCUME~1wasylDANEAP~1MSN6 2007-02-19 18:37:21 163,644 ----a-w E:WINDOWSsystem32driverssecdrv.sys 2007-02-01 22:22:25 -------- d-----w E:Program FilesPinnacle 2007-02-01 22:18:41 -------- d--h--w E:Program FilesInstallShield Installation Information 2007-01-25 13:05:41 616,448 ----a-w E:WINDOWSsystem32urlmon(3).dll 2007-01-04 13:58:04 661,504 ----a-w E:WINDOWSsystem32wininet(3).dll 2007-01-04 13:58:00 474,112 ----a-w E:WINDOWSsystem32shlwapi(3).dll 2007-01-04 13:57:18 1,023,488 ----a-w E:WINDOWSsystem32browseui(2).dll 2006-12-23 22:15:12 49,916 ----a-w E:WINDOWSsystem32perfc015.dat 2006-12-23 22:15:12 356,160 ----a-w E:WINDOWSsystem32perfh015.dat 2006-12-12 23:18:29 -------- d-----w E:DOCUME~1wasylDANEAP~1LimeWire 2006-12-09 09:58:01 -------- d-----w E:Program FilesVstPlugins 2006-12-07 13:37:28 -------- d-----w E:Program FilesWindows NT 2006-12-07 13:37:25 -------- d-----w E:Program FilesMovie Maker 2006-12-07 13:37:25 -------- d-----w E:Program FilesMessenger 2006-12-05 10:36:09 -------- d-----w E:Program FilesSteinberg 2006-12-01 15:58:59 -------- d-----w E:Program FilesImage-Line 2006-12-01 15:57:27 -------- d-----w E:Program FilesCommon FilesACD Systems 2006-12-01 15:56:55 -------- d-----w E:Program FilesACD Systems 2006-12-01 14:51:01 -------- d-----w E:Program FilesNative Instruments 2006-11-02 10:52:52 42,496 ------w E:WINDOWSsystem32wpdshextres.dll 2006-11-01 19:19:04 927,504 ----a-w E:WINDOWSsystem32mfc40u.dll 2006-10-31 14:10:54 233,472 ----a-w E:WINDOWSsystem32REX Shared Library.dll 2006-10-18 20:58:00 8,704 ----a-w E:WINDOWSsystem32wdfmgr.exe 2006-10-18 20:58:00 8,704 ----a-w E:WINDOWSsystem32uwdf.exe 2006-10-18 20:47:22 767,488 ------w E:WINDOWSsystem32WMVSENCD.dll 2006-10-18 20:47:22 656,896 ------w E:WINDOWSsystem32WMVXENCD.dll 2006-10-18 20:47:22 63,488 ----a-w E:WINDOWSsystem32wpdmtpus.dll 2006-10-18 20:47:22 629,760 ----a-w E:WINDOWSsystem32wpd_ci.dll 2006-10-18 20:47:22 4,096 ----a-w E:WINDOWSsystem32WMVADVE.DLL 2006-10-18 20:47:22 4,096 ----a-w E:WINDOWSsystem32WMVADVD.dll 2006-10-18 20:47:22 356,352 ----a-w E:WINDOWSsystem32wpdsp.dll 2006-10-18 20:47:22 35,840 ----a-w E:WINDOWSsystem32wpdconns.dll 2006-10-18 20:47:22 2,603,008 ------w E:WINDOWSsystem32WpdShext.dll 2006-10-18 20:47:22 154,624 ----a-w E:WINDOWSsystem32wpdmtp.dll 2006-10-18 20:47:22 133,632 ------w E:WINDOWSsystem32WPDShServiceObj.dll 2006-10-18 20:47:22 1,574,912 ------w E:WINDOWSsystem32WMVENCOD.dll 2006-10-18 20:47:22 1,543,680 ------w E:WINDOWSsystem32WMVDECOD.dll 2006-10-18 20:47:22 1,382,912 ------w E:WINDOWSsystem32WMVSDECD.dll 2006-10-18 20:47:20 535,040 ------w E:WINDOWSsystem32wmdrmsdk.dll 2006-10-18 20:47:20 348,672 ----a-w E:WINDOWSsystem32wmdrmnet.dll 2006-10-18 20:47:18 429,056 ----a-w E:WINDOWSsystem32wmdrmdev.dll 2006-10-18 20:47:18 4,096 ----a-w E:WINDOWSsystem32wdfapi.dll 2006-10-18 20:47:18 284,160 ------w E:WINDOWSsystem32PortableDeviceApi.dll 2006-10-18 20:47:18 199,168 ------w E:WINDOWSsystem32PortableDeviceWMDRM.dll 2006-10-18 20:47:18 166,912 ------w E:WINDOWSsystem32PortableDeviceTypes.dll 2006-10-18 20:47:18 132,096 ------w E:WINDOWSsystem32PortableDeviceWiaCompat.dll 2006-10-18 20:47:18 101,888 ------w E:WINDOWSsystem32PortableDeviceClassExtension.dll 2006-10-18 20:47:14 317,440 ------w E:WINDOWSsystem32MP4SDECD.dll 2006-10-18 20:47:14 259,072 ------w E:WINDOWSsystem32MPG4DECD.dll 2006-10-18 20:47:14 259,072 ------w E:WINDOWSsystem32MP43DECD.dll 2006-10-18 20:47:14 212,992 ------w E:WINDOWSsystem32MFPLAT.dll 2006-10-18 20:47:08 276,992 ----a-w E:WINDOWSsystem32audiodev.dll 2004-08-03 23:44:30 73,728 --sha-w E:WINDOWSRegisteredPackages{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$Systemwmplayer.exe ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects] {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}=E:PROGRA~1SPYWAR~2toolsiesdsg.dll [2004-12-20 10:38] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=E:Program FilesJavajre1.6.0_01binssv.dll [2007-03-14 02:43] {B56A7D7D-6927-48C8-A975-17DF180C71AC}=E:PROGRA~1SPYWAR~2toolsiesdpb.dll [2005-01-04 10:37] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "RTHDCPL"="RTHDCPL.EXE" [2005-09-22 05:36 E:WINDOWSRTHDCPL.exe] "avast!"="E:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 15:42] "type32"="E:Program FilesMicrosoft IntelliType Protype32.exe" [2004-06-03 08:51] "IntelliPoint"="E:Program FilesMicrosoft IntelliPointpoint32.exe" [2004-06-03 08:50] "SunJavaUpdateSched"="E:Program FilesJavajre1.6.0_01binjusched.exe" [2007-03-14 02:43] "LogitechVideoRepair"="E:Program FilesLogitechVideoISStart.exe" [2005-06-08 14:24] "LogitechVideoTray"="E:Program FilesLogitechVideoLogiTray.exe" [2005-06-08 14:14] "LaunchList"="E:Program FilesPinnacleStudio 9LaunchList.exe" [] "QuickTime Task"="E:Program FilesQuickTimeqttask.exe" [2006-03-06 15:46] "H2O"="E:Program FilesSyncroSoftPosH2Ocledx.exe" [2005-10-22 23:00] "TkBellExe"="E:Program FilesCommon FilesRealUpdate_OBrealsched.exe" [2007-05-27 21:33] [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "CTFMON.EXE"="E:WINDOWSSystem32ctfmon.exe" [2001-10-26 17:29] "Spyware Doctor"="E:Program FilesSpyware Doctorswdoctor.exe" [2005-01-06 13:09] "LogitechSoftwareUpdate"="E:Program FilesLogitechVideoManifestEngine.exe" [2005-06-08 13:44] "updateMgr"="E:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" [2006-03-30 16:45] "Gadu-Gadu"="E:Program FilesGadu-Gadugg.exe" [2007-05-10 14:36] "Komunikator"="E:Program FilesTlen.pltlen.exe" [2006-05-12 12:13] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyPCANotify] PCANotify.dll [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] Notification Packages [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKomunikator] "E:Program FilesTlen.pltlen.exe" --confdir=home [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost] bthsvcs BthServ ************************************************************************** catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2006-12-23 22:16:43 Windows 5.1.2600 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINEsystemControlSet004ServicesBTHPORTParametersServices{00001000-0000-1000-8000-00805f9b34fb}] [HKEY_LOCAL_MACHINEsystemControlSet004ServicesBTHPORTParametersServices{00001115-0000-1000-8000-00805f9b34fb}] Completion time: 2006-12-23 22:17:39 - machine was rebooted E:ComboFix-quarantined-files.txt ... 2006-12-23 22:17 --- E O F ---
CatchMe komentarz 23 czerwca 2007 komentarz 23 czerwca 2007 Użyj: SmitFraudFix z opcji 2 w trybie awaryjnym. - Log z pracy programu znajduje się tutaj: C:raport.txt - wklej go na forum. Ściagnij: Gmer`a * Rootkit >>> zaznaczone Pokaż wszystko >>> wskazane tylko Usługi >>> Szukaj >>> Kopiuj >>> CTRL+V na www.wklej.org * Rootkit >>> odznaczone Pokaż wszystko >>> wskazane wszystkie obiekty do skanu >>> Szukaj>>> Kopiuj >>> CTRL+V na www.wklej.org - W rezultacie otrzymujemy 2 logi, które wklejamy na www.wklej.org a linki podajemy na forum. - Następnie daj wszystkie nowe logi.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.