prosze o sprawdzenie logow

[jabar2]

Logfile of HijackThis v1.99.1

Scan saved at 18:34:25, on 2006-12-23

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

E:WINDOWSSystem32smss.exe

E:WINDOWSsystem32winlogon.exe

E:WINDOWSsystem32services.exe

E:WINDOWSsystem32lsass.exe

E:WINDOWSsystem32svchost.exe

E:WINDOWSSystem32svchost.exe

E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

E:Program FilesAlwil SoftwareAvast4ashServ.exe

E:WINDOWSsystem32spoolsv.exe

E:WINDOWSSystem32svchost.exe

E:Program FilesAlwil SoftwareAvast4ashWebSv.exe

E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe

E:WINDOWSSystem32WgaTray.exe

E:WINDOWSExplorer.EXE

E:WINDOWSsystem32hkcmd.exe

E:WINDOWSsystem32igfxpers.exe

E:WINDOWSRTHDCPL.EXE

E:PROGRA~1ALWILS~1Avast4ashDisp.exe

E:Program FilesMicrosoft IntelliType Protype32.exe

E:Program FilesMicrosoft IntelliPointpoint32.exe

E:Program FilesJavajre1.6.0_01binjusched.exe

E:WINDOWSsystem32LVCOMSX.EXE

E:Program FilesLogitechVideoLogiTray.exe

E:Program FilesQuickTimeqttask.exe

E:Program FilesCommon FilesRealUpdate_OBrealsched.exe

E:WINDOWSSystem32ctfmon.exe

E:Program FilesSpyware Doctorswdoctor.exe

E:Program FilesTlen.pltlen.exe

E:Program FilesGadu-Gadugg.exe

E:Program FilesWinampwinampa.exe

E:Program FilesLogitechVideoFxSvr2.exe

E:WINDOWSSystem32wuauclt.exe

E:Program FilesAlwil SoftwareAvast4ashSimpl.exe

E:PROGRA~1MOZILL~1FIREFOX.EXE

E:Documents and SettingswasylPulpithijackthisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.wp.pl/

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - E:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:PROGRA~1SPYWAR~2toolsiesdsg.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:Program FilesJavajre1.6.0_01binssv.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:PROGRA~1SPYWAR~2toolsiesdpb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:WINDOWSsystem32msdxm.ocx

O4 - HKLM..Run: [igfxTray] E:WINDOWSsystem32igfxtray.exe

O4 - HKLM..Run: [HotKeysCmds] E:WINDOWSsystem32hkcmd.exe

O4 - HKLM..Run: [Persistence] E:WINDOWSsystem32igfxpers.exe

O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM..Run: [avast!] E:PROGRA~1ALWILS~1Avast4ashDisp.exe

O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM..Run: [type32] "E:Program FilesMicrosoft IntelliType Protype32.exe"

O4 - HKLM..Run: [intelliPoint] "E:Program FilesMicrosoft IntelliPointpoint32.exe"

O4 - HKLM..Run: [sunJavaUpdateSched] "E:Program FilesJavajre1.6.0_01binjusched.exe"

O4 - HKLM..Run: [LVCOMSX] E:WINDOWSsystem32LVCOMSX.EXE

O4 - HKLM..Run: [LogitechVideoRepair] E:Program FilesLogitechVideoISStart.exe

O4 - HKLM..Run: [LogitechVideoTray] E:Program FilesLogitechVideoLogiTray.exe

O4 - HKLM..Run: [LaunchList] E:Program FilesPinnacleStudio 9LaunchList.exe

O4 - HKLM..Run: [QuickTime Task] "E:Program FilesQuickTimeqttask.exe" -atboottime

O4 - HKLM..Run: [H2O] E:Program FilesSyncroSoftPosH2Ocledx.exe

O4 - HKLM..Run: [TkBellExe] "E:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot

O4 - HKCU..Run: [CTFMON.EXE] E:WINDOWSSystem32ctfmon.exe

O4 - HKCU..Run: [spyware Doctor] "E:Program FilesSpyware Doctorswdoctor.exe" /Q

O4 - HKCU..Run: [LogitechSoftwareUpdate] "E:Program FilesLogitechVideoManifestEngine.exe" boot

O4 - HKCU..Run: [Komunikator] "E:Program FilesTlen.pltlen.exe" --confdir=home

O4 - HKCU..Run: [updateMgr] "E:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU..Run: [Gadu-Gadu] "E:Program FilesGadu-Gadugg.exe" /tray

O4 - Global Startup: Adobe Gamma Loader.lnk = E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe

O8 - Extra context menu item: Download All by FlashGet - E:Program FilesFlashGetjc_all.htm

O8 - Extra context menu item: Download using FlashGet - E:Program FilesFlashGetjc_link.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:PROGRA~1MICROS~4Office10EXCEL.EXE/3000

O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - E:Program FilesFlashGetjc_link.htm

O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - E:Program FilesFlashGetjc_all.htm

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:PROGRA~1SPYWAR~2toolsiesdpb.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:WINDOWSwebrelated.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:WINDOWSwebrelated.htm

O10 - Broken Internet access because of LSP provider 'e:windowssystem32wshbth.dll' missing

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.putfile.com/includes/ImageUploader4.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O20 - Winlogon Notify: igfxcui - E:WINDOWSSYSTEM32igfxdev.dll

O20 - Winlogon Notify: PCANotify - E:WINDOWSSYSTEM32PCANotify.dll

O20 - Winlogon Notify: WgaLogon - E:WINDOWSSYSTEM32WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:WINDOWSsystem32WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - E:Program FilesAlwil SoftwareAvast4ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - E:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service (file missing)

O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - E:Program FilesSymantecpcAnywhereawhost32.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - E:Program FilesiPodbiniPodService.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%WinPcaprpcapd.exe" -d -f "%ProgramFiles%WinPcaprpcapd.ini (file missing)

[CatchMe]

Pogrubione pliki usuń z dysku a wpisy skasuj w HijackThis:

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - E:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE

Następnie wklej logi z HijackThis + Silent Runners + ComboFix.

[jabar2]

O4 - HKLM..Run: [Alcmtr] ALCMTR.EXE

usunalem

a MyGlobalSearch nie moge wykasowac bo wyskakuje :"blad usuwania pliku lub folderu.nie mozna usunac mgsbar.dll:odmowa dostepu. Sprawdz czy dysk nie jest zapelniony lub chroniony przed zapisem oraz,czy plik nie jest aktualnie uzywany"

nie wiem czy jest obecnie uzywany i czy jest chroniony. a tak na marginesie mozesz mi powiedziec dlaczego mam te pliki usunac i co to za pliki?wirusy?

[CatchMe]

To nie są wirusy tylko spyware. http://pl.wikipedia.org/wiki/Spyware

ComboFix powinien to usunąć. Wklej logi, o które prosiłem.

[The ONE]

Spróbuj przeskanować kompa tym może obejdzie się bez hijackthis

KLIKNIJ

[CatchMe]

The ONE, kolejny mistrz w usuwaniu syfu. Uważasz, że wszystko usuniesz skanerem on-line? A masz coś zastępczego za ComboFix?

[The ONE]

Nie wiem o co CI chodzi koleś. Jeżeli ktos nie zna się zbytnio na tego typu programach to nie będę mu radził żeby napisał sobie własnego anty Spyware'a

Może niech najpierw sprawdzi standardowymi metodami a jeśli to nie pomoże to wtedy można poradzić coś konkretniejszego. Nie widze powodów żeby zaczynać od końca...

[Dziniu]

usuń wszystkie pliki z katalogu MyGlobalSearch programem PocketKillbox opcją Delete on Reboot czy jakos tak

[jabar2]

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCUSoftwareMicrosoftWindowsCurrentVersionRun {++}

"CTFMON.EXE" = "E:WINDOWSSystem32ctfmon.exe" [MS]

"Spyware Doctor" = ""E:Program FilesSpyware Doctorswdoctor.exe" /Q" ["PCTools"]

"LogitechSoftwareUpdate" = ""E:Program FilesLogitechVideoManifestEngine.exe" boot" ["Logitech Inc."]

"updateMgr" = ""E:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1" ["Adobe Systems Incorporated"]

"Gadu-Gadu" = ""E:Program FilesGadu-Gadugg.exe" /tray" ["Gadu-Gadu S.A."]

HKLMSoftwareMicrosoftWindowsCurrentVersionRun {++}

"IgfxTray" = "E:WINDOWSsystem32igfxtray.exe" ["Intel Corporation"]

"HotKeysCmds" = "E:WINDOWSsystem32hkcmd.exe" ["Intel Corporation"]

"Persistence" = "E:WINDOWSsystem32igfxpers.exe" ["Intel Corporation"]

"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]

"avast!" = "E:PROGRA~1ALWILS~1Avast4ashDisp.exe" ["ALWIL Software"]

"type32" = ""E:Program FilesMicrosoft IntelliType Protype32.exe"" [MS]

"IntelliPoint" = ""E:Program FilesMicrosoft IntelliPointpoint32.exe"" [MS]

"SunJavaUpdateSched" = ""E:Program FilesJavajre1.6.0_01binjusched.exe"" ["Sun Microsystems, Inc."]

"LVCOMSX" = "E:WINDOWSsystem32LVCOMSX.EXE" ["Logitech Inc."]

"LogitechVideoRepair" = "E:Program FilesLogitechVideoISStart.exe " ["Logitech Inc."]

"LogitechVideoTray" = "E:Program FilesLogitechVideoLogiTray.exe" ["Logitech Inc."]

"LaunchList" = "E:Program FilesPinnacleStudio 9LaunchList.exe" [file not found]

"QuickTime Task" = ""E:Program FilesQuickTimeqttask.exe" -atboottime" ["Apple Computer, Inc."]

"H2O" = "E:Program FilesSyncroSoftPosH2Ocledx.exe" ["Team H2O"]

"TkBellExe" = ""E:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot" ["RealNetworks, Inc."]

"MSConfig" = "E:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto" [MS]

HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

InProcServer32(Default) = "E:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll" ["Adobe Systems Incorporated"]

{37B85A21-692B-4205-9CAD-2626E4993404}(Default) = "My Global Search Bar BHO"

-> {HKLM...CLSID} = "My Global Search Bar BHO"

InProcServer32(Default) = "E:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL" ["My Global Search"]

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}(Default) = (no title provided)

-> {HKLM...CLSID} = "PCTools Site Guard"

InProcServer32(Default) = "E:PROGRA~1SPYWAR~2toolsiesdsg.dll" [null data]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

InProcServer32(Default) = "E:Program FilesJavajre1.6.0_01binssv.dll" ["Sun Microsystems, Inc."]

{B56A7D7D-6927-48C8-A975-17DF180C71AC}(Default) = (no title provided)

-> {HKLM...CLSID} = "PCTools Browser Monitor"

InProcServer32(Default) = "E:PROGRA~1SPYWAR~2toolsiesdpb.dll" ["GuideWorks Pty. Ltd."]

HKLMSoftwareMicrosoftWindowsCurrentVersionShell ExtensionsApproved

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"

-> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"

InProcServer32(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

InProcServer32(Default) = "E:WINDOWSSystem32hticons.dll" ["Hilgraeve, Inc."]

"{596AB062-B4D2-4215-9F74-E9109B0A8153}" = "Previous Versions Property Page"

-> {HKLM...CLSID} = "Previous Versions Property Page"

InProcServer32(Default) = "E:WINDOWSSystem32twext.dll" [file not found]

"{9DB7A13C-F208-4981-8353-73CC61AE2783}" = "Previous Versions"

-> {HKLM...CLSID} = "Previous Versions"

InProcServer32(Default) = "E:WINDOWSSystem32twext.dll" [file not found]

"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"

-> {HKLM...CLSID} = "avast"

InProcServer32(Default) = "E:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]

"{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page"

-> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page"

InProcServer32(Default) = ""E:Program FilesMicrosoft IntelliType Proitcplzm.dll"" [MS]

"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"

-> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page"

InProcServer32(Default) = ""E:Program FilesMicrosoft IntelliType Proitcplwhl.dll"" [MS]

"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"

-> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page"

InProcServer32(Default) = ""E:Program FilesMicrosoft IntelliType Proitcplkey.dll"" [MS]

"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"

-> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page"

InProcServer32(Default) = ""E:Program FilesMicrosoft IntelliType Proitcplwir.dll"" [MS]

"{20082881-FC36-4E47-9A7A-644C95FF749F}" = "IntelliPoint Wireless Control Panel Property Page"

-> {HKLM...CLSID} = "Wireless Property Page"

InProcServer32(Default) = ""E:Program FilesMicrosoft IntelliPointipcplwir.dll"" [MS]

"{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE}" = "IntelliPoint Wheel Control Panel Property Page"

-> {HKLM...CLSID} = "Wheel Property Page"

InProcServer32(Default) = ""E:Program FilesMicrosoft IntelliPointipcplwhl.dll"" [MS]

"{653DCCC2-13DB-45B2-A389-427885776CFE}" = "IntelliPoint Activities Control Panel Property Page"

-> {HKLM...CLSID} = "Activities Property Page"

InProcServer32(Default) = ""E:Program FilesMicrosoft IntelliPointipcplact.dll"" [MS]

"{124597D8-850A-41AE-849C-017A4FA99CA2}" = "IntelliPoint Buttons Control Panel Property Page"

-> {HKLM...CLSID} = "Buttons Property Page"

InProcServer32(Default) = ""E:Program FilesMicrosoft IntelliPointipcplbtn.dll"" [MS]

"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"

-> {HKLM...CLSID} = "RealOne Player Context Menu Class"

InProcServer32(Default) = "E:Program FilesRealRealOne Playerrpshell.dll" ["RealNetworks, Inc."]

"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"

-> {HKLM...CLSID} = "iTunes"

InProcServer32(Default) = "E:Program FilesiTunesiTunesMiniPlayer.dll" ["Apple Computer, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

InProcServer32(Default) = "E:Program FilesMicrosoft OfficeOffice10OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

InProcServer32(Default) = "E:Program FilesMicrosoft OfficeOffice10msohev.dll" [MS]

"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"

-> {HKLM...CLSID} = "My Logitech Pictures"

InProcServer32(Default) = "E:Program FilesLogitechVideoNamespc2.dll" ["Logitech Inc."]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "E:Program FilesWinRARrarext.dll" [null data]

HKLMSoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

InProcServer32(Default) = "E:WINDOWSsystem32WPDShServiceObj.dll" [MS]

HKLMSoftwareMicrosoftWindows NTCurrentVersionWinlogonNotify

<<!>> igfxcuiDLLName = "igfxdev.dll" ["Intel Corporation"]

<<!>> PCANotifyDLLName = "PCANotify.dll" ["Symantec Corporation"]

HKLMSoftwareClassesFoldershellexColumnHandlers

{F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

InProcServer32(Default) = "E:Program FilesAdobeAcrobat 7.0ActiveXPDFShell.dll" ["Adobe Systems, Inc."]

HKLMSoftwareClasses*shellexContextMenuHandlers

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

InProcServer32(Default) = "E:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "E:Program FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesDirectoryshellexContextMenuHandlers

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "E:Program FilesWinRARrarext.dll" [null data]

HKLMSoftwareClassesFoldershellexContextMenuHandlers

avast(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"

-> {HKLM...CLSID} = "avast"

InProcServer32(Default) = "E:Program FilesAlwil SoftwareAvast4ashShell.dll" ["ALWIL Software"]

WinRAR(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

InProcServer32(Default) = "E:Program FilesWinRARrarext.dll" [null data]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKLMSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCUSoftwareMicrosoftInternet ExplorerDesktopGeneral

"Wallpaper" = "E:WINDOWSWebWallpaperIdylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCUControl PanelDesktop

"Wallpaper" = "E:WINDOWSWebWallpaperIdylla.bmp"

Enabled Screen Saver:

---------------------

HKCUControl PanelDesktop

"SCRNSAVE.EXE" = "E:WINDOWSSystem32scrnsave.scr" [MS]

Startup items in "wasyl" & "All Users" startup folders:

-------------------------------------------------------

E:Documents and SettingsAll UsersMenu StartProgramyAutostart

"Adobe Gamma Loader" -> shortcut to: "E:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe" ["Adobe Systems, Inc."]

"Adobe Reader Speed Launch" -> shortcut to: "E:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe" ["Adobe Systems Incorporated"]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersNameSpace_Catalog5Catalog_E

tries {++}

000000000001LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

000000000002LibraryPath = "%SystemRoot%System32winrnr.dll" [MS]

000000000003LibraryPath = "%SystemRoot%System32mswsock.dll" [MS]

000000000004LibraryPath = "%SystemRoot%system32wshbth.dll" [file not found]

Transport Service Providers

HKLMSystemCurrentControlSetServicesWinsock2ParametersProtocol_Catalog9Catalog_En

ries {++}

0000000000##PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%system32mswsock.dll [MS], 01 - 03, 06 - 22

%SystemRoot%system32rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Toolbars

HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"

-> {HKLM...CLSID} = "Yahoo! Toolbar"

InProcServer32(Default) = "E:Program FilesYahoo!CompanionInstallscpnyt.dll" [file not found]

"{37B85A29-692B-4205-9CAD-2626E4993404}"

-> {HKLM...CLSID} = "My Global Search Bar"

InProcServer32(Default) = "E:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL" ["My Global Search"]

Extensions (Tools menu items, main toolbar menu buttons)

HKLMSoftwareMicrosoftInternet ExplorerExtensions

{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}

"ButtonText" = "Spyware Doctor"

"CLSIDExtension" = "{A1EDC4A1-940F-48E0-8DFD-E38F1D501021}"

-> {HKLM...CLSID} = "PCTools Browser Monitor"

InProcServer32(Default) = "E:PROGRA~1SPYWAR~2toolsiesdpb.dll" ["GuideWorks Pty. Ltd."]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""E:Program FilesAlwil SoftwareAvast4ashServ.exe"" ["ALWIL Software"]

avast! iAVS4 Control Service, aswUpdSv, ""E:Program FilesAlwil SoftwareAvast4aswUpdSv.exe"" ["ALWIL Software"]

avast! Mail Scanner, avast! Mail Scanner, ""E:Program FilesAlwil SoftwareAvast4ashMaiSv.exe" /service" ["ALWIL Software"]

avast! Web Scanner, avast! Web Scanner, ""E:Program FilesAlwil SoftwareAvast4ashWebSv.exe" /service" ["ALWIL Software"]

Print Monitors:

---------------

HKLMSystemCurrentControlSetControlPrintMonitors

EPSON V6 2KMonitorDriver = "EBPMON24.DLL" ["SEIKO EPSON CORPORATION"]

pcAnywhere Remote PrintingDriver = "awmon.dll" ["Symantec Corporation"]

----------

<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

took 637 seconds.

---------- (total run time: 3336 seconds)

[CatchMe]

Spyware Doctor - radzę zmienić na jakąś alternatywę.

- Gdzie jest log z ComboFix?

[jabar2]

ComboFix 07-06-21.3 - E:Documents and SettingswasylPulpitComboFix.exe

"wasyl" - 2006-12-23 22:13:04 NTFS

Rootkit driver xpdt is present. ... attempting disinfection

xpdt ...... driver unloaded successfully.

ADS removed - system32: deleted 78580 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

E:Program FilesMyGlobalSearch

E:Program FilesMyGlobalSearchbar1.binM9FFXTBR.JAR

E:Program FilesMyGlobalSearchbar1.binM9FFXTBR.MANIFEST

E:Program FilesMyGlobalSearchbar1.binM9NTSTBR.JAR

E:Program FilesMyGlobalSearchbar1.binM9NTSTBR.MANIFEST

E:Program FilesMyGlobalSearchbar1.binM9PLUGIN.DLL

E:Program FilesMyGlobalSearchbar1.binMGSBAR.DLL

E:Program FilesMyGlobalSearchbar1.binNPMYGLSH.DLL

E:Program FilesMyGlobalSearchbarCache0062109D

E:Program FilesMyGlobalSearchbarCache006212DF

E:Program FilesMyGlobalSearchbarCachefiles.ini

E:Program FilesMyGlobalSearchbarHistorysearch

E:Program FilesMyGlobalSearchbarSettingsprevcfg.htm

E:WINDOWSb.exe

E:WINDOWShosts

E:WINDOWSwr.txt

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------LEGACY_NM

-------nm

((((((((((((((((((((((((( Files Created from 2006-11-23 to 2006-12-23 )))))))))))))))))))))))))))))))

2006-12-23 22:10 49,152 --a------ E:WINDOWSnircmd.exe

2006-12-16 20:26 <DIR> d-------- E:WINDOWSspeech

2006-12-14 12:03 83,712 --a------ E:WINDOWSsystem32driversNABTSFEC.sys

2006-12-14 12:03 50,688 --a------ E:WINDOWSsystem32vfwwdm32.dll

2006-12-14 12:03 4,096 --a------ E:WINDOWSsystem32ksuser.dll

2006-12-14 12:03 24,960 --a------ E:WINDOWSsystem32driversusbccgp.sys

2006-12-14 12:03 19,456 --a------ E:WINDOWSsystem32hidserv.dll

2006-12-14 12:03 18,560 --a------ E:WINDOWSsystem32driversWSTCODEC.SYS

2006-12-14 12:03 16,256 --a------ E:WINDOWSsystem32driversCCDECODE.sys

2006-12-14 12:03 14,080 --a------ E:WINDOWSsystem32driverskbdhid.sys

2006-12-11 15:36 2,929 --a------ E:WINDOWSmozver.dat

2006-12-11 15:36 0 --a------ E:WINDOWSnsreg.dat

2006-12-10 15:29 <DIR> d-------- E:DOCUME~1GOEBFF~1DANEAP~1Skype

2006-12-09 22:59 4,212 ---h----- E:WINDOWSsystem32zllictbl.dat

2006-12-09 22:59 11,264 --a------ E:WINDOWSsystem32SpOrder.dll

2006-12-09 22:58 <DIR> d-------- E:WINDOWSInternet Logs

2006-12-09 09:57 1,870,336 --a------ E:WINDOWSsystem32bconvert.dll

2006-12-09 09:57 <DIR> d-------- E:Program FilesCommon FilesNative Instruments

2006-12-07 14:21 <DIR> d-------- E:WINDOWSPrefetch

2006-12-07 13:46 24,576 --a------ E:WINDOWSsystem32xpsp1hfm.exe

2006-12-07 13:46 <DIR> d--h-c--- E:WINDOWS$xpsp1hfm$

2006-12-07 13:45 <DIR> d-------- E:c7c2b204cce6aa6bf6ad7dd02655b8cd

2006-12-07 13:26 <DIR> d--hs---- E:WINDOWSCSC

2006-12-05 10:36 <DIR> d-------- E:Program FilesPropellerhead

2006-12-03 16:13 <DIR> d-------- E:Program FilesKORG Legacy

2006-12-03 16:13 <DIR> d-------- E:Program FilesCommon FilesKORG

2006-12-03 15:48 <DIR> d-------- E:Program FilesPoiZone

2006-12-01 15:38 <DIR> d-------- E:sample

2006-11-28 21:24 61,440 --a------ E:WINDOWSsystem32NI_DFD_1_5.dll

2006-11-28 21:24 393,216 --a------ E:WINDOWSsystem32NI_IRC_1_2.dll

2006-11-28 21:24 1,990,656 --a------ E:WINDOWSsystem32kconvert.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-28 13:42:08 -------- d-----w E:Program FilesSyncrosoft

2007-05-27 21:38:50 -------- d-----w E:DOCUME~1wasylDANEAP~1Real

2007-05-27 21:34:25 -------- d-----w E:Program FilesCommon Filesxing shared

2007-05-27 21:34:20 -------- d-----w E:Program FilesCommon FilesReal

2007-05-26 21:00:59 -------- d-----w E:DOCUME~1wasylDANEAP~1Skype

2007-05-25 21:18:44 -------- d-----w E:Program FilesGG_RPC2

2007-05-25 19:54:51 -------- d-----w E:Program FilesGadu-Gadu

2007-05-24 19:31:10 1,040,384 ----a-w E:WINDOWSsystem32libeay32.dll

2007-05-24 19:31:06 196,608 ----a-w E:WINDOWSsystem32ssleay32.dll

2007-05-24 19:28:17 -------- d-----w E:Program FilesWinamp

2007-05-24 19:27:49 -------- d-----w E:Program FilesSpyLocked 3.7

2007-05-24 19:26:52 -------- d-----w E:Program FilesAudacity

2007-05-24 18:18:44 1,040,384 ----a-w E:WINDOWSsystem32libeay32(2)(2).dll

2007-05-24 18:18:40 196,608 ----a-w E:WINDOWSsystem32ssleay32(2)(2).dll

2007-05-09 17:31:53 -------- d-----w E:DOCUME~1wasylDANEAP~1Gadu-Gadu

2007-04-30 15:46:10 745,600 ----a-w E:WINDOWSsystem32aswBoot.exe

2007-04-30 15:41:55 85,952 ----a-w E:WINDOWSsystem32driversaswmon.sys

2007-04-30 15:41:42 94,552 ----a-w E:WINDOWSsystem32driversaswmon2.sys

2007-04-30 15:39:41 23,416 ----a-w E:WINDOWSsystem32driversaswRdr.sys

2007-04-30 15:38:51 43,176 ----a-w E:WINDOWSsystem32driversaswTdi.sys

2007-04-30 15:37:23 26,888 ----a-w E:WINDOWSsystem32driversaavmker4.sys

2007-04-30 15:35:28 95,872 ----a-w E:WINDOWSsystem32AVASTSS.scr

2007-04-16 22:45:20 43,352 ----a-w E:WINDOWSsystem32wups2.dll

2007-04-05 19:49:43 -------- d-----w E:Program FilesSONAR 6 Producer Edition

2007-04-05 19:48:57 -------- d-----w E:Program FilesSony

2007-04-04 23:43:15 -------- d-----w E:DOCUME~1wasylDANEAP~1Cakewalk

2007-04-04 23:40:01 -------- d-----w E:Program FilesSonar6

2007-04-04 23:40:00 -------- d-----w E:Program FilesSonar6PlugIns

2007-04-04 17:47:40 -------- d-----w E:Program FilesASIO4ALL v2

2007-04-04 17:25:13 -------- d-----w E:DOCUME~1wasylDANEAP~1Propellerhead Software

2007-04-04 00:41:23 -------- d-----w E:Program FilesCommon FilesDigidesign

2007-04-04 00:25:59 -------- d-----w E:DOCUME~1wasylDANEAP~1Publish Providers

2007-04-04 00:25:59 -------- d-----w E:DOCUME~1wasylDANEAP~1NetMedia Providers

2007-04-03 23:12:40 -------- d-----w E:DOCUME~1wasylDANEAP~1Steinberg

2007-04-03 23:08:23 -------- d-----w E:Program Fileslicense control

2007-04-03 21:14:16 -------- d-----w E:DOCUME~1wasylDANEAP~1Ableton

2007-04-03 21:12:37 -------- d-----w E:Program FilesAbleton

2007-04-03 20:16:51 -------- d-----w E:DOCUME~1wasylDANEAP~1AdobeUM

2007-04-02 23:33:31 -------- d-----w E:Program FilesCommon FilesSymantec Shared

2007-04-02 23:33:22 -------- d-----w E:Program FilesSymantec

2007-04-02 23:33:12 83,168 ----a-w E:WINDOWSsystem32S32EVNT1.DLL

2007-04-02 23:33:12 104,144 ----a-w E:WINDOWSsystem32driversSYMEVENT.SYS

2007-03-26 10:30:40 -------- d-----w E:Program FilesWindows Media Connect 2

2007-03-18 02:25:03 -------- d-----w E:Program Filesgg password recowery

2007-03-18 00:38:10 236,499 ----a-w E:Program Filesuap.exe

2007-03-18 00:36:45 -------- d-----w E:Program FilesWinPcap

2007-03-17 23:02:53 -------- d-----w E:Program Filescoolpro2

2007-03-02 11:25:22 -------- d-----w E:DOCUME~1wasylDANEAP~1MSN6

2007-02-19 18:37:21 163,644 ----a-w E:WINDOWSsystem32driverssecdrv.sys

2007-02-01 22:22:25 -------- d-----w E:Program FilesPinnacle

2007-02-01 22:18:41 -------- d--h--w E:Program FilesInstallShield Installation Information

2007-01-25 13:05:41 616,448 ----a-w E:WINDOWSsystem32urlmon(3).dll

2007-01-04 13:58:04 661,504 ----a-w E:WINDOWSsystem32wininet(3).dll

2007-01-04 13:58:00 474,112 ----a-w E:WINDOWSsystem32shlwapi(3).dll

2007-01-04 13:57:18 1,023,488 ----a-w E:WINDOWSsystem32browseui(2).dll

2006-12-23 22:15:12 49,916 ----a-w E:WINDOWSsystem32perfc015.dat

2006-12-23 22:15:12 356,160 ----a-w E:WINDOWSsystem32perfh015.dat

2006-12-12 23:18:29 -------- d-----w E:DOCUME~1wasylDANEAP~1LimeWire

2006-12-09 09:58:01 -------- d-----w E:Program FilesVstPlugins

2006-12-07 13:37:28 -------- d-----w E:Program FilesWindows NT

2006-12-07 13:37:25 -------- d-----w E:Program FilesMovie Maker

2006-12-07 13:37:25 -------- d-----w E:Program FilesMessenger

2006-12-05 10:36:09 -------- d-----w E:Program FilesSteinberg

2006-12-01 15:58:59 -------- d-----w E:Program FilesImage-Line

2006-12-01 15:57:27 -------- d-----w E:Program FilesCommon FilesACD Systems

2006-12-01 15:56:55 -------- d-----w E:Program FilesACD Systems

2006-12-01 14:51:01 -------- d-----w E:Program FilesNative Instruments

2006-11-02 10:52:52 42,496 ------w E:WINDOWSsystem32wpdshextres.dll

2006-11-01 19:19:04 927,504 ----a-w E:WINDOWSsystem32mfc40u.dll

2006-10-31 14:10:54 233,472 ----a-w E:WINDOWSsystem32REX Shared Library.dll

2006-10-18 20:58:00 8,704 ----a-w E:WINDOWSsystem32wdfmgr.exe

2006-10-18 20:58:00 8,704 ----a-w E:WINDOWSsystem32uwdf.exe

2006-10-18 20:47:22 767,488 ------w E:WINDOWSsystem32WMVSENCD.dll

2006-10-18 20:47:22 656,896 ------w E:WINDOWSsystem32WMVXENCD.dll

2006-10-18 20:47:22 63,488 ----a-w E:WINDOWSsystem32wpdmtpus.dll

2006-10-18 20:47:22 629,760 ----a-w E:WINDOWSsystem32wpd_ci.dll

2006-10-18 20:47:22 4,096 ----a-w E:WINDOWSsystem32WMVADVE.DLL

2006-10-18 20:47:22 4,096 ----a-w E:WINDOWSsystem32WMVADVD.dll

2006-10-18 20:47:22 356,352 ----a-w E:WINDOWSsystem32wpdsp.dll

2006-10-18 20:47:22 35,840 ----a-w E:WINDOWSsystem32wpdconns.dll

2006-10-18 20:47:22 2,603,008 ------w E:WINDOWSsystem32WpdShext.dll

2006-10-18 20:47:22 154,624 ----a-w E:WINDOWSsystem32wpdmtp.dll

2006-10-18 20:47:22 133,632 ------w E:WINDOWSsystem32WPDShServiceObj.dll

2006-10-18 20:47:22 1,574,912 ------w E:WINDOWSsystem32WMVENCOD.dll

2006-10-18 20:47:22 1,543,680 ------w E:WINDOWSsystem32WMVDECOD.dll

2006-10-18 20:47:22 1,382,912 ------w E:WINDOWSsystem32WMVSDECD.dll

2006-10-18 20:47:20 535,040 ------w E:WINDOWSsystem32wmdrmsdk.dll

2006-10-18 20:47:20 348,672 ----a-w E:WINDOWSsystem32wmdrmnet.dll

2006-10-18 20:47:18 429,056 ----a-w E:WINDOWSsystem32wmdrmdev.dll

2006-10-18 20:47:18 4,096 ----a-w E:WINDOWSsystem32wdfapi.dll

2006-10-18 20:47:18 284,160 ------w E:WINDOWSsystem32PortableDeviceApi.dll

2006-10-18 20:47:18 199,168 ------w E:WINDOWSsystem32PortableDeviceWMDRM.dll

2006-10-18 20:47:18 166,912 ------w E:WINDOWSsystem32PortableDeviceTypes.dll

2006-10-18 20:47:18 132,096 ------w E:WINDOWSsystem32PortableDeviceWiaCompat.dll

2006-10-18 20:47:18 101,888 ------w E:WINDOWSsystem32PortableDeviceClassExtension.dll

2006-10-18 20:47:14 317,440 ------w E:WINDOWSsystem32MP4SDECD.dll

2006-10-18 20:47:14 259,072 ------w E:WINDOWSsystem32MPG4DECD.dll

2006-10-18 20:47:14 259,072 ------w E:WINDOWSsystem32MP43DECD.dll

2006-10-18 20:47:14 212,992 ------w E:WINDOWSsystem32MFPLAT.dll

2006-10-18 20:47:08 276,992 ----a-w E:WINDOWSsystem32audiodev.dll

2004-08-03 23:44:30 73,728 --sha-w E:WINDOWSRegisteredPackages{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$Systemwmplayer.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects]

{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}=E:PROGRA~1SPYWAR~2toolsiesdsg.dll [2004-12-20 10:38]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=E:Program FilesJavajre1.6.0_01binssv.dll [2007-03-14 02:43]

{B56A7D7D-6927-48C8-A975-17DF180C71AC}=E:PROGRA~1SPYWAR~2toolsiesdpb.dll [2005-01-04 10:37]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 05:36 E:WINDOWSRTHDCPL.exe]

"avast!"="E:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-04-30 15:42]

"type32"="E:Program FilesMicrosoft IntelliType Protype32.exe" [2004-06-03 08:51]

"IntelliPoint"="E:Program FilesMicrosoft IntelliPointpoint32.exe" [2004-06-03 08:50]

"SunJavaUpdateSched"="E:Program FilesJavajre1.6.0_01binjusched.exe" [2007-03-14 02:43]

"LogitechVideoRepair"="E:Program FilesLogitechVideoISStart.exe" [2005-06-08 14:24]

"LogitechVideoTray"="E:Program FilesLogitechVideoLogiTray.exe" [2005-06-08 14:14]

"LaunchList"="E:Program FilesPinnacleStudio 9LaunchList.exe" []

"QuickTime Task"="E:Program FilesQuickTimeqttask.exe" [2006-03-06 15:46]

"H2O"="E:Program FilesSyncroSoftPosH2Ocledx.exe" [2005-10-22 23:00]

"TkBellExe"="E:Program FilesCommon FilesRealUpdate_OBrealsched.exe" [2007-05-27 21:33]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"CTFMON.EXE"="E:WINDOWSSystem32ctfmon.exe" [2001-10-26 17:29]

"Spyware Doctor"="E:Program FilesSpyware Doctorswdoctor.exe" [2005-01-06 13:09]

"LogitechSoftwareUpdate"="E:Program FilesLogitechVideoManifestEngine.exe" [2005-06-08 13:44]

"updateMgr"="E:Program FilesAdobeAcrobat 7.0ReaderAdobeUpdateManager.exe" [2006-03-30 16:45]

"Gadu-Gadu"="E:Program FilesGadu-Gadugg.exe" [2007-05-10 14:36]

"Komunikator"="E:Program FilesTlen.pltlen.exe" [2006-05-12 12:13]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyPCANotify]

PCANotify.dll

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

Notification Packages

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregKomunikator]

"E:Program FilesTlen.pltlen.exe" --confdir=home

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]

bthsvcs BthServ

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2006-12-23 22:16:43

Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINEsystemControlSet004ServicesBTHPORTParametersServices{00001000-0000-1000-8000-00805f9b34fb}]

[HKEY_LOCAL_MACHINEsystemControlSet004ServicesBTHPORTParametersServices{00001115-0000-1000-8000-00805f9b34fb}]

Completion time: 2006-12-23 22:17:39 - machine was rebooted

E:ComboFix-quarantined-files.txt ... 2006-12-23 22:17

--- E O F ---

[CatchMe]

Użyj: SmitFraudFix z opcji 2 w trybie awaryjnym.

- Log z pracy programu znajduje się tutaj: C:raport.txt - wklej go na forum.

Ściagnij: Gmer`a

* Rootkit >>> zaznaczone Pokaż wszystko >>> wskazane tylko Usługi >>> Szukaj >>> Kopiuj >>> CTRL+V na www.wklej.org

* Rootkit >>> odznaczone Pokaż wszystko >>> wskazane wszystkie obiekty do skanu >>> Szukaj>>> Kopiuj >>> CTRL+V na www.wklej.org

- W rezultacie otrzymujemy 2 logi, które wklejamy na www.wklej.org a linki podajemy na forum.

- Następnie daj wszystkie nowe logi.