x-kom hosting

Prosze o sprawdzenie loga

mishi93
utworzono
utworzono (edytowane)

z góry dzieki :)

Hijackthis

Log do sprawdzenia

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:59:51, on 2009-09-14

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\Tibia.exe

C:\WINDOWS\system32\temp1.exe

C:\Program Files\iPlus\iPlusChecker.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\1\Dane aplikacji\Save\Save.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: UrlHelper Class - {6D023EBF-70B8-45A6-9ED5-556515FA0FE4} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

O2 - BHO: Mario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\1\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll

O3 - Toolbar: Mario Forever Toolbar - {71B6ACF7-4F0F-4FD8-BB69-6D1A4D271CB7} - C:\Program Files\Mario Forever Toolbar\v3.2.0.0\MarioForever_Toolbar.dll

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BSMediaBar.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule

O4 - HKLM\..\Run: [Windows] C:\WINDOWS\services.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [services] C:\windows\services.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep"

O4 - HKCU\..\Run: [save] C:\Documents and Settings\1\Dane aplikacji\Save\Save.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: Wyślij do interfejsu &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: APSHook.dll

O20 - Winlogon Notify: OneCard - C:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--

End of file - 7916 bytes

Combofix

Log do sprawdzenia

ComboFix 08-11-26.03 - 1 2009-09-14 18:02:23.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.623 [GMT 2:00]

Uruchomiony z: c:\documents and settings\1\Moje dokumenty\Pobieranie\ComboFix.exe

* Utworzono nowy punkt przywracania

.

- TRYB ZREDUKOWANEJ FUNKCJONALNOŚCI -

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\autorun.inf

c:\windows\autorun.inf

c:\windows\services.exe

c:\windows\svchost.exe

c:\windows\system32\firefox.exe

c:\windows\system32\temp1.exe

c:\windows\system32\temp2.exe

c:\windows\xcopy.exe

C:\x.exe

D:\Autorun.inf

.

((((((((((((((((((((((((( Pliki utworzone od 2009-08-14 do 2009-09-14 )))))))))))))))))))))))))))))))

.

2009-09-14 17:59 . 2009-09-14 17:59 <DIR> d-------- c:\program files\Trend Micro

2009-09-12 12:49 . 2009-09-12 13:17 <DIR> d-------- c:\program files\Burn4Free

2009-08-21 21:15 . 2009-08-21 21:15 557,568 --a------ c:\windows\system32\B4FM.dll

2009-08-20 20:43 . 2009-08-20 20:43 <DIR> dr------- c:\program files\Skype

2009-08-20 20:43 . 2009-08-20 20:43 <DIR> d-------- c:\program files\Common Files\Skype

2009-08-20 19:09 . 2004-08-03 23:44 221,184 --a------ c:\windows\system32\wmpns.dll

2009-08-20 19:07 . 2009-08-20 19:07 <DIR> d-------- c:\windows\ServicePackFiles

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-14 08:15 --------- d-----w c:\documents and settings\1\Dane aplikacji\Save

2009-09-13 19:42 --------- d-----w c:\program files\ALLPlayer

2009-08-25 20:03 --------- d-----w c:\documents and settings\1\Dane aplikacji\Skype

2009-08-25 16:17 --------- d-----w c:\documents and settings\1\Dane aplikacji\skypePM

2009-08-20 18:43 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype

2009-08-20 17:11 --------- d-----w c:\program files\Nowe Gadu-Gadu

2009-08-05 09:08 205,312 ----a-w c:\windows\system32\mswebdvd.dll

2009-07-24 13:45 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\OpenFM

2009-07-24 13:42 --------- d-----w c:\documents and settings\1\Dane aplikacji\OpenFM

2009-07-17 18:57 58,880 ----a-w c:\windows\system32\atl.dll

2009-07-15 18:52 --------- d-----w c:\documents and settings\1\Dane aplikacji\Nowe Gadu-Gadu

2009-07-13 21:43 286,208 ----a-w c:\windows\system32\wmpdxm.dll

2009-06-26 16:19 81,920 ----a-w c:\windows\system32\ieencode.dll

2009-06-26 16:19 662,016 ----a-w c:\windows\system32\wininet.dll

2009-06-25 18:37 95,744 ----a-w c:\windows\system32\mqsec.dll

2009-06-25 18:37 661,504 ----a-w c:\windows\system32\mqqm.dll

2009-06-25 18:37 517,120 ----a-w c:\windows\system32\mqsnap.dll

2009-06-25 18:37 512,000 ----a-w c:\windows\system32\mqutil.dll

2009-06-25 18:37 48,640 ----a-w c:\windows\system32\mqupgrd.dll

2009-06-25 18:37 47,104 ----a-w c:\windows\system32\mqdscli.dll

2009-06-25 18:37 225,280 ----a-w c:\windows\system32\mqoa.dll

2009-06-25 18:37 186,880 ----a-w c:\windows\system32\mqtrig.dll

2009-06-25 18:37 177,152 ----a-w c:\windows\system32\mqrt.dll

2009-06-25 18:37 16,896 ----a-w c:\windows\system32\mqise.dll

2009-06-25 18:37 138,240 ----a-w c:\windows\system32\mqad.dll

2009-06-25 18:37 123,392 ----a-w c:\windows\system32\mqrtdep.dll

2009-06-25 08:48 726,528 ----a-w c:\windows\system32\lsasrv.dll

2009-06-25 08:48 59,392 ----a-w c:\windows\system32\wdigest.dll

2009-06-25 08:48 56,320 ----a-w c:\windows\system32\secur32.dll

2009-06-25 08:48 298,496 ----a-w c:\windows\system32\kerberos.dll

2009-06-25 08:48 168,448 ----a-w c:\windows\system32\schannel.dll

2009-06-25 08:48 133,632 ----a-w c:\windows\system32\msv1_0.dll

2009-06-22 11:49 4,608 ----a-w c:\windows\system32\mqsvc.exe

2009-06-22 11:49 19,968 ----a-w c:\windows\system32\mqbkup.exe

2009-06-22 11:49 117,248 ----a-w c:\windows\system32\mqtgsvc.exe

2009-06-16 14:55 82,432 ----a-w c:\windows\system32\fontsub.dll

2009-06-16 14:55 119,808 ----a-w c:\windows\system32\t2embed.dll

2009-06-15 11:33 82,944 ----a-w c:\windows\system32\tlntsess.exe

2009-06-15 11:33 78,336 ----a-w c:\windows\system32\telnet.exe

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]

2008-07-07 11:27 398776 --a------ c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}]

2009-05-28 11:23 42088 --a------ c:\documents and settings\1\Dane aplikacji\Nowe Gadu-Gadu\_userdata\ggbho.1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]

"Save"="c:\documents and settings\1\Dane aplikacji\Save\Save.exe" [2009-03-23 198576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-17 8437760]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-17 81920]

"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]

"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-16 148888]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 159744]

"nwiz"="nwiz.exe" [2007-04-17 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-05-09 113664]

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-05-12 581693]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HonorAutoRunSetting"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

2006-10-09 21:38 69120 c:\program files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPlusManager]

--a------ 2007-01-04 16:07 339968 c:\program files\iPlus\iPlusChecker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Save]

--a------ 2009-03-23 15:01 198576 c:\documents and settings\1\Dane aplikacji\Save\Save.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tibia]

--a------ 2008-04-30 15:48 561693 c:\windows\Tibia.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2004-08-03 14336]

R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2004-08-03 14336]

S3 gsplittm;gsplittm;\??\c:\docume~1\1\USTAWI~1\Temp\gsplittm.sys []

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b3d90c6-dca8-11dc-9bd9-001cbf5832de}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{360e0f6b-15e5-11dd-9c16-001e3769eaa7}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e5e6fa6-3f02-11dd-9c6f-001e3769eaa7}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ecf9a6a-3fb5-11dd-9c71-001e3769eaa7}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51350a38-832f-11dd-9cd3-001e3769eaa7}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a2fe466-722e-11de-9e18-001cbf5832de}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81f6413e-3cc8-11de-9df6-001e3769eaa7}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a50ea879-9dbe-11dd-9cfe-001e3769eaa7}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bde35f96-c9bc-11dd-9d1e-001e3769eaa7}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce9a7133-af58-11dd-9d12-001e3769eaa7}]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

*Newly Created Service* - CATCHME

.

Zawartość folderu 'Zaplanowane zadania'

2009-08-26 c:\windows\Tasks\Norton Security Scan for 1.job

- c:\program files\Norton Security Scan\Nss.exe [2009-03-11 21:20]

.

- - - - USUNIĘTO PUSTE WPISY - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)

MSConfigStartUp-Load - c:\windows\svchost.exe

MSConfigStartUp-SpeedTouch USB Diagnostics - c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

MSConfigStartUp-WhenUSave - c:\program files\Save\Save.exe

.

------- Skan uzupełniający -------

.

FireFox -: Profile - c:\documents and settings\1\Dane aplikacji\Mozilla\Firefox\Profiles\ggnqnobg.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.pl

FF -: plugin - c:\documents and settings\1\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll

FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dll

FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dll

FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dll

FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dll

FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll

FF -: plugin - c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dll

FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll

FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-09-14 18:02:45

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(848)

c:\windows\system32\APSHook.dll

c:\program files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll

c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll

- - - - - - - > 'lsass.exe'(904)

c:\windows\system32\APSHook.dll

c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll

c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll

.

Czas ukończenia: 2009-09-14 18:03:36

ComboFix-quarantined-files.txt 2009-09-14 16:03:14

Przed: 108 669 026 304 bajtów wolnych

Po: 112,562,601,984 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

d:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

208 --- E O F --- 2009-09-12 10:40:15

Gość
komentarz
komentarz

Wklej do Notatnika:

Folder::c:\documents and settings\1\Dane aplikacji\Savec:\program files\Burn4FreeFile::c:\windows\Tibia.exeRegistry::[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Save"=-[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Save][-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tibia][-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]Driver::gsplittmNetSvc::ASBrokerASChannel

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

.

mishi93
komentarz
komentarz
Log do sprawdzenia

ComboFix 09-09-13.06 - 1 2009-09-14 18:37.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.48.1045.18.1022.563 [GMT 2:00]
Uruchomiony z: c:\documents and settings\1\Pulpit\aaaaaaaaaaaa\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\1\Pulpit\aaaaaaaaaaaa\CFScript.exe

FILE ::
"c:\windows\Tibia.exe"
.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\copy.exe
c:\documents and settings\1\Dane aplikacji\Save
c:\documents and settings\1\Dane aplikacji\Save\about_Save.mht
c:\documents and settings\1\Dane aplikacji\Save\save.cfg
c:\documents and settings\1\Dane aplikacji\Save\Save.exe
c:\documents and settings\1\Dane aplikacji\Save\save.mht
c:\documents and settings\1\Dane aplikacji\Save\SaveUninst.exe
C:\host.exe
c:\program files\Burn4Free
c:\program files\Burn4Free\bass.dll
c:\program files\Burn4Free\bass_ape.dll
c:\program files\Burn4Free\bass_mpc.dll
c:\program files\Burn4Free\basscd.dll
c:\program files\Burn4Free\bassflac.dll
c:\program files\Burn4Free\basswma.dll
c:\program files\Burn4Free\basswv.dll
c:\program files\Burn4Free\BURN4FREE.CFG
c:\program files\Burn4Free\Burn4Free.exe
c:\program files\Burn4Free\languages\ARABIC.INI
c:\program files\Burn4Free\languages\BELARUSSIAN.INI
c:\program files\Burn4Free\languages\CATALAN.INI
c:\program files\Burn4Free\languages\CHINESEBIG5.INI
c:\program files\Burn4Free\languages\CHINESEGB.INI
c:\program files\Burn4Free\languages\CROATIAN_FUN.INI
c:\program files\Burn4Free\languages\CZECH.INI
c:\program files\Burn4Free\languages\DUTCH.INI
c:\program files\Burn4Free\languages\ENGLISH.INI
c:\program files\Burn4Free\languages\FRENCH.INI
c:\program files\Burn4Free\languages\GALEGO.INI
c:\program files\Burn4Free\languages\GERMAN.INI
c:\program files\Burn4Free\languages\GERMAN_2.INI
c:\program files\Burn4Free\languages\HEBREW.INI
c:\program files\Burn4Free\languages\HELLENIC.INI
c:\program files\Burn4Free\languages\ITALIANO.INI
c:\program files\Burn4Free\languages\JAPANESE.INI
c:\program files\Burn4Free\languages\KOREAN.INI
c:\program files\Burn4Free\languages\LITHUANIAN.INI
c:\program files\Burn4Free\languages\MACEDONIAN.INI
c:\program files\Burn4Free\languages\MAGYAR.INI
c:\program files\Burn4Free\languages\NORSK.INI
c:\program files\Burn4Free\languages\POLISH.INI
c:\program files\Burn4Free\languages\PORTUGUESE.INI
c:\program files\Burn4Free\languages\ROMANA.INI
c:\program files\Burn4Free\languages\RUSSIAN.INI
c:\program files\Burn4Free\languages\RUSSIAN_2.INI
c:\program files\Burn4Free\languages\SERBIAN.INI
c:\program files\Burn4Free\languages\SLOVAK.INI
c:\program files\Burn4Free\languages\SLOVENIAN.INI
c:\program files\Burn4Free\languages\SPANISH.INI
c:\program files\Burn4Free\languages\SUOMI.INI
c:\program files\Burn4Free\languages\SVENSKA.INI
c:\program files\Burn4Free\languages\TURKISH.INI
c:\program files\Burn4Free\languages\UKRAINIAN.INI
c:\program files\Burn4Free\languages\VALENCIAN.INI
c:\program files\Burn4Free\license.txt
c:\program files\Burn4Free\uninstall.exe
c:\windows\clofghls.dll
c:\windows\system32\B4FM.dll
c:\windows\system32\ieuinit.inf
c:\windows\Tibia.exe
D:\copy.exe
D:\host.exe
D:\Uninstall.exe

.
((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_GSPLITTM
-------\Service_gsplittm


((((((((((((((((((((((((( Pliki utworzone od 2009-08-14 do 2009-09-14 )))))))))))))))))))))))))))))))
.

2009-09-14 15:59 . 2009-09-14 15:59 -------- d-----w- c:\program files\Trend Micro
2009-08-20 18:43 . 2009-08-20 18:43 -------- d-----w- c:\program files\Common Files\Skype
2009-08-20 18:43 . 2009-08-20 18:43 -------- d-----r- c:\program files\Skype
2009-08-20 17:09 . 2004-08-03 21:44 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-20 17:07 . 2009-08-20 17:07 -------- d-----w- c:\windows\ServicePackFiles

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-14 16:36 . 2001-10-26 16:15 566748 ----a-w- c:\windows\system32\perfh015.dat
2009-09-14 16:36 . 2001-10-26 16:15 172730 ----a-w- c:\windows\system32\perfc015.dat
2009-09-13 19:42 . 2009-02-04 14:05 -------- d-----w- c:\program files\ALLPlayer
2009-08-25 20:03 . 2008-09-22 14:33 -------- d-----w- c:\documents and settings\1\Dane aplikacji\Skype
2009-08-25 16:17 . 2008-09-22 14:34 -------- d-----w- c:\documents and settings\1\Dane aplikacji\skypePM
2009-08-20 18:43 . 2008-09-22 14:32 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Skype
2009-08-20 17:11 . 2009-03-08 12:09 -------- d-----w- c:\program files\Nowe Gadu-Gadu
2009-08-05 09:08 . 2004-08-03 21:44 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-24 13:45 . 2009-07-24 13:42 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\OpenFM
2009-07-24 13:42 . 2009-07-24 13:42 -------- d-----w- c:\documents and settings\1\Dane aplikacji\OpenFM
2009-07-17 18:57 . 2004-08-03 21:43 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-03 21:44 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-26 16:19 . 2004-08-03 21:44 662016 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:19 . 2004-08-03 21:44 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 18:37 . 2004-08-03 21:44 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:37 . 2004-08-03 21:44 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:37 . 2004-08-03 21:44 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:37 . 2004-08-03 21:44 512000 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:37 . 2004-08-03 21:44 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:37 . 2004-08-03 21:44 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:37 . 2004-08-03 21:44 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:37 . 2004-08-03 21:44 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:37 . 2004-08-03 21:44 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:37 . 2004-08-03 21:44 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:37 . 2004-08-03 21:44 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:37 . 2004-08-03 21:44 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:48 . 2004-08-03 21:44 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:48 . 2004-08-03 21:44 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:48 . 2004-08-03 21:44 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:48 . 2004-08-03 21:44 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:48 . 2004-08-03 21:44 726528 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:48 . 2004-08-03 21:44 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-22 11:49 . 2004-08-03 21:44 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-03 21:44 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-03 21:44 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-03 19:58 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2004-08-03 19:59 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-03-23 13:02 . 2009-03-23 13:02 222720 ----a-w- c:\program files\mozilla firefox\components\SaveComponent.dll
.

------- Sigcheck -------

[-] 2008-04-14 . A9ED600F08A92143253C10EDB5651ECF . 1571840 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\85612d9569f9a4d033130e1ccf6503f1\sfcfiles.dll
[-] 2008-01-10 . 1A3B01CFF31B660EB43F228F4C468273 . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
2008-07-07 09:27 398776 ----a-w- c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-17 8437760]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-17 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-16 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-04-17 1626112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-10 16342528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-9 113664]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2006-10-09 19:38 69120 ----a-r- c:\program files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [2004-08-03 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2004-08-03 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Zawartość folderu 'Zaplanowane zadania'

2009-08-26 c:\windows\Tasks\Norton Security Scan for 1.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 19:20]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Wyślij do interfejsu &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\1\Dane aplikacji\Mozilla\Firefox\Profiles\ggnqnobg.default\
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - component: c:\program files\Mozilla Firefox\components\SaveComponent.dll
FF - plugin: c:\documents and settings\1\Dane aplikacji\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPJPI140_03.dll
FF - plugin: c:\program files\Java\j2re1.4.0_03\bin\NPOJI610.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-14 18:43
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\program files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll
c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll

- - - - - - - > 'lsass.exe'(908)
c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll
c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll

- - - - - - - > 'explorer.exe'(1688)
c:\windows\system32\APSHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\dllhost.exe
c:\program files\Bioscrypt\VeriSoft\Bin\asghost.exe
c:\windows\system32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe
c:\windows\system32\scardsvr.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Czas ukończenia: 2009-09-14 18:46 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2009-09-14 16:46
ComboFix2.txt 2009-09-14 16:03

Przed: 112 573 370 368 bajtów wolnych
Po: 112 485 433 344 bajtów wolnych

240 --- E O F --- 2009-09-12 10:40


a zrobic cos z hijackiem?

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.