mz1992 utworzono 1 marca 2009 utworzono 1 marca 2009 witam mam problem na pasku wyskakuje mi dymek z napisem ,,you have a security probem" i nie umiem sie tego pozbyc !! bylbym wdzieczny jesli ktos napisze mi jak zrobic to krok po kroku pozdrawiam Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:44:28, on 2009-03-01Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:D:\WINDOWS\System32\smss.exeD:\WINDOWS\system32\winlogon.exeD:\WINDOWS\system32\services.exeD:\WINDOWS\system32\lsass.exeD:\WINDOWS\system32\svchost.exeD:\WINDOWS\System32\svchost.exeD:\WINDOWS\system32\spoolsv.exeD:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exeD:\WINDOWS\ATKKBService.exeD:\PROGRA~1\AVG\AVG8\avgwdsvc.exeD:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeD:\Program Files\Java\jre6\bin\jqs.exeD:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exeD:\WINDOWS\system32\nvsvc32.exeD:\WINDOWS\system32\HPZipm12.exeD:\WINDOWS\system32\svchost.exeD:\PROGRA~1\AVG\AVG8\avgrsx.exeD:\PROGRA~1\AVG\AVG8\avgemc.exeD:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exeD:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exeD:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeD:\Program Files\AVG\AVG8\avgcsrvx.exeD:\WINDOWS\system32\wbem\wmiapsrv.exeD:\PROGRA~1\AVG\AVG8\avgnsx.exeD:\WINDOWS\Explorer.EXED:\Program Files\Analog Devices\Core\smax4pnp.exeD:\Program Files\HP\HP Software Update\HPWuSchd2.exeD:\Program Files\Java\jre6\bin\jusched.exeD:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exeD:\Program Files\DAEMON Tools\daemon.exeD:\PROGRA~1\AVG\AVG8\avgtray.exeD:\Program Files\Winamp\winampa.exeD:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exeD:\WINDOWS\system32\ctfmon.exeD:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exeD:\Program Files\Netropa\Onscreen Display\OSD.exeD:\Program Files\Common Files\Teleca Shared\Generic.exeD:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exeD:\Program Files\Nowe Gadu-Gadu\gg.exeD:\Program Files\Opera\opera.exeD:\WINDOWS\system32\userinit.exeC:\DC-down\HiJackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/homeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ŁączaO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dllO2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO4 - HKLM\..\Run: [soundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] D:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exeO4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"O4 - HKLM\..\Run: [sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptionsO4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [updateMgr] "D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Startup: Need for Speed? Undercover Registration.lnk = E:\GAMES\NFS\Support\EAregister.exeO4 - Startup: Product Registration.lnk = G:\ATR1.EXEO4 - Startup: Sid Registration.lnk = G:\ATR1.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htmO8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htmO8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htmO8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dllO16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dllO20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dllO23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - D:\WINDOWS\ATKKBService.exeO23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exeO23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exeO23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exeO23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exeO23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - D:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exeO23 - Service: NMIndexingService - Unknown owner - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exeO23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exeO24 - Desktop Component 0: Privacy Protection - (no file)--End of file - 8545 bytes
Mateusz J. komentarz 1 marca 2009 komentarz 1 marca 2009 Proszę o loga z ComboFix. W tym nie widać niczego co mogłoby powodować pokazywanie tego komunikatu.
mz1992 komentarz 1 marca 2009 Autor komentarz 1 marca 2009 Log z combofixa ComboFix 09-02-28.01 - Hashmal 2009-03-01 16:49:14.4 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1022.599 [GMT 1:00]Uruchomiony z: d:\documents and settings\Hashmal\Pulpit\Nowy folder\ComboFix.exeUżyto następujących komend :: d:\documents and settings\Hashmal\Pulpit\Nowy folder\CFScript.txtAV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) * Utworzono nowy punkt przywracania.((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))..---- Poprzednie uruchomienie -------.d:\windows\system32\init32.exeZainfekowana kopia została znaleziona. Problem naprawiono Plik odzyskano z - .((((((((((((((((((((((((( Pliki utworzone od 2009-02-01 do 2009-03-01 ))))))))))))))))))))))))))))))).2009-02-21 10:45 . 2009-02-21 11:20 <DIR> d-------- d:\program files\Traffic Giant2009-02-04 17:05 . 2009-02-20 18:20 54,156 --ah----- d:\windows\QTFont.qfn2009-02-04 17:05 . 2009-02-04 17:05 1,409 --a------ d:\windows\QTFont.for2009-02-02 23:41 . 2007-08-21 18:54 1,511,424 --a------ d:\windows\system32\Flash8.ocx2009-02-02 23:41 . 2007-08-21 18:56 196,608 --a------ d:\windows\system32\Utility.dll2009-02-02 23:41 . 2007-08-21 18:54 117,507 --a------ d:\windows\system32\Msinet.ocx2009-02-02 23:41 . 2007-08-21 18:54 109,248 --a------ d:\windows\system32\Mswinsck.ocx2009-02-02 23:41 . 2007-08-21 18:54 32,768 --a------ d:\windows\system32\Flash8.oca2009-02-02 23:40 . 1996-11-08 02:48 368,912 --a------ d:\windows\system32\vbar332.dll2009-02-02 23:40 . 2001-03-13 12:49 140,288 --a------ d:\windows\system32\COMDLG32.OCX2009-02-02 22:06 . 2002-10-29 05:50 545 --a------ d:\windows\UC.PIF2009-02-02 22:06 . 2002-10-29 05:50 545 --a------ d:\windows\RAR.PIF2009-02-02 22:06 . 2002-10-29 05:50 545 --a------ d:\windows\PKZIP.PIF2009-02-02 22:06 . 2002-10-29 05:50 545 --a------ d:\windows\PKUNZIP.PIF2009-02-02 22:06 . 2002-10-29 05:50 545 --a------ d:\windows\NOCLOSE.PIF2009-02-02 22:06 . 2002-10-29 05:50 545 --a------ d:\windows\LHA.PIF2009-02-02 22:06 . 2002-10-29 05:50 545 --a------ d:\windows\ARJ.PIF2009-02-02 22:06 . 2009-02-02 22:13 303 --a------ d:\windows\wincmd.ini.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-03-01 15:07 --------- d-----w d:\program files\DC++2009-02-23 18:47 --------- d-----w d:\program files\Nowe Gadu-Gadu2009-02-23 17:03 --------- d--h--w d:\program files\InstallShield Installation Information2009-01-31 20:07 325,128 ----a-w d:\windows\system32\drivers\avgldx86.sys2009-01-31 20:07 107,272 ----a-w d:\windows\system32\drivers\avgtdix.sys2009-01-31 20:07 --------- d-----w d:\documents and settings\All Users\Dane aplikacji\avg82009-01-30 09:03 --------- d-----w d:\program files\Executive Software2009-01-27 18:17 --------- d-----w d:\documents and settings\Hashmal\Dane aplikacji\Advanced Font Viewer2009-01-04 14:43 138,184 ----a-w d:\windows\system32\drivers\PnkBstrK.sys2008-11-14 17:56 22,328 ----a-w d:\documents and settings\Hashmal\Dane aplikacji\PnkBstrK.sys.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-03 15360]"updateMgr"="d:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="d:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2006-08-11 7630848]"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2006-08-11 86016]"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2008-12-21 136600]"MULTIMEDIA KEYBOARD"="d:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2003-09-30 425984]"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2007-06-29 286720]"DAEMON Tools"="d:\program files\DAEMON Tools\daemon.exe" [2006-09-14 157592]"AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-31 1601304]"WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-04 36352]"Sony Ericsson PC Suite"="d:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]"nwiz"="nwiz.exe" [2006-08-11 d:\windows\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2004-08-03 15360]"Picasa Media Detector"="d:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]d:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk - d:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]2009-01-31 21:07 10520 d:\windows\system32\avgrsstx.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"vidc.asv2"= asusasv2.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Authentication Packages REG_MULTI_SZ msv1_0 nwprovau[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"d:\\Program Files\\Gadu-Gadu\\gg.exe"="d:\\Program Files\\DC++\\DCPlusPlus.exe"="d:\\Program Files\\Opera\\Opera.exe"="d:\\WINDOWS\\system32\\mmc.exe"="d:\\Program Files\\AVG\\AVG8\\avgupd.exe"="d:\\Program Files\\AVG\\AVG8\\avgemc.exe"="d:\\Program Files\\BitComet\\BitComet.exe"="d:\\WINDOWS\\system32\\PnkBstrA.exe"="d:\\WINDOWS\\system32\\PnkBstrB.exe"="d:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="d:\\Program Files\\Nowe Gadu-Gadu\\gg.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"24096:TCP"= 24096:TCP:BitComet 24096 TCP"24096:UDP"= 24096:UDP:BitComet 24096 UDPR1 AvgLdx86;AVG AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [2008-06-04 325128]R1 AvgTdiX;AVG8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2008-06-04 107272]R1 kbfilter;Keyboard Filter Driver;d:\windows\system32\drivers\kbfilter.sys [2007-08-08 11776]R1 msikbd2k;Multimedia Keyboard Filter Driver;d:\windows\system32\drivers\Msikbd2k.sys [2007-08-08 6656]R2 avg8emc;AVG8 E-mail Scanner;d:\progra~1\AVG\AVG8\avgemc.exe [2008-07-07 903960]R2 avg8wd;AVG8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-07 298264]R2 nhksrv;Netropa NHK Server;d:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [2007-08-08 28672]R2 port_nt;port_nt;d:\windows\system32\drivers\port_nt.sys [2008-07-16 3608]R2 SBKUPNT;SBKUPNT;d:\windows\system32\drivers\SBKUPNT.SYS [2008-06-29 14976]S0 xmasscsi;xmasscsi;d:\windows\system32\Drivers\xmasscsi.sys --> d:\windows\system32\Drivers\xmasscsi.sys [?]S1 MUsbFltr;WayTechUSBFilterDriver; [x]S1 UsbFltr;WayTechUSBFilterDriver; [x]S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;d:\windows\system32\drivers\Amps2prt.sys [2007-07-24 14336]S3 Usblink;Usblink Driver;d:\windows\system32\drivers\ulink.sys [2007-07-30 40060]S3 VNic;ULan Network Driver Module;d:\windows\system32\DRIVERS\VNic.sys --> d:\windows\system32\DRIVERS\VNic.sys [?][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5a236221-a580-11dc-8298-0018f3eb4c65}]\Shell\AutoRun\command - G:\AutoRun.exe..------- Skan uzupełniający -------.uStart Page = hxxp://search.babylon.com/homeuSearchURL,(Default) = hxxp://www.google.com/search?q=%sIE: &D&ownload &with BitComet - d:\program files\BitComet\BitComet.exe/AddLink.htmIE: &D&ownload all video with BitComet - d:\program files\BitComet\BitComet.exe/AddVideo.htmIE: &D&ownload all with BitComet - d:\program files\BitComet\BitComet.exe/AddAllLink.htmIE: E&ksport do programu Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000IE: E&ksportuj do programu Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000LSP: %SYSTEMROOT%\system32\nvappfilter.dllDPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-03-01 16:54:42Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-1935655697-682003330-769163468-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]"??"=hex:ea,37,e7,89,88,aa,34,fb,2c,d4,5a,db,07,fb,fb,bb,db,88,5e,d7,3b,2d,e0, 51,29,9d,ec,55,d9,ea,ab,e9,01,0b,3e,9d,55,a6,c2,5c,13,58,6f,1e,58,bc,88,a6,\"??"=hex:75,98,e7,c7,ef,8e,1a,2c,05,b8,96,05,ce,a3,47,e3.--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'lsass.exe'(932)d:\windows\system32\nvappfilter.dll.------------------------ Pozostałe uruchomione procesy ------------------------.d:\windows\system32\savedump.exed:\windows\ATKKBService.exed:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exed:\program files\Java\jre6\bin\jqs.exed:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exed:\windows\system32\nvsvc32.exed:\windows\system32\HPZipm12.exed:\windows\system32\wdfmgr.exed:\program files\AVG\AVG8\avgrsx.exed:\progra~1\AVG\AVG8\avgnsx.exed:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exed:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exed:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exed:\program files\AVG\AVG8\avgcsrvx.exed:\program files\Netropa\Multimedia Keyboard\Traymon.exed:\program files\Netropa\Onscreen Display\osd.exed:\windows\system32\wbem\wmiapsrv.exed:\program files\Common Files\Teleca Shared\Generic.exed:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exed:\windows\system32\notepad.exe.**************************************************************************.Czas ukończenia: 2009-03-01 16:56:26 - komputer został uruchomiony ponownie [Hashmal]ComboFix-quarantined-files.txt 2009-03-01 15:56:03ComboFix2.txt 2009-02-11 19:21:44Przed: 10,081,722,368 bajtów wolnychPo: 10,066,325,504 bajtów wolnychCurrent=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4184
Mateusz J. komentarz 1 marca 2009 komentarz 1 marca 2009 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O24 - Desktop Component 0: Privacy Protection - (no file) Fix, usuń folder c:\QooBox.
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.