Skocz do zawartości


Zdjęcie

Logi - Zaatatkowany przez Spyware

Rozpoczęty przez Maciekk_ , 26 06 2008 14:14

  • Zamknięty Temat jest zamknięty
6 odpowiedzi w tym temacie

#1 Maciekk_

Maciekk_

    Nowy

  • 3 postów

Napisano 26 06 2008 - 14:14

ComboFix

ComboFix 08-06-20.4 - Maciek 2008-06-26 14:03:59.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1508 [GMT 2:00]
Running from: C:\Documents and Settings\Maciek\Moje dokumenty\hjt\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maciek\Moje dokumenty\hjt\CFScript.txt
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-05-26 to 2008-06-26  )))))))))))))))))))))))))))))))
.

2008-06-26 11:27 . 2008-06-26 11:27	0	--a------	C:\WINNT\nsreg.dat
2008-06-26 06:43 . 2008-06-26 06:43	<DIR>	d--------	C:\Program Files\MSXML 4.0
2008-06-25 21:36 . 2008-06-14 20:01	273,024	---------	C:\WINNT\system32\drivers\bthport.sys
2008-06-25 21:36 . 2008-06-14 20:01	273,024	-----c---	C:\WINNT\system32\dllcache\bthport.sys
2008-06-25 21:33 . 2007-07-09 15:11	584,192	-----c---	C:\WINNT\system32\dllcache\rpcrt4.dll
2008-06-25 21:31 . 2008-05-08 14:28	202,752	-----c---	C:\WINNT\system32\dllcache\rmcast.sys
2008-06-25 19:55 . 2008-06-25 19:55	<DIR>	d--------	C:\WINNT\system32\xircom
2008-06-25 19:55 . 2008-06-25 19:55	<DIR>	d--------	C:\Program Files\microsoft frontpage
2008-06-25 14:49 . 2008-06-25 14:49	15,544	--a------	C:\WINNT\system32\drivers\sbhr.sys
2008-06-25 14:09 . 2008-06-25 14:17	<DIR>	d-a------	C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-25 13:01 . 2008-06-25 13:01	<DIR>	d--------	C:\Documents and Settings\Maciek\Dane aplikacji\Sunbelt Software
2008-06-25 13:01 . 2008-06-25 13:01	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Sunbelt Software
2008-06-25 13:01 . 2008-06-25 13:01	0	--a------	C:\WINNT\system32\SBRC.dat
2008-06-25 13:01 . 2008-06-25 13:01	0	--a------	C:\WINNT\system32\SBFC.dat
2008-06-25 13:00 . 2008-06-25 13:00	<DIR>	d--------	C:\Program Files\Sunbelt Software
2008-06-25 12:41 . 2008-06-26 11:09	<DIR>	d--------	C:\Program Files\Spyware Terminator
2008-06-25 12:41 . 2008-06-26 11:17	<DIR>	d--------	C:\Documents and Settings\Maciek\Dane aplikacji\Spyware Terminator
2008-06-25 12:41 . 2008-06-26 11:09	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator
2008-06-25 12:41 . 2008-06-25 12:41	141,312	--a------	C:\WINNT\system32\drivers\sp_rsdrv2.sys
2008-06-25 11:19 . 2008-06-25 11:19	<DIR>	d--------	C:\Program Files\Lavasoft
2008-06-25 11:19 . 2008-06-25 11:19	<DIR>	d--------	C:\Documents and Settings\Maciek\Dane aplikacji\Lavasoft
2008-06-25 11:11 . 2008-06-25 11:11	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-06-24 22:34 . 2008-06-25 15:15	90,838	--a------	C:\WINNT\system32\phc1c1j0eg03.bmp
2008-06-24 22:34 . 2008-06-25 15:15	60,928	--a------	C:\WINNT\system32\blphc1c1j0eg03.scr
2008-06-24 22:33 . 2008-06-24 22:33	54,156	--ah-----	C:\WINNT\QTFont.qfn
2008-06-24 22:33 . 2008-06-24 22:33	1,409	--a------	C:\WINNT\QTFont.for
2008-06-04 15:44 . 2008-06-04 15:44	<DIR>	d--------	C:\Soldat
2008-06-03 19:47 . 2008-06-03 19:47	<DIR>	d--------	C:\Program Files\Google
2008-06-02 21:32 . 2008-06-02 21:32	<DIR>	d--------	C:\Documents and Settings\Maciek\Dane aplikacji\DAEMON Tools
2008-05-31 21:21 . 2008-05-31 21:21	0	-ra------	C:\logwmemory.bin
2008-05-31 21:19 . 2008-05-31 21:19	<DIR>	d--------	C:\Documents and Settings\Maciek\Dane aplikacji\Soldat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 07:57	---------	d-----w	C:\Documents and Settings\Maciek\Dane aplikacji\AVG7
2008-06-25 09:10	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 16:01	---------	d-----w	C:\Documents and Settings\Beata.LESZEK-4025D4B0\Dane aplikacji\AVG7
2008-06-18 16:47	---------	d-----w	C:\Documents and Settings\Maciek\Dane aplikacji\teamspeak2
2008-06-15 14:49	196,608	----a-w	C:\WINNT\system32\drivers\nStandard.bin
2008-05-24 07:44	43,520	----a-w	C:\WINNT\system32\CmdLineExt03.dll
2008-05-23 18:22	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-05-23 18:12	---------	d-----w	C:\Program Files\Sygate
2008-05-16 21:00	---------	d-----w	C:\Documents and Settings\Maciek\Dane aplikacji\Winamp
2008-05-08 12:28	202,752	----a-w	C:\WINNT\system32\drivers\rmcast.sys
2008-05-07 05:03	1,291,776	----a-w	C:\WINNT\system32\quartz.dll
2008-04-21 06:58	669,184	----a-w	C:\WINNT\system32\wininet.dll
2008-04-13 17:28	98,304	----a-w	C:\WINNT\system32\qttask.exe
2008-04-12 11:09	9,309,344	----a-w	C:\winamp5531_full_emusic-7plus_sv-se.exe
2008-04-12 11:05	1,732,834	----a-w	C:\ALLPlayer_[www.instalki.pl].exe
2008-04-10 18:16	6,184,960	----a-w	C:\epson26382eu.exe
2008-04-10 18:10	24,754,048	----a-w	C:\AdbeRdr812_pl_PL.exe
2008-04-09 20:26	499,712	----a-w	C:\WINNT\system32\msvcp71.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-06-26_ 9.54.38,35   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-26 07:32:55	2,048	--s-a-w	C:\WINNT\bootstat.dat
+ 2008-06-26 11:43:10	2,048	--s-a-w	C:\WINNT\bootstat.dat
- 2008-06-26 04:47:05	2,912	----a-w	C:\WINNT\SoftwareDistribution\EventCache\{83906E52-06C3-467E-9800-9051A2D159BE}.bin
+ 2008-06-26 08:02:10	2,912	----a-w	C:\WINNT\SoftwareDistribution\EventCache\{83906E52-06C3-467E-9800-9051A2D159BE}.bin
- 2007-04-10 12:02:50	1,476,992	------w	C:\WINNT\system32\LegitCheckControl.dll
+ 2008-03-20 16:06:36	1,480,232	----a-w	C:\WINNT\system32\LegitCheckControl.DLL
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Documents and Settings\Maciek\Moje dokumenty\gg\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [2007-12-07 07:51 8523776]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-25 12:41 1817600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINNT\\system32\\sessmgr.exe"=
"C:\\Soldat\\Soldat.exe"=
"E:\\cs 1.6\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 SBHR;SBHR;C:\WINNT\system32\drivers\sbhr.sys [2008-06-25 14:49]
R1 EIO_XP;EIO_XP;C:\WINNT\system32\drivers\EIO_XP.sys [2006-06-14 13:44]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINNT\system32\DRIVERS\msikbd2k.sys [2001-12-20 08:02]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINNT\system32\drivers\sp_rsdrv2.sys [2008-06-25 12:41]
R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 05:41]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINNT\system32\drivers\asusgsb.sys [2007-10-23 17:48]
R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINNT\system32\DRIVERS\AsusVRC.sys [2007-01-29 17:12]
R3 SBAPIFS;SBAPIFS;C:\WINNT\system32\drivers\sbapifs.sys []
R3 Video3D;ASUS Video3D Service;C:\WINNT\system32\Drivers\Video3D32.sys [2007-10-23 17:48]
S3 axskbus;axskbus;C:\WINNT\system32\DRIVERS\axskbus.sys []
S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\Maciek\USTAWI~1\Temp\cdrmkaun.sys []
S3 mamotou;mamotou;C:\WINNT\system32\DRIVERS\mamotou.sys [2005-11-07 17:50]

*Newly Created Service* - SBAPIFS
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 14:04:44
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-06-26 14:05:23
ComboFix-quarantined-files.txt  2008-06-26 12:05:19
ComboFix2.txt  2008-06-26 10:09:36
ComboFix3.txt  2008-06-26 07:54:52

Pre-Run: 31,008,063,488 bajtów wolnych
Post-Run: 31,009,034,240 bajtów wolnych

130	--- E O F ---	2008-06-26 07:52:26

HiJack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:07:21, on 2008-06-26
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\WINNT\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\WgaTray.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Maciek\Moje dokumenty\hjt\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Documents and Settings\Maciek\Moje dokumenty\gg\Gadu-Gadu\gg.exe" /tray
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINNT\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 3263 bytes

SilentRunners

"Silent Runners.vbs", revision 58, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Gadu-Gadu" = ""C:\Documents and Settings\Maciek\Moje dokumenty\gg\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NvCplDaemon" = "RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup" [MS]
"SpywareTerminator" = ""C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"" ["Crawler.com"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
  -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania"
				   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
				   \InProcServer32\(Default) = "C:\WINNT\system32\hticons.dll" ["Hilgraeve, Inc."]
"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"
  -> {HKLM...CLSID} = "IE Microsoft AutoComplete"
				   \InProcServer32\(Default) = "C:\WINNT\system32\browseui.dll" [MS]
"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"
  -> {HKLM...CLSID} = "History Band"
				   \InProcServer32\(Default) = "C:\WINNT\system32\shdocvw.dll" [MS]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
				   \InProcServer32\(Default) = "C:\WINNT\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
				   \InProcServer32\(Default) = "C:\WINNT\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
				   \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
				   \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
				   \InProcServer32\(Default) = "C:\WINNT\system32\nvshell.dll" ["NVIDIA Corporation"]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
				   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
  -> {HKLM...CLSID} = "AVG7 Find Extension Class"
				   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Rozszerzenie ikon plików programu Outlook"
				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
				   \InProcServer32\(Default) = "C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll" ["RealNetworks, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{BD88A479-9623-4897-8546-BC62B9628F44}" = "SPTHandler"
  -> {HKLM...CLSID} = "SPTHandler"
				   \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [file not found]| [file not found]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
				   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}"
  -> {HKLM...CLSID} = "SPTHandler"
				   \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
  -> {HKLM...CLSID} = "AVG7 Shell Extension Class"
				   \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}"
  -> {HKLM...CLSID} = "SPTHandler"
				   \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
				   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}"
  -> {HKLM...CLSID} = "SPTHandler"
				   \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoDrives" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideLogoffScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"RunLogonScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}

"RunStartupScriptSync" = (REG_DWORD) dword:0x00000000
{unrecognized setting}

"HideStartupScripts" = (REG_DWORD) dword:0x00000000
{unrecognized setting}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINNT\web\wallpaper\Idylla.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Maciek\Dane aplikacji\Microsoft\Internet Explorer\Tapeta programu Internet Explorer.bmp"


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

FunMultiMediaHandler\
"Provider" = "MultiMedia Manager"
"ProgID" = "FUNBOX.Autoplay"
HKLM\SOFTWARE\Classes\FUNBOX.Autoplay\CLSID\(Default) = "{DF866F1F-10DF-4694-94A9-7F526FC8800A}"
  -> {HKLM...CLSID} = "FUNBOX Autoplay Sample 2"
				   \LocalServer32\(Default) = "C:\Program Files\Samsung\Samsung PC Studio 3\Share_autoplay.exe" ["TODO: <** **>" (unwritable string)]

MSPlayCDAudioOnArrival\
"Provider" = "ALLPlayer"
"InvokeProgID" = "AllPlayerFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\AllPlayerFile\shell\play\command\(Default) = ""C:\Program Files\MarBit\ALLPlayer\ALLPlayer.exe" "%1"" ["MarBit"]

NeroAutoPlay2CDAudio\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2CopyCD\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2DataDisc\
"Provider" = "Nero Express"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]

WinampMTPHandler\
"Provider" = "Winamp"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = "C:\Program Files\Winamp\winamp.exe"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
  -> {HKLM...CLSID} = "ShellExecute HW Event Handler"
				   \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

WinampPlayMediaOnArrival\
"Provider" = "Winamp"
"InvokeProgID" = "Winamp.File"
"InvokeVerb" = "Play"
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\command\(Default) = ""C:\Program Files\Winamp\winamp.exe" "%1"" ["Nullsoft"]
HKLM\SOFTWARE\Classes\Winamp.File\shell\Play\DropTarget\CLSID = "{46986115-84D6-459c-8F95-52DD653E532E}"
  -> {HKLM...CLSID} = (no title provided)
				   \LocalServer32\(Default) = ""C:\Program Files\Winamp\winamp.exe"" ["Nullsoft"]

Próbowałem różnymi anty wirusami itp. ale nic nie daje. Pierw zamiast tapety miałem informacje o tym, że na moim komputerze jest spyware, po 1 dniu to znikło ale mam kolejne problemy:
-Internet się rozłącza co jakiś czas i trzeba resetować kompute.
-Przy włączaniu komputera pokazuje mi się takie coś:
Dołączona grafika
-A na pasku zadań:
Dołączona grafika

Da to się jakoś naprawić ?
PS windows orginalny.
PS2 prosze o nie pisanie skomplikowanych rzeczy bo się nie znam dobrze na komputerach.

  • 0

#2 wncvirus

wncvirus

    Leń !

  • 851 postów

Napisano 26 06 2008 - 14:26

Log combofix:
Wklej do notatnika

C:\WINNT\system32\phc1c1j0eg03.bmp
 C:\WINNT\system32\blphc1c1j0eg03.scr

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->Dołączona grafika
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.

Log hjt czysty
Log Silent czysty

  • 0

#3 Maciekk_

Maciekk_

    Nowy

  • 3 postów

Napisano 26 06 2008 - 14:50 

ComboFix 08-06-20.4 - Maciek 2008-06-26 14:44:32.6 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1497 [GMT 2:00]
Running from: C:\Documents and Settings\Maciek\Moje dokumenty\hjt\ComboFix.exe
Command switches used :: C:\Documents and Settings\Maciek\Moje dokumenty\hjt\CFScript.txt
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED [img]http://www.forum.tweaks.pl/public/style_emoticons/default/excl.gif[/img][/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-05-26 to 2008-06-26  )))))))))))))))))))))))))))))))
.

2008-06-26 11:27 . 2008-06-26 11:27	0	--a------	C:\WINNT\nsreg.dat
2008-06-26 06:43 . 2008-06-26 06:43	<DIR>	d--------	C:\Program Files\MSXML 4.0
2008-06-25 21:36 . 2008-06-14 20:01	273,024	---------	C:\WINNT\system32\drivers\bthport.sys
2008-06-25 21:36 . 2008-06-14 20:01	273,024	-----c---	C:\WINNT\system32\dllcache\bthport.sys
2008-06-25 21:33 . 2007-07-09 15:11	584,192	-----c---	C:\WINNT\system32\dllcache\rpcrt4.dll
2008-06-25 21:31 . 2008-05-08 14:28	202,752	-----c---	C:\WINNT\system32\dllcache\rmcast.sys
2008-06-25 19:55 . 2008-06-25 19:55	<DIR>	d--------	C:\WINNT\system32\xircom
2008-06-25 19:55 . 2008-06-25 19:55	<DIR>	d--------	C:\Program Files\microsoft frontpage
2008-06-25 14:49 . 2008-06-25 14:49	15,544	--a------	C:\WINNT\system32\drivers\sbhr.sys
2008-06-25 14:09 . 2008-06-25 14:17	<DIR>	d-a------	C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-06-25 13:01 . 2008-06-25 13:01	<DIR>	d--------	C:\Documents and Settings\Maciek\Dane aplikacji\Sunbelt Software
2008-06-25 13:01 . 2008-06-25 13:01	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Sunbelt Software
2008-06-25 13:01 . 2008-06-25 13:01	0	--a------	C:\WINNT\system32\SBRC.dat
2008-06-25 13:01 . 2008-06-25 13:01	0	--a------	C:\WINNT\system32\SBFC.dat
2008-06-25 13:00 . 2008-06-25 13:00	<DIR>	d--------	C:\Program Files\Sunbelt Software
2008-06-25 12:41 . 2008-06-26 11:09	<DIR>	d--------	C:\Program Files\Spyware Terminator
2008-06-25 12:41 . 2008-06-26 11:17	<DIR>	d--------	C:\Documents and Settings\Maciek\Dane aplikacji\Spyware Terminator
2008-06-25 12:41 . 2008-06-26 11:09	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Spyware Terminator
2008-06-25 12:41 . 2008-06-25 12:41	141,312	--a------	C:\WINNT\system32\drivers\sp_rsdrv2.sys
2008-06-25 11:19 . 2008-06-25 11:19	<DIR>	d--------	C:\Program Files\Lavasoft
2008-06-25 11:19 . 2008-06-25 11:19	<DIR>	d--------	C:\Documents and Settings\Maciek\Dane aplikacji\Lavasoft
2008-06-25 11:11 . 2008-06-25 11:11	<DIR>	d--------	C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-06-24 22:34 . 2008-06-25 15:15	90,838	--a------	C:\WINNT\system32\phc1c1j0eg03.bmp
2008-06-24 22:34 . 2008-06-25 15:15	60,928	--a------	C:\WINNT\system32\blphc1c1j0eg03.scr
2008-06-24 22:33 . 2008-06-24 22:33	54,156	--ah-----	C:\WINNT\QTFont.qfn
2008-06-24 22:33 . 2008-06-24 22:33	1,409	--a------	C:\WINNT\QTFont.for
2008-06-04 15:44 . 2008-06-04 15:44	<DIR>	d--------	C:\Soldat
2008-06-03 19:47 . 2008-06-03 19:47	<DIR>	d--------	C:\Program Files\Google
2008-06-02 21:32 . 2008-06-02 21:32	<DIR>	d--------	C:\Documents and Settings\Maciek\Dane aplikacji\DAEMON Tools
2008-05-31 21:21 . 2008-05-31 21:21	0	-ra------	C:\logwmemory.bin
2008-05-31 21:19 . 2008-05-31 21:19	<DIR>	d--------	C:\Documents and Settings\Maciek\Dane aplikacji\Soldat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-26 07:57	---------	d-----w	C:\Documents and Settings\Maciek\Dane aplikacji\AVG7
2008-06-25 09:10	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 16:01	---------	d-----w	C:\Documents and Settings\Beata.LESZEK-4025D4B0\Dane aplikacji\AVG7
2008-06-18 16:47	---------	d-----w	C:\Documents and Settings\Maciek\Dane aplikacji\teamspeak2
2008-06-15 14:49	196,608	----a-w	C:\WINNT\system32\drivers\nStandard.bin
2008-05-24 07:44	43,520	----a-w	C:\WINNT\system32\CmdLineExt03.dll
2008-05-23 18:22	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-05-23 18:12	---------	d-----w	C:\Program Files\Sygate
2008-05-16 21:00	---------	d-----w	C:\Documents and Settings\Maciek\Dane aplikacji\Winamp
2008-05-08 12:28	202,752	----a-w	C:\WINNT\system32\drivers\rmcast.sys
2008-05-07 05:03	1,291,776	----a-w	C:\WINNT\system32\quartz.dll
2008-04-21 06:58	669,184	----a-w	C:\WINNT\system32\wininet.dll
2008-04-13 17:28	98,304	----a-w	C:\WINNT\system32\qttask.exe
2008-04-12 11:09	9,309,344	----a-w	C:\winamp5531_full_emusic-7plus_sv-se.exe
2008-04-12 11:05	1,732,834	----a-w	C:\ALLPlayer_[www.instalki.pl].exe
2008-04-10 18:16	6,184,960	----a-w	C:\epson26382eu.exe
2008-04-10 18:10	24,754,048	----a-w	C:\AdbeRdr812_pl_PL.exe
2008-04-09 20:26	499,712	----a-w	C:\WINNT\system32\msvcp71.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-06-26_ 9.54.38,35   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-26 07:32:55	2,048	--s-a-w	C:\WINNT\bootstat.dat
+ 2008-06-26 11:43:10	2,048	--s-a-w	C:\WINNT\bootstat.dat
- 2008-06-26 04:47:05	2,912	----a-w	C:\WINNT\SoftwareDistribution\EventCache\{83906E52-06C3-467E-9800-9051A2D159BE}.bin
+ 2008-06-26 08:02:10	2,912	----a-w	C:\WINNT\SoftwareDistribution\EventCache\{83906E52-06C3-467E-9800-9051A2D159BE}.bin
- 2007-04-10 12:02:50	1,476,992	------w	C:\WINNT\system32\LegitCheckControl.dll
+ 2008-03-20 16:06:36	1,480,232	----a-w	C:\WINNT\system32\LegitCheckControl.DLL
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Documents and Settings\Maciek\Moje dokumenty\gg\Gadu-Gadu\gg.exe" [2008-03-20 12:04 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [2007-12-07 07:51 8523776]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-25 12:41 1817600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
"vidc.yv12"= C:\PROGRA~1\ACEMEG~1\SystemS\ATI\atiyuv12.DLL
"vidc.divx"= C:\PROGRA~1\ACEMEG~1\SystemS\DivX\DivX520.dll
"vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
"vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
"msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\WINNT\\system32\\sessmgr.exe"=
"C:\\Soldat\\Soldat.exe"=
"E:\\cs 1.6\\hl.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 SBHR;SBHR;C:\WINNT\system32\drivers\sbhr.sys [2008-06-25 14:49]
R1 EIO_XP;EIO_XP;C:\WINNT\system32\drivers\EIO_XP.sys [2006-06-14 13:44]
R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINNT\system32\DRIVERS\msikbd2k.sys [2001-12-20 08:02]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINNT\system32\drivers\sp_rsdrv2.sys [2008-06-25 12:41]
R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2001-08-06 05:41]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINNT\system32\drivers\asusgsb.sys [2007-10-23 17:48]
R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\WINNT\system32\DRIVERS\AsusVRC.sys [2007-01-29 17:12]
R3 SBAPIFS;SBAPIFS;C:\WINNT\system32\drivers\sbapifs.sys []
R3 Video3D;ASUS Video3D Service;C:\WINNT\system32\Drivers\Video3D32.sys [2007-10-23 17:48]
S3 axskbus;axskbus;C:\WINNT\system32\DRIVERS\axskbus.sys []
S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\Maciek\USTAWI~1\Temp\cdrmkaun.sys []
S3 mamotou;mamotou;C:\WINNT\system32\DRIVERS\mamotou.sys [2005-11-07 17:50]

*Newly Created Service* - SBAPIFS
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-26 14:45:15
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-06-26 14:45:47
ComboFix-quarantined-files.txt  2008-06-26 12:45:40
ComboFix2.txt  2008-06-26 12:05:24
ComboFix3.txt  2008-06-26 10:09:36
ComboFix4.txt  2008-06-26 07:54:52

Pre-Run: 30,980,804,608 bajtów wolnych
Post-Run: 30,982,635,520 bajtów wolnych

131	--- E O F ---	2008-06-26 07:52:26

Taki kod otrzymałem, folder usunięty ale te powiadomienia nie zniknęły.
  • 0

#4 wncvirus

wncvirus

    Leń !

  • 851 postów

Napisano 26 06 2008 - 17:56

Log combofix:
Wklej do notatnika

FILE::
C:\WINNT\system32\phc1c1j0eg03.bmp
 C:\WINNT\system32\blphc1c1j0eg03.scr

>>Plik>>Zapisz jako... >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe)
– podobnie jak na tym obrazku -->Dołączona grafika
(jeśli pojawi się pytanie "1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)
Po restarcie usuń ręcznie folder C: \Qoobox.

Ps:Wybacz ale wczoraj pod wpływem zmęczenia dałem Ci złą instrukcje usuwania.Ta jest dobra i jak usuniesz to będzie dobrze wszystko.Przepraszam.
  • 0

#5 Maciekk_

Maciekk_

    Nowy

  • 3 postów

Napisano 26 06 2008 - 19:04

Zrobiłem wszystko co kazałeś, ale ciągle mam problem z tym powiadomieniem o nieorginalności oprogramowania.
Da się to jakoś usunąć od kiedy mam windows XP nigdy nie miałem podobnego przypadku.

Dołączona grafika

Ta informacja na pasku narzędzi mi nawet nie przeszkadza ale to przy włączaniu komputera troche denerwuje.
PS problem z internetem narazie znikł :P
  • 0

#6 wncvirus

wncvirus

    Leń !

  • 851 postów

Napisano 26 06 2008 - 19:50

A widnowsa masz oryginalnego?.Tylko nie kłam!
  • 0

#7 Gość_Wojtex16_*

Gość_Wojtex16_*

Napisano 26 06 2008 - 19:54

Napisz skąd masz ten system? Masz naklejkę? Masz Oryginalną płytę?

  • 0
Wróć do Bezpieczeństwo (wirusy i trojany)


Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych

  1. Forum Komputerowe Tweaks.pl
  2. Oprogramowanie
  3. Bezpieczeństwo (wirusy i trojany)
  4. Polityka prywatności
  5. Szukaj
  6. Regulamin Forum ·