Problem z drwtsn.exe i explorer.exe

przez **milosznik** » 09 Lip 2008, 22:22

Witam! Pojawił mi się ostatnio problem z drwtsn.exe i explorer.exe. Poszukałem trochę w sieci, zrobiłem co się dało.. I nadal błąd wyskakuje:( Proszę o sprawdzenie loga z HijackThis

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:59:12, on 2008-07-09 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Vtune\TBPanel.exe C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\RaConfig.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Gadu-Gadu\gg.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\explorer.exe C:\Program Files\Opera\opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://wer-mit-wem.webhop.net/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: SafeIE Utility - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOWS\system32\safeie.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] javaw -cp "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe O8 - Extra context menu item: &Ściągnij wszystko za pomocą WellGeta - C:\Program Files\WellGet\nxall.htm O8 - Extra context menu item: Ściągnij za pomocą &WellGeta - C:\Program Files\WellGet\nxcatch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - E:\Program Files\WellGet\WellGet.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.amnezja.org/ O17 - HKLM\System\CCS\Services\Tcpip\..\{3B4ABBCD-88BD-4C06-A9CF-136F3B3BE1B0}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5181 bytes

przez **huber2t** » 10 Lip 2008, 06:22

fix w hijackthis

O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] javaw -cp "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - E:\Program Files\WellGet\WellGet.exe (file missing)

Pokaż log z Combofix

przez **milosznik** » 10 Lip 2008, 10:34

Zrobiłem jak poradziłeś:) Wklejam loga z ComboFixa:

Kod: Zaznacz wszystko: ComboFix 08-07-09.5 - Monika i Miłosz 2008-07-10 10:18:41.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.623 [GMT 2:00] Running from: C:\Documents and Settings\Monika i Miłosz\Pulpit\ComboFix.exe * Created a new restore point * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))) . 2008-07-09 21:58 . 2008-07-09 21:58 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-08 21:29 . 2008-07-08 21:29 <DIR> d-------- C:\Program Files\Uniblue 2008-07-08 21:29 . 2008-07-08 21:29 <DIR> d-------- C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\Uniblue 2008-06-18 10:37 . 2008-07-01 21:13 <DIR> d-------- C:\Documents and Settings\Monika i Miłosz\dwhelper 2008-06-18 10:37 . 2008-07-01 21:13 <DIR> d-------- C:\Documents and Settings\Monika i Miłosz\dwhelper 2008-06-12 12:48 . 2008-06-12 12:51 <DIR> d-------- C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\WebStripper 2008-06-12 12:41 . 2008-06-12 12:41 <DIR> d-------- C:\Program Files\Solent . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-10 06:29 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-07-10 06:12 --------- d-----w C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\skypePM 2008-07-09 20:00 --------- d-----w C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\OpenOfficeT72 2008-07-08 19:05 --------- d-----w C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\foobar2000 2008-07-01 19:53 --------- d-----w C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\gtk-2.0 2008-06-21 21:54 5,549 ----a-w C:\Program Files\Domyślny.prf.ini 2008-06-21 21:54 5,549 ----a-w C:\Program Files\CDex.ini 2008-06-17 07:06 --------- d-----w C:\Program Files\Winamp 2008-06-17 07:05 --------- d-----w C:\Program Files\IPLA 2008-06-14 17:37 --------- d-----w C:\Program Files\Opera 2008-06-07 20:59 --------- d-----w C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\ipla 2008-06-07 20:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ipla 2008-06-06 21:18 --------- d-----w C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\Skype 2008-06-01 16:38 --------- d-----w C:\Program Files\DVDVideoSoft 2008-06-01 15:59 --------- d-----w C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\AVSMedia 2008-06-01 15:52 --------- d-----w C:\Program Files\Common Files\AVSMedia 2008-06-01 15:49 --------- d-----w C:\Program Files\Video mp3 Extractor 2008-06-01 10:57 --------- d-----w C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\uTorrent 2008-06-01 08:25 --------- d-----w C:\Program Files\Scribus 1.3.3.11 2008-05-31 13:23 --------- d-----w C:\Program Files\gs 2008-05-31 09:43 --------- d-----w C:\Program Files\Google 2008-05-30 20:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2008-05-28 16:15 --------- d-----w C:\Program Files\Mgtweak 2008-05-23 06:26 --------- d-----w C:\Program Files\Gadu-Gadu 2008-05-19 14:50 --------- d-----w C:\Program Files\Common Files\Ahead 2008-05-19 14:50 --------- d-----w C:\Program Files\Ahead 2008-05-18 19:34 37,644 ---ha-w C:\Program Files\CDEX.GID 2008-05-18 19:20 5,041 ----a-w C:\Program Files\Default.prf.ini 2008-05-18 19:19 50,354 ----a-w C:\Program Files\deinstalacja.exe 2008-05-18 19:19 --------- d-----w C:\Program Files\Plugins 2008-05-18 19:19 --------- d-----w C:\Program Files\LocalCDDB 2008-05-18 15:00 --------- d-----w C:\Program Files\IZArc 2008-05-18 14:35 --------- d-----w C:\Program Files\Common Files\Nero 2008-05-18 14:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-05-14 19:13 --------- d-----w C:\Program Files\FMA 2 2008-04-17 12:35 304,160 ----a-w C:\PA207.DAT 2007-12-27 09:43 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2007-11-21 20:48 13,256,032 ----a-w C:\Program Files\PDFCreator-0_9_3_GPLGhostscript.exe 2003-09-12 20:02 1,634,364 ----a-w C:\Program Files\CDex.exe 2003-09-10 18:50 383,249 ----a-w C:\Program Files\CDEX.HLP 2003-09-10 18:49 96,768 ----a-w C:\Program Files\libsndfile.dll 2003-09-10 18:49 36,352 ----a-w C:\Program Files\MP2enc.dll 2003-09-10 18:48 83,456 ----a-w C:\Program Files\CDRip.dll 2003-09-10 18:48 21,889 ----a-w C:\Program Files\Changes.txt 2003-09-10 18:23 7,051 ----a-w C:\Program Files\CDex.cnt 2003-02-04 22:22 4,320 ----a-w C:\Program Files\readme.txt 2003-01-21 17:26 99,840 ----a-w C:\Program Files\lame_enc.dll 2002-08-07 20:07 71,680 ----a-w C:\Program Files\MACDll.dll 2002-07-19 17:26 61,440 ----a-w C:\Program Files\vorbisenc.dll 2002-07-19 17:26 16,384 ----a-w C:\Program Files\ogg.dll 2002-07-19 17:26 107,008 ----a-w C:\Program Files\vorbis.dll 2002-04-20 11:07 69,632 ----a-w C:\Program Files\WMA8Connect.dll . ------- Sigcheck ------- 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2gdr\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2qfe\tcpip.sys 2004-09-15 00:25 359040 7b11118b078b88f87183fe69eda43137 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 16:08 21686568] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-05-22 15:15 2131392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-24 16:26 921600] "Gainward"="C:\Program Files\Vtune\TBPanel.exe" [2007-06-26 15:08 2158592] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 07:26 7700480] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 07:26 86016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe] "nwiz"="nwiz.exe" [2007-04-19 07:26 1626112 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-05 17:09:18 108544] RaConfig.lnk - C:\WINDOWS\system32\RaConfig.exe [2007-08-24 18:06:05 380928] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"= 5 (0x5) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"= 5 (0x5) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\FileZilla FTP Client\\filezilla.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\WINDOWS\\system32\\javaw.exe"= R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys [2007-02-03 06:56] R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34] R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 11:26] R3 RT2400;RT2400 Wireless Driver;C:\WINDOWS\system32\DRIVERS\RT2400.sys [2003-10-08 13:14] S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2005-03-22 04:03] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-03-05 16:07:00 C:\WINDOWS\Tasks\20080305_165900_Monika i Miłosz.job" - C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp.exeC/TASKTYPE:NBSERVICE /JOBFILE: . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-10 10:19:36 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\Eset\pr_imon.dll . Completion time: 2008-07-10 10:20:12 ComboFix-quarantined-files.txt 2008-07-10 08:19:52 Pre-Run: 28,189,523,968 bajtów wolnych Post-Run: 29,066,878,976 bajtów wolnych 148 --- E O F --- 2008-01-09 06:48:29

przez **huber2t** » 10 Lip 2008, 11:16

Log wyglada na czysty

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!

przez **milosznik** » 10 Lip 2008, 22:23

Uff.... Trochę to wszystko trwało, ale jest już ok. Po skanowaniu Dr.Webem jest tak:

Kod: Zaznacz wszystko: 2N2CUZCA.NQF;C:\Program Files\Eset\infected;Adware.NavHelper;Niewyleczalny.UsuniÍty.; 4WD0OOAA.NQF;C:\Program Files\Eset\infected;Adware.NavHelper;Niewyleczalny.UsuniÍty.; BW3E5TCA.NQF\data006;C:\Program Files\Eset\infected\BW3E5TCA.NQF;Adware.OneStep;; BW3E5TCA.NQF\data007;C:\Program Files\Eset\infected\BW3E5TCA.NQF;Adware.OneStep;; BW3E5TCA.NQF;C:\Program Files\Eset\infected;Archiwum zawierajĻce zainfekowane obiekty;UsuniÍty.; INOQNBBA.NQF;C:\Program Files\Eset\infected;Adware.NavHelper;UsuniÍty.; QJKAVFCA.NQF;C:\Program Files\Eset\infected;Trojan.MoemoneyAd;UsuniÍty.; SN0TKIAA.NQF;C:\Program Files\Eset\infected;Dialer.Star;UsuniÍty.; StreetAtlas8.vbs;C:\Program Files\FMA 2\sframework\plugins;Prawdopodobnie SCRIPT.Virus;UsuniÍty.;

Dzięki wielkie za pomoc!
Pozdrawiam!

przez **huber2t** » 10 Lip 2008, 23:34

pliki się pousuwały

Powinno byc ok

przez **milosznik** » 11 Lip 2008, 09:47

Faktycznie działa bez problemów

Dzięki raz jeszcze!

przez **milosznik** » 13 Lip 2008, 10:05

milosznik napisał(a):Faktycznie działa bez problemów

Jak się okazuje to jednak problem pojawił się znowu. Kolejny raz ten sam błąd. Wklejam loga z HijackThisa, moze coś tam znajdziecie...

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:59:21, on 2008-07-13 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Vtune\TBPanel.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: SafeIE Utility - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOWS\system32\safeie.dll O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Ściągnij wszystko za pomocą WellGeta - C:\Program Files\WellGet\nxall.htm O8 - Extra context menu item: Ściągnij za pomocą &WellGeta - C:\Program Files\WellGet\nxcatch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.amnezja.org/ O17 - HKLM\System\CCS\Services\Tcpip\..\{3B4ABBCD-88BD-4C06-A9CF-136F3B3BE1B0}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 4355 bytes

przez **huber2t** » 13 Lip 2008, 10:15

W logu czysto

Pokaż log z Combofix, silentrunners i Kasperskego

przez **milosznik** » 14 Lip 2008, 23:21

Najpierw kod z SR

Kod: Zaznacz wszystko: "Silent Runners.vbs", revision 58, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu S.A."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "nod32kui" = ""C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE" ["Eset "] "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."] "Gainward" = "C:\Program Files\Vtune\TBPanel.exe /A" [null data] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."] {B5D4581D-ED6A-4905-A267-25BAF7BE79C1}\(Default) = "SafeIE Utility" -> {HKLM...CLSID} = "FiltrateIE Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\safeie.dll" [empty string] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "NOD32 Context Menu Shell Extension" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{CA5FEE26-14C1-4B5A-86E9-233FC0EE2682}" = "IZArc DragDrop Menu" -> {HKLM...CLSID} = "IZArc DragDrop Menu" \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data] "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" = "IZArc Shell Context Menu" -> {HKLM...CLSID} = "IZArc Shell Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data] "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOfficeT7 2.3.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" = "OpenOffice.org Infotip Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOfficeT7 2.3.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice.org Property Sheet Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOfficeT7 2.3.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] "{3B092F0C-7696-40E3-A80F-68D74DA84210}" = "OpenOffice.org Thumbnail Viewer" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOfficeT7 2.3.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = "OpenOffice.org Column Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = ""C:\Program Files\OpenOfficeT7 2.3.1\program\shlxthdl.dll"" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" -> {HKLM...CLSID} = "IZArc Shell Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data] NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ IZArcCM\(Default) = "{8D9D4D0D-FDDD-44CB-AAB2-6161FA0757C5}" -> {HKLM...CLSID} = "IZArc Shell Context Menu" \InProcServer32\(Default) = "C:\PROGRA~1\IZArc\IZArcCM.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ NOD32 Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "NOD32 Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Eset\nodshex.dll" [null data] Default executables: -------------------- <<!>> HKLM\SOFTWARE\Classes\.com\(Default) = "ComFile" Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoRecentDocsMenu" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoRecentDocsMenu" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "MaxRecentDocs" = (REG_DWORD) dword:0x00000005 {unrecognized setting} "NoDrives" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "DisableRegistryTools" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLegacyLogonScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideLogoffScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "RunLogonScriptSync" = (REG_DWORD) dword:0x00000001 {unrecognized setting} "RunStartupScriptSync" = (REG_DWORD) dword:0x00000000 {unrecognized setting} "HideStartupScripts" = (REG_DWORD) dword:0x00000000 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\Monika i Miłosz\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ AVSVTVideoCameraArrival\ "Provider" = "AVS Capture Wizard" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = "C:\Program Files\AVSMedia\VideoTools\CaptureWizard\CaptureWizard.exe" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] CDBurnerXP\ "Provider" = "CDBurnerXP" "InvokeProgID" = "CDBurnerXPOpen" "InvokeVerb" = "open" HKLM\SOFTWARE\Classes\CDBurnerXPOpen\shell\open\command\(Default) = ""C:\Program Files\CDBurnerXP\cdbxpp.exe"" [null data] ImgBurnCDBurningOnArrival_BuildImage\ "Provider" = "ImgBurn" "InvokeProgID" = "ImgBurn.AutoPlay.1" "InvokeVerb" = "HandleCDBurningOnArrival_BuildImage" HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BuildImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE ISOBUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"] ImgBurnCDBurningOnArrival_BurnImage\ "Provider" = "ImgBurn" "InvokeProgID" = "ImgBurn.AutoPlay.1" "InvokeVerb" = "HandleCDBurningOnArrival_BurnImage" HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleCDBurningOnArrival_BurnImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE ISOWRITE /DEST "%1"" ["LIGHTNING UK!"] ImgBurnDVDBurningOnArrival_BuildImage\ "Provider" = "ImgBurn" "InvokeProgID" = "ImgBurn.AutoPlay.1" "InvokeVerb" = "HandleDVDBurningOnArrival_BuildImage" HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BuildImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE ISOBUILD /BUILDMODE DEVICE /DEST "%1"" ["LIGHTNING UK!"] ImgBurnDVDBurningOnArrival_BurnImage\ "Provider" = "ImgBurn" "InvokeProgID" = "ImgBurn.AutoPlay.1" "InvokeVerb" = "HandleDVDBurningOnArrival_BurnImage" HKLM\SOFTWARE\Classes\ImgBurn.AutoPlay.1\shell\HandleDVDBurningOnArrival_BurnImage\Command\(Default) = ""C:\Program Files\ImgBurn\ImgBurn.exe" /MODE ISOWRITE /DEST "%1"" ["LIGHTNING UK!"] NeroAutoPlay2AudioToNeroDigital\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "PlayCDAudioOnArrival_AudioToNeroDigital" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_AudioToNeroDigital\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracks /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2CDAudio\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "HandleCDBurningOnArrival_CDAudio" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /New:AudioCD /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2CopyCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "PlayCDAudioOnArrival_CopyCD" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2DataDisc\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "HandleCDBurningOnArrival_DataDisc" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /New:ISODisc /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2LaunchNeroStartSmart\ "Provider" = "Nero StartSmart" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2RipCD\ "Provider" = "Nero Burning ROM" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "PlayCDAudioOnArrival_RipCD" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_RipCD\command\(Default) = "C:\Program Files\Ahead\nero\nero.exe /Dialog:SaveTracks /Drive:%L" ["Ahead Software AG"] NeroAutoPlay7VideoCapture\ "Provider" = "Nero Vision Essentials" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe" /New:VideoCapture" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] Startup items in "Monika i Miłosz" & "All Users" startup folders: ----------------------------------------------------------------- WARNING! "All Users" startup folder not found! Enabled Scheduled Tasks: ------------------------ "20080305_165900_Monika i Miłosz" -> launches: "C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp.exe /TASKTYPE:NBSERVICE /JOBFILE:"20080305_165900_Monika i Miłosz.nji"" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: C:\WINDOWS\system32\imon.dll ["Eset "], 01 - 05, 11 %SystemRoot%\system32\mswsock.dll [MS], 06 - 08, 12 - 23 %SystemRoot%\system32\rsvpsp.dll [MS], 09 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_05" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_05" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll" ["Sun Microsystems, Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.amnezja.org/ Missing lines (compared with English-language version): [Strings]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ NMSAccessU, NMSAccessU, "C:\Program Files\CDBurnerXP\NMSAccessU.exe" [null data] NOD32 Kernel Service, NOD32krn, ""C:\Program Files\Eset\nod32krn.exe"" ["Eset "] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ PDFCreator\Driver = "pdfcmnnt.dll" [null data] ---------- (launch time: 2008-07-14 23:15:38) + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 28 seconds, including 10 seconds for message boxes)

Reszta chyba jutro bo zasypiam nad klawiaturką:)
Pozdr!

przez **huber2t** » 15 Lip 2008, 06:05

W logu nic nie widzę
Pokaż resztę logów w jednymczasie

przez **milosznik** » 16 Lip 2008, 10:10

Wklejam loga z ComboFixa i raport z Kasperskyego. Dodam jeszcze, że problem z tymi aplikacjami pojawia się gdy korzystam z IrfanView.

Log ComboFix:

Kod: Zaznacz wszystko: ComboFix 08-07-14.2 - Monika i Miłosz 2008-07-16 9:55:22.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.548 [GMT 2:00] Running from: C:\Documents and Settings\Monika i Miłosz\Pulpit\ComboFix.exe * Created a new restore point * Resident AV is active [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 ))))))))))))))))))))))))))))))) . 2008-07-15 22:23 . 2008-07-15 22:23 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-07-15 22:23 . 2008-07-15 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-07-10 21:22 . 2008-07-10 21:22 <DIR> d-------- C:\Documents and Settings\Monika i Miłosz\DoctorWeb 2008-07-10 21:22 . 2008-07-10 21:22 <DIR> d-------- C:\Documents and Settings\Monika i Miłosz\DoctorWeb 2008-07-09 21:58 . 2008-07-09 21:58 <DIR> d-------- C:\Program Files\Trend Micro 2008-07-08 21:29 . 2008-07-08 21:29 <DIR> d-------- C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\Uniblue 2008-06-18 10:37 . 2008-07-01 21:13 <DIR> d-------- C:\Documents and Settings\Monika i Miłosz\dwhelper 2008-06-18 10:37 . 2008-07-01 21:13 <DIR> d-------- C:\Documents and Settings\Monika i Miłosz\dwhelper . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-16 06:06 --------- d-----w C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\skypePM 2008-07-16 05:18 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-07-15 20:17 --------- d-----w C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\OpenOfficeT72 2008-07-13 09:06 --------- d-----w C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\foobar2000 2008-07-11 08:19 --------- d-----w C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\Skype 2008-07-01 19:53 --------- d-----w C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\gtk-2.0 2008-06-21 21:54 5,549 ----a-w C:\Program Files\Domyślny.prf.ini 2008-06-21 21:54 5,549 ----a-w C:\Program Files\CDex.ini 2008-06-17 07:06 --------- d-----w C:\Program Files\Winamp 2008-06-17 07:05 --------- d-----w C:\Program Files\IPLA 2008-06-14 17:37 --------- d-----w C:\Program Files\Opera 2008-06-12 10:51 --------- d-----w C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\WebStripper 2008-06-12 10:41 --------- d-----w C:\Program Files\Solent 2008-06-07 20:59 --------- d-----w C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\ipla 2008-06-07 20:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ipla 2008-06-01 16:38 --------- d-----w C:\Program Files\DVDVideoSoft 2008-06-01 15:59 --------- d-----w C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\AVSMedia 2008-06-01 15:52 --------- d-----w C:\Program Files\Common Files\AVSMedia 2008-06-01 15:49 --------- d-----w C:\Program Files\Video mp3 Extractor 2008-06-01 10:57 --------- d-----w C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\uTorrent 2008-06-01 08:25 --------- d-----w C:\Program Files\Scribus 1.3.3.11 2008-05-31 13:23 --------- d-----w C:\Program Files\gs 2008-05-31 09:43 --------- d-----w C:\Program Files\Google 2008-05-30 20:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2008-05-28 16:15 --------- d-----w C:\Program Files\Mgtweak 2008-05-23 06:26 --------- d-----w C:\Program Files\Gadu-Gadu 2008-05-19 14:50 --------- d-----w C:\Program Files\Common Files\Ahead 2008-05-19 14:50 --------- d-----w C:\Program Files\Ahead 2008-05-18 19:34 37,644 ---ha-w C:\Program Files\CDEX.GID 2008-05-18 19:20 5,041 ----a-w C:\Program Files\Default.prf.ini 2008-05-18 19:19 50,354 ----a-w C:\Program Files\deinstalacja.exe 2008-05-18 19:19 --------- d-----w C:\Program Files\Plugins 2008-05-18 19:19 --------- d-----w C:\Program Files\LocalCDDB 2008-05-18 15:00 --------- d-----w C:\Program Files\IZArc 2008-05-18 14:35 --------- d-----w C:\Program Files\Common Files\Nero 2008-05-18 14:35 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-04-17 12:35 304,160 ----a-w C:\PA207.DAT 2007-12-27 09:43 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2007-11-21 20:48 13,256,032 ----a-w C:\Program Files\PDFCreator-0_9_3_GPLGhostscript.exe 2003-09-12 20:02 1,634,364 ----a-w C:\Program Files\CDex.exe 2003-09-10 18:50 383,249 ----a-w C:\Program Files\CDEX.HLP 2003-09-10 18:49 96,768 ----a-w C:\Program Files\libsndfile.dll 2003-09-10 18:49 36,352 ----a-w C:\Program Files\MP2enc.dll 2003-09-10 18:48 83,456 ----a-w C:\Program Files\CDRip.dll 2003-09-10 18:48 21,889 ----a-w C:\Program Files\Changes.txt 2003-09-10 18:23 7,051 ----a-w C:\Program Files\CDex.cnt 2003-02-04 22:22 4,320 ----a-w C:\Program Files\readme.txt 2003-01-21 17:26 99,840 ----a-w C:\Program Files\lame_enc.dll 2002-08-07 20:07 71,680 ----a-w C:\Program Files\MACDll.dll 2002-07-19 17:26 61,440 ----a-w C:\Program Files\vorbisenc.dll 2002-07-19 17:26 16,384 ----a-w C:\Program Files\ogg.dll 2002-07-19 17:26 107,008 ----a-w C:\Program Files\vorbis.dll 2002-04-20 11:07 69,632 ----a-w C:\Program Files\WMA8Connect.dll . ------- Sigcheck ------- 2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2gdr\tcpip.sys 2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\SoftwareDistribution\Download\85df038b1f331d3835256425c1b567cb\sp2qfe\tcpip.sys 2004-09-15 00:25 359040 7b11118b078b88f87183fe69eda43137 C:\WINDOWS\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 16:08 21686568] "Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-05-22 15:15 2131392] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-24 16:26 921600] "Gainward"="C:\Program Files\Vtune\TBPanel.exe" [2007-06-26 15:08 2158592] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 07:26 7700480] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 07:26 86016] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe] "nwiz"="nwiz.exe" [2007-04-19 07:26 1626112 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:44 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"= 5 (0x5) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "MaxRecentDocs"= 5 (0x5) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\FileZilla FTP Client\\filezilla.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\WINDOWS\\system32\\javaw.exe"= R0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys [2007-02-03 06:56] R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 09:34] R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 11:26] R3 RT2400;RT2400 Wireless Driver;C:\WINDOWS\system32\DRIVERS\RT2400.sys [2003-10-08 13:14] S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2005-03-22 04:03] . Contents of the 'Scheduled Tasks' folder "2008-03-05 16:07:00 C:\WINDOWS\Tasks\20080305_165900_Monika i Miłosz.job" - C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp.exeC/TASKTYPE:NBSERVICE /JOBFILE: . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-16 09:56:13 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\Eset\pr_imon.dll . Completion time: 2008-07-16 9:56:40 ComboFix-quarantined-files.txt 2008-07-16 07:56:32 ComboFix2.txt 2008-07-10 08:20:13 Pre-Run: 29,718,585,344 bajtów wolnych Post-Run: 29,730,807,808 bajtów wolnych 146 --- E O F --- 2008-01-09 06:48:29

Kaspersky

Kod: Zaznacz wszystko: C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat Object is locked pominięty C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat Object is locked pominięty C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked pominięty C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty C:\Documents and Settings\Monika i Miłosz\Cookies\index.dat Object is locked pominięty C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\Skype\monikarupar\call256.dbb Object is locked pominięty C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\Skype\monikarupar\callmember256.dbb Object is locked pominięty C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\Skype\monikarupar\contactgroup256.dbb Object is locked pominięty C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\Skype\monikarupar\dyncontent\bundle.dat Object is locked pominięty C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\Skype\monikarupar\index2.dat Object is locked pominięty C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\Skype\monikarupar\profile256.dbb Object is locked pominięty C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\Skype\monikarupar\user1024.dbb Object is locked pominięty C:\Documents and Settings\Monika i Miłosz\Dane aplikacji\Skype\monikarupar\voicemail256.dbb Object is locked pominięty C:\Documents and Settings\Monika i Miłosz\ntuser.dat Object is locked pominięty C:\Documents and Settings\Monika i Miłosz\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\Monika i Miłosz\Ustawienia lokalne\Dane aplikacji\Microsoft\CardSpace\CardSpace.db Object is locked pominięty C:\Documents and Settings\Monika i Miłosz\Ustawienia lokalne\Dane aplikacji\Microsoft\CardSpace\CardSpace.db.shadow Object is locked pominięty C:\Documents and Settings\Monika i Miłosz\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\Monika i Miłosz\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Documents and Settings\Monika i Miłosz\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked pominięty C:\Documents and Settings\Monika i Miłosz\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked pominięty C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked pominięty C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked pominięty C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked pominięty C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked pominięty C:\Program Files\Eset\cache\CACHE.NDB Object is locked pominięty C:\Program Files\Eset\logs\virlog.dat Object is locked pominięty C:\Program Files\Eset\logs\warnlog.dat Object is locked pominięty C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty C:\System Volume Information\_restore{FAE39FD2-172D-483D-9575-8C9CCBCC0A89}\RP302\change.log Object is locked pominięty C:\WINDOWS\Debug\PASSWD.LOG Object is locked pominięty C:\WINDOWS\SchedLgU.Txt Object is locked pominięty C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked pominięty C:\WINDOWS\Sti_Trace.log Object is locked pominięty C:\WINDOWS\system32\config\AppEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\default Object is locked pominięty C:\WINDOWS\system32\config\default.LOG Object is locked pominięty C:\WINDOWS\system32\config\SAM Object is locked pominięty C:\WINDOWS\system32\config\SAM.LOG Object is locked pominięty C:\WINDOWS\system32\config\SecEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\SECURITY Object is locked pominięty C:\WINDOWS\system32\config\SECURITY.LOG Object is locked pominięty C:\WINDOWS\system32\config\software Object is locked pominięty C:\WINDOWS\system32\config\software.LOG Object is locked pominięty C:\WINDOWS\system32\config\SysEvent.Evt Object is locked pominięty C:\WINDOWS\system32\config\system Object is locked pominięty C:\WINDOWS\system32\config\system.LOG Object is locked pominięty C:\WINDOWS\system32\h323log.txt Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked pominięty C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked pominięty C:\WINDOWS\wiadebug.log Object is locked pominięty C:\WINDOWS\wiaservc.log Object is locked pominięty C:\WINDOWS\WindowsUpdate.log Object is locked pominięty E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty E:\System Volume Information\_restore{FAE39FD2-172D-483D-9575-8C9CCBCC0A89}\RP302\change.log Object is locked pominięty F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked pominięty F:\System Volume Information\_restore{FAE39FD2-172D-483D-9575-8C9CCBCC0A89}\RP302\change.log Object is locked pominięty Proces skanowania został zakończony.

przez **huber2t** » 16 Lip 2008, 11:48

Daj mi zrzut ekranu jak ten błąd wygląda

W logach czysto

przez **milosznik** » 16 Lip 2008, 15:09

Jesli błąd się pojawi to tak zrobię...

przez **huber2t** » 17 Lip 2008, 05:38

Najlepiej jakbym zobaczył ten komunikat bo w logach czysto a ja sie jedynie moge domyślac co się pojawia i z czym...

Problem z drwtsn.exe i explorer.exe

Problem z drwtsn.exe i explorer.exe

Kto jest na forum