zdravim, mam jeden problem nakej vir mi napad winlogon.exe, vim ze uz to tu parkrat bylo, koukal sem se, ale myslim ze to neni jedina vec co bych mel fixnout, tak prosim o radu pls
log:
Logfile of HijackThis v1.99.1
Scan saved at 19:00:21, on 13.9.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\sstray.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\ProxyPlus\ProxyPlus.exe
C:\WINDOWS\System32\smss1.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\program files\powerstrip\pstrip.exe
C:\WINDOWS\System32\oodtray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\`warren\programy\totalcmd\TOTALCMD.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\taskmgr.exe
c:\`warren\programy\Ad-Aware SE Personal\Ad-Aware.exe
C:\DOCUME~1\warrenek\LOCALS~1\Temp\_tc12\HIJACK~1.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O1 - Hosts: 213.195.242.14 L2authd.lineage2.com
O1 - Hosts: 213.195.242.14 L2testauthd.lineage2.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {984544AB-5FA6-46AF-BE1D-E21804DAD281} - C:\WINDOWS\System32\efcbaxx.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky\Kaspersky lab\avp.exe"
O4 - HKLM\..\Run: [SvcManager] smss1.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Nexus Radio] C:\Program Files\Nexus Radio\Nexus Radio.exe -0
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\System32\oodtray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [Windows Config System] config.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\warrenek\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Psi.lnk = C:\Program Files\Psi\psi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky\Kaspersky lab\scieplugin.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwa ... wflash.cab
O20 - Winlogon Notify: efcbaxx - C:\WINDOWS\SYSTEM32\efcbaxx.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky\Kaspersky lab\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service (file missing)
O23 - Service: Fortech Proxy+ (ProxyPlus) - FORTECH Ltd. - C:\Program Files\ProxyPlus\ProxyPlus.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
winlogon
Použij tohle: http://www.viry.cz/forum/viewtopic.php?t=16634
+ tohle radši nechej tkontrolovat na http://www.virustotal.com :
C:\WINDOWS\System32\smss1.exe
pak restart a nový log a výsledky z virustotalu sem vlož.
+ tohle radši nechej tkontrolovat na http://www.virustotal.com :
C:\WINDOWS\System32\smss1.exe
pak restart a nový log a výsledky z virustotalu sem vlož.
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Je tam toho víc, takže použij a dej sem log z CF
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Spusť znovu HijackThis
Klikni na tlačítko: Open the Mics Tools section (případně tlačítko Config... pokud jsi v okně kde se zobrazuje log z HJT)
Na hoře klikni na položku: Misc Tools pokud už nebudu vybraná
pak klikni pod položkou System tools na tlačítko: Open Uninstall Manager...
tam klikni na tlačítko: Save list...
ulož si daný log a jeho výsledek sem zkopíruj
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Poznámka:
Používáš starší verzi HijackThis, stáhni si aktuální verzi zde a tu starou před použitím vymaž a dej sem pak nový log z HJT z nové verze.
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Spusť znovu HijackThis
Klikni na tlačítko: Open the Mics Tools section (případně tlačítko Config... pokud jsi v okně kde se zobrazuje log z HJT)
Na hoře klikni na položku: Misc Tools pokud už nebudu vybraná
pak klikni pod položkou System tools na tlačítko: Open Uninstall Manager...
tam klikni na tlačítko: Save list...
ulož si daný log a jeho výsledek sem zkopíruj
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Poznámka:
Používáš starší verzi HijackThis, stáhni si aktuální verzi zde a tu starou před použitím vymaž a dej sem pak nový log z HJT z nové verze.
log z combofixu
ComboFix 07-09-14.1 - "warrenek" 1999-09-13 23:54:16.1 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.173 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-08-14 to 2007-09-14 )))))))))))))))))))))))))))))))
.
2007-09-13 20:05 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Data aplikacˇ
2007-09-13 20:05 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Nabˇdka Start
2007-09-13 20:05 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\ćablony
2007-09-13 20:05 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Okolnˇ tisk rny
2007-09-13 20:05 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Okolnˇ sˇś
2007-09-13 20:05 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Plocha
2007-09-13 20:05 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Oblˇben‚ polo§ky
2007-09-13 20:05 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Dokumenty
2007-09-13 19:45 <DIR> d-------- C:\VundoFix Backups
2007-09-13 18:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-11 22:50 <DIR> d-------- C:\Program Files\Valve
2007-09-10 09:01 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-09-10 09:01 270,336 --a------ C:\WINDOWS\system32\imon.dll
2007-09-09 22:18 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-09-09 22:04 <DIR> d-------- C:\Program Files\OO Software
2007-09-09 14:17 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-09-07 14:14 43,542 --a------ C:\WINDOWS\system32\efcbaxx.dll
2007-08-27 15:08 <DIR> d-------- C:\Program Files\Vampire The Masquerade - Redemption
2007-08-27 15:07 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-08-27 00:46 <DIR> d-------- C:\Program Files\OneStepSearch
2007-08-27 00:46 <DIR> d-------- C:\Program Files\filesubmit
2007-08-27 00:08 <DIR> d-------- C:\Program Files\TGTSoft
2007-08-22 01:10 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-08-22 01:10 <DIR> d-------- C:\Program Files\Crawler
2007-08-22 01:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-08-19 20:51 <DIR> d-------- C:\Program Files\JoWooD
2007-08-19 20:14 <DIR> d-------- C:\Program Files\Project Nomads
2007-08-19 19:59 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-08-19 19:53 <DIR> d-------- C:\Program Files\MobileForces
2007-08-17 12:57 <DIR> d-------- C:\DOCUME~1\warrenek\PsiData
2007-08-17 12:56 <DIR> d-------- C:\Program Files\Psi
2007-08-15 12:45 <DIR> d-------- C:\Program Files\The KMPlayer
2007-08-15 12:36 <DIR> d-------- C:\WINDOWS\system32\Nexus Radio
2007-08-15 12:36 <DIR> d-------- C:\Program Files\Nexus Radio
2007-08-15 12:23 372,736 --a------ C:\WINDOWS\system32\wmpheadphones.dll
2007-08-15 12:22 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-08-15 12:22 <DIR> d-------- C:\WINDOWS\system32\custom matrices
2007-08-15 12:22 <DIR> d-------- C:\WINDOWS\system32\C2MP
2007-08-15 12:03 <DIR> d-------- C:\Program Files\LEAD Technologies, Inc
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-13 23:21 774494 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-09-13 23:20 --------- d-------- C:\Program Files\GetRight
2007-09-13 19:59 870432 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-13 19:59 575660 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-13 19:59 43000864 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-13 19:59 123008 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-13 19:24 --------- d-------- C:\Program Files\mIRC
2007-09-13 18:51 --------- d-------- C:\Program Files\ICQToolbar
2007-09-13 18:51 --------- d-------- C:\Program Files\ICQLite
2007-09-13 01:23 --------- d-------- C:\Program Files\Soulseek
2007-09-10 08:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Autodesk
2007-09-09 14:02 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-05 18:40 --------- d-------- C:\Program Files\DC++
2007-09-05 12:49 --------- d-------- C:\Program Files\Octoshape Streaming Services
2007-08-15 12:23 --------- d-------- C:\Program Files\Winamp
2007-07-09 11:17 737280 --a------ C:\WINDOWS\iun6002.exe
2007-06-17 00:11 51200 --a------ C:\WINDOWS\NirCmd.exe
2002-09-20 16:05:24 311,296 --sha-r C:\WINDOWS\system32\yoqoqnp.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984544AB-5FA6-46AF-BE1D-E21804DAD281}]
2007-09-07 14:14 43542 --a------ C:\WINDOWS\System32\efcbaxx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2003-08-13 06:25 C:\WINDOWS\system32\sstray.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-01-29 02:45]
"nwiz"="nwiz.exe" [2004-01-29 02:45 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-01-29 02:45]
"kav"="C:\Program Files\Kaspersky\Kaspersky lab\avp.exe" [2006-03-24 20:09]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 16:31]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 16:14]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-06-12 16:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-13 14:02]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2007-04-08 15:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Nexus Radio"="C:\Program Files\Nexus Radio\Nexus Radio.exe" [2007-07-18 01:39]
"OODefragTray"="C:\WINDOWS\System32\oodtray.exe" [2007-05-11 02:08]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-10 09:00]
"SvcManager"="smss1.exe" [2007-03-20 20:10 C:\WINDOWS\system32\smss1.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-03-20 18:35]
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\warrenek\OctoshapeClient.exe" [2006-02-13 18:33]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31]
"WhenUSave"="C:\Program Files\Save\Save.exe" []
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2007-09-11 22:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Config System"=config.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows.exe"=yoqoqnp.exe
C:\DOCUME~1\ALLUSE~1\NABDKA~1\Programy\POSPUT~1\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-03-20 16:53:21]
GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe [2007-03-20 19:44:27]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-03-20 17:52:03]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-29 18:03:59]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-03-20 18:35:03]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2007-03-20 17:47:15]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{984544AB-5FA6-46AF-BE1D-E21804DAD281}"= C:\WINDOWS\System32\efcbaxx.dll [2007-09-07 14:14 43542]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbaxx]
efcbaxx.dll 2007-09-07 14:14 43542 C:\WINDOWS\system32\efcbaxx.dll
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys
R1 KS0108;KS0108;\??\C:\Program Files\LcdStudio\ks0108.sys
R1 LC7981;LC7981;\??\C:\Program Files\LcdStudio\LC7981.sys
R1 n3900;n3900;\??\C:\Program Files\LcdStudio\n3900.sys
R1 SED133x;SED133x;\??\C:\Program Files\LcdStudio\SED133x.sys
R1 T6963C;T6963C;\??\C:\Program Files\LcdStudio\T6963c.sys
R2 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service
R2 ProxyPlus;Fortech Proxy+;C:\Program Files\ProxyPlus\ProxyPlus.exe
R2 PStrip;PStrip;C:\WINDOWS\System32\drivers\pstrip.sys
R3 NeroCd2k;NeroCd2k;C:\WINDOWS\System32\drivers\NeroCd2k.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
*Newly Created Service* - CATCHME
*Newly Created Service* - ONESTEP_SEARCH_SERVICE
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-14 23:59:43
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-15 0:02:11
.
--- E O F ---
ComboFix 07-09-14.1 - "warrenek" 1999-09-13 23:54:16.1 - NTFSx86
Syst‚m Microsoft Windows XP Professional 5.1.2600.1.1250.1.1029.18.173 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-08-14 to 2007-09-14 )))))))))))))))))))))))))))))))
.
2007-09-13 20:05 <DIR> dr-h----- C:\DOCUME~1\ADMINI~1\Data aplikacˇ
2007-09-13 20:05 <DIR> dr------- C:\DOCUME~1\ADMINI~1\Nabˇdka Start
2007-09-13 20:05 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\ćablony
2007-09-13 20:05 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Okolnˇ tisk rny
2007-09-13 20:05 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\Okolnˇ sˇś
2007-09-13 20:05 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Plocha
2007-09-13 20:05 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Oblˇben‚ polo§ky
2007-09-13 20:05 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Dokumenty
2007-09-13 19:45 <DIR> d-------- C:\VundoFix Backups
2007-09-13 18:12 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-11 22:50 <DIR> d-------- C:\Program Files\Valve
2007-09-10 09:01 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-09-10 09:01 270,336 --a------ C:\WINDOWS\system32\imon.dll
2007-09-09 22:18 <DIR> d-------- C:\WINDOWS\system32\oodag
2007-09-09 22:04 <DIR> d-------- C:\Program Files\OO Software
2007-09-09 14:17 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-09-07 14:14 43,542 --a------ C:\WINDOWS\system32\efcbaxx.dll
2007-08-27 15:08 <DIR> d-------- C:\Program Files\Vampire The Masquerade - Redemption
2007-08-27 15:07 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-08-27 00:46 <DIR> d-------- C:\Program Files\OneStepSearch
2007-08-27 00:46 <DIR> d-------- C:\Program Files\filesubmit
2007-08-27 00:08 <DIR> d-------- C:\Program Files\TGTSoft
2007-08-22 01:10 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-08-22 01:10 <DIR> d-------- C:\Program Files\Crawler
2007-08-22 01:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Spyware Terminator
2007-08-19 20:51 <DIR> d-------- C:\Program Files\JoWooD
2007-08-19 20:14 <DIR> d-------- C:\Program Files\Project Nomads
2007-08-19 19:59 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-08-19 19:53 <DIR> d-------- C:\Program Files\MobileForces
2007-08-17 12:57 <DIR> d-------- C:\DOCUME~1\warrenek\PsiData
2007-08-17 12:56 <DIR> d-------- C:\Program Files\Psi
2007-08-15 12:45 <DIR> d-------- C:\Program Files\The KMPlayer
2007-08-15 12:36 <DIR> d-------- C:\WINDOWS\system32\Nexus Radio
2007-08-15 12:36 <DIR> d-------- C:\Program Files\Nexus Radio
2007-08-15 12:23 372,736 --a------ C:\WINDOWS\system32\wmpheadphones.dll
2007-08-15 12:22 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-08-15 12:22 <DIR> d-------- C:\WINDOWS\system32\custom matrices
2007-08-15 12:22 <DIR> d-------- C:\WINDOWS\system32\C2MP
2007-08-15 12:03 <DIR> d-------- C:\Program Files\LEAD Technologies, Inc
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-13 23:21 774494 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-09-13 23:20 --------- d-------- C:\Program Files\GetRight
2007-09-13 19:59 870432 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-13 19:59 575660 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-13 19:59 43000864 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-13 19:59 123008 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-13 19:24 --------- d-------- C:\Program Files\mIRC
2007-09-13 18:51 --------- d-------- C:\Program Files\ICQToolbar
2007-09-13 18:51 --------- d-------- C:\Program Files\ICQLite
2007-09-13 01:23 --------- d-------- C:\Program Files\Soulseek
2007-09-10 08:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATAAP~1\Autodesk
2007-09-09 14:02 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-05 18:40 --------- d-------- C:\Program Files\DC++
2007-09-05 12:49 --------- d-------- C:\Program Files\Octoshape Streaming Services
2007-08-15 12:23 --------- d-------- C:\Program Files\Winamp
2007-07-09 11:17 737280 --a------ C:\WINDOWS\iun6002.exe
2007-06-17 00:11 51200 --a------ C:\WINDOWS\NirCmd.exe
2002-09-20 16:05:24 311,296 --sha-r C:\WINDOWS\system32\yoqoqnp.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984544AB-5FA6-46AF-BE1D-E21804DAD281}]
2007-09-07 14:14 43542 --a------ C:\WINDOWS\System32\efcbaxx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"="sstray.exe" [2003-08-13 06:25 C:\WINDOWS\system32\sstray.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-01-29 02:45]
"nwiz"="nwiz.exe" [2004-01-29 02:45 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2004-01-29 02:45]
"kav"="C:\Program Files\Kaspersky\Kaspersky lab\avp.exe" [2006-03-24 20:09]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 16:31]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 16:14]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 12:06]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-06-12 16:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-05-13 14:02]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2007-04-08 15:22]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"Nexus Radio"="C:\Program Files\Nexus Radio\Nexus Radio.exe" [2007-07-18 01:39]
"OODefragTray"="C:\WINDOWS\System32\oodtray.exe" [2007-05-11 02:08]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-09-10 09:00]
"SvcManager"="smss1.exe" [2007-03-20 20:10 C:\WINDOWS\system32\smss1.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-20 18:05]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2007-03-20 18:35]
"Octoshape Streaming Services"="C:\Program Files\Octoshape Streaming Services\warrenek\OctoshapeClient.exe" [2006-02-13 18:33]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 20:31]
"WhenUSave"="C:\Program Files\Save\Save.exe" []
"Steam"="C:\Program Files\Valve\Steam\Steam.exe" [2007-09-11 22:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Config System"=config.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows.exe"=yoqoqnp.exe
C:\DOCUME~1\ALLUSE~1\NABDKA~1\Programy\POSPUT~1\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-03-20 16:53:21]
GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe [2007-03-20 19:44:27]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-03-20 17:52:03]
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-29 18:03:59]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-03-20 18:35:03]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2007-03-20 17:47:15]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{984544AB-5FA6-46AF-BE1D-E21804DAD281}"= C:\WINDOWS\System32\efcbaxx.dll [2007-09-07 14:14 43542]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbaxx]
efcbaxx.dll 2007-09-07 14:14 43542 C:\WINDOWS\system32\efcbaxx.dll
R1 fwdrv;Firewall Driver;C:\WINDOWS\System32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\System32\drivers\khips.sys
R1 KS0108;KS0108;\??\C:\Program Files\LcdStudio\ks0108.sys
R1 LC7981;LC7981;\??\C:\Program Files\LcdStudio\LC7981.sys
R1 n3900;n3900;\??\C:\Program Files\LcdStudio\n3900.sys
R1 SED133x;SED133x;\??\C:\Program Files\LcdStudio\SED133x.sys
R1 T6963C;T6963C;\??\C:\Program Files\LcdStudio\T6963c.sys
R2 OneStep Search Service;OneStep Search Service;"C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service
R2 ProxyPlus;Fortech Proxy+;C:\Program Files\ProxyPlus\ProxyPlus.exe
R2 PStrip;PStrip;C:\WINDOWS\System32\drivers\pstrip.sys
R3 NeroCd2k;NeroCd2k;C:\WINDOWS\System32\drivers\NeroCd2k.sys
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\System32\DRIVERS\psched.sys
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
*Newly Created Service* - CATCHME
*Newly Created Service* - ONESTEP_SEARCH_SERVICE
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-14 23:59:43
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-15 0:02:11
.
--- E O F ---
a tady je log z HJ
2Moons
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.5 - Czech
Akram Audio Editor
Autodesk DWF Viewer
biob.zip
Codec Pack - All In 1 6.0.3.0
Cole2k Media - Codec Pack (Advanced) 6.0.8
Creative DVD Audio Plugin for Audigy Series
DC++ 0.674
GetRight
Guitar Pro 4
HijackThis 1.99.1
ICQ Toolbar
ICQ 5.1
InterVideo WinDVD 5
Java(TM) 6 Update 2
Kaspersky Anti-Virus 6.0
Kerio Personal Firewall
Last.fm 1.3.0.62
LCDAmp 1.03
LcdStudio 2.0 build 655
LEAD MPEG-4 Video Decoder
Logitech Desktop Messenger
Logitech G-series Keyboard Software
Logitech SetPoint
Microsoft .NET Framework 2.0
Microsoft Office XP Professional s aplikací FrontPage
mIRC
Neighbours From Hell
Nero - Burning Rom
Nexus Radio
NOD32 antivirus system
Nullsoft Tray Control Icon Pack 2.2
NVIDIA Display Driver
NVIDIA nForce Drivers
O&O Defrag Server Edition
OneStep Search 1.0 build 120
Opera 9.21
Panda ActiveScan
PowerStrip 3 (remove only)
Proxy+
Psi (remove only)
QIP 2005 Uninstall
QuickTime
SAGEM F@st 800-840
SoulSeek Client 156c
Spyware Terminator
Steam
StyleXP (remove only)
The KMPlayer (remove only)
TYPSoft Alarme
Ventrilo
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
WinRAR
2Moons
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.5 - Czech
Akram Audio Editor
Autodesk DWF Viewer
biob.zip
Codec Pack - All In 1 6.0.3.0
Cole2k Media - Codec Pack (Advanced) 6.0.8
Creative DVD Audio Plugin for Audigy Series
DC++ 0.674
GetRight
Guitar Pro 4
HijackThis 1.99.1
ICQ Toolbar
ICQ 5.1
InterVideo WinDVD 5
Java(TM) 6 Update 2
Kaspersky Anti-Virus 6.0
Kerio Personal Firewall
Last.fm 1.3.0.62
LCDAmp 1.03
LcdStudio 2.0 build 655
LEAD MPEG-4 Video Decoder
Logitech Desktop Messenger
Logitech G-series Keyboard Software
Logitech SetPoint
Microsoft .NET Framework 2.0
Microsoft Office XP Professional s aplikací FrontPage
mIRC
Neighbours From Hell
Nero - Burning Rom
Nexus Radio
NOD32 antivirus system
Nullsoft Tray Control Icon Pack 2.2
NVIDIA Display Driver
NVIDIA nForce Drivers
O&O Defrag Server Edition
OneStep Search 1.0 build 120
Opera 9.21
Panda ActiveScan
PowerStrip 3 (remove only)
Proxy+
Psi (remove only)
QIP 2005 Uninstall
QuickTime
SAGEM F@st 800-840
SoulSeek Client 156c
Spyware Terminator
Steam
StyleXP (remove only)
The KMPlayer (remove only)
TYPSoft Alarme
Ventrilo
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
WinRAR
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Dodrž pořadí kroků:
**************************************************************************************************************
1) Máš tam dva antiviry (Kaspersky a NOD32) nechej si tam jen jeden z nic a ten druhý odinstaluj.
2) Odinstaluj přes Přidat nebo odebrat programy (Start -> Ovládací panely -> Přidat nebo odebrat programy) toto:
OneStep Search 1.0 build 120
HijackThis 1.99.1
3) Stáhni si aktuálni verzi HijackThis zde a tu starou vymaž.
4) Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
+ nový log z HJT
**************************************************************************************************************
1) Máš tam dva antiviry (Kaspersky a NOD32) nechej si tam jen jeden z nic a ten druhý odinstaluj.
2) Odinstaluj přes Přidat nebo odebrat programy (Start -> Ovládací panely -> Přidat nebo odebrat programy) toto:
OneStep Search 1.0 build 120
HijackThis 1.99.1
3) Stáhni si aktuálni verzi HijackThis zde a tu starou vymaž.
4) Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Kód: Vybrat vše
File::
C:\WINDOWS\system32\smss1.exe
C:\WINDOWS\system32\yoqoqnp.exe
C:\WINDOWS\System32\efcbaxx.dll
Folder::
C:\Program Files\Save
C:\Program Files\OneStepSearch
C:\VundoFix Backups
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{984544AB-5FA6-46AF-BE1D-E21804DAD281}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SvcManager"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhenUSave"=-
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Config System"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{984544AB-5FA6-46AF-BE1D-E21804DAD281}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcbaxx]
Zvol možnost Uložit soubor jako, pojmenuj soubor CFScript.txt a zvol Uložit jako typ: Všechny soubory.
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
+ nový log z HJT
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 104 hostů