x-kom hosting

wirus nie do usunięcia...

kubassksiezpol
utworzono
utworzono

Witam! Mam kłopotliwy problem <_< ... Mam kasperskiego internet security 7.0. Codziennie skanuje komputer i codziennie są nowe wirusy. Bardzo często występują tam wirusy w procesach afiscx.exe, mabidwe.exe, tyxdowkl.exe itp. kaspersky wykrywa je jako Trojan-Downloader.Win32.Delf.tqx. Często ściąga też wirusy z niewiadomo jakich stron np. http://174.133.73.178. zasysa trojany packed.win32.koblu.b, oraz Trojan-PSW.Win32.Agent.mwh. Nie mam pojęcia co robić...

Proszę o szybką odpowiedź

// Przenoszę do odpowiedniego działu. :)

// djdresik

Gość
komentarz
komentarz

Kaspersky słaby. Zrób formata bo należy go zrobić i zainstaluj NOD32

kubassksiezpol
komentarz
komentarz (edytowane)

nod32 tez nie zadzialal..., bo go instalowalem

Gość
komentarz
komentarz

Daj log z ComboFixa.

.

  • 3 tygodnie później...
kubassksiezpol
komentarz
komentarz (edytowane)

Log z ComboFixa

ComboFix 09-05-28.07 - Administrator 2009-05-29 16:18.1 - NTFSx86Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exeAV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Utworzono nowy punkt przywracaniaUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\FunWebProductsc:\windows\Install.txtc:\windows\system32\atsxyzd.sysc:\windows\system32\comsa32.sysc:\windows\system32\dxonool32.sysc:\windows\system32\FInstall.sysc:\windows\system32\Install.txtc:\windows\system32\msncache.dllc:\windows\system32\sopidkc.exec:\windows\system32\tdxdowkc.exec:\windows\system32\tmp0_144199755038.bkc:\windows\system32\tmp0_145251178283.bkc:\windows\system32\tmp0_246005649504.bkc:\windows\system32\tmp0_262763188577.bkc:\windows\system32\tmp0_279203443537.bkc:\windows\system32\tmp0_28365982431.bkc:\windows\system32\tmp0_296326544204.bkc:\windows\system32\tmp0_310752173133.bkc:\windows\system32\tmp0_318946399828.bkc:\windows\system32\tmp0_329322614066.bkc:\windows\system32\tmp0_33833513557.bkc:\windows\system32\tmp0_355749288033.bkc:\windows\system32\tmp0_394767281958.bkc:\windows\system32\tmp0_475010553335.bkc:\windows\system32\tmp0_47904780420.bkc:\windows\system32\tmp0_588541393749.bkc:\windows\system32\tmp0_689767578663.bkc:\windows\system32\tmp0_736389188130.bkc:\windows\system32\tmp0_785601349102.bkc:\windows\system32\tmp0_815584447428.bkc:\windows\system32\tmp0_862582734350.bkc:\windows\system32\tmp1_11931448050.bkc:\windows\system32\tmp1_12793680515.bkc:\windows\system32\tmp1_63754464929.bkc:\windows\system32\tmp2_18018293780.bkc:\windows\system32\tmp2_433429788361.bkc:\windows\system32\tmp2_605910718359.bkc:\windows\system32\tmp3_178272594016.bkc:\windows\system32\tmp3_240266295299.bkc:\windows\system32\tmp3_497847655847.bkc:\windows\system32\tmp4_143373228924.bkc:\windows\system32\tmp4_545360198993.bkc:\windows\system32\tmp4_799644418281.bkc:\windows\system32\tpszxyd.sysc:\windows\system32\udxfytw.sysc:\windows\system32\wtukd32.exe.(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_AFINDING-------\Legacy_AFISICX-------\Legacy_MABIDWE-------\Legacy_MACIDWE-------\Legacy_MSNCACHE-------\Legacy_NOBICYT-------\Legacy_NOXTCYR-------\Legacy_NOYTCYR-------\Legacy_PERFMONS-------\Legacy_POWERMANAGER-------\Legacy_ROUTING-------\Legacy_ROXTCTM-------\Legacy_ROYTCTM-------\Legacy_SOBICYT-------\Legacy_SOPIDKC-------\Legacy_SOTPECA-------\Legacy_SOXPECA-------\Legacy_TDCTXTE-------\Legacy_TDXDOWKC-------\Legacy_TDYDOWKC-------\Legacy_WSERVING-------\Legacy_WSLDOEKD-------\Service_afinding-------\Service_macidwe-------\Service_msncache-------\Service_nobicyt-------\Service_noxtcyr-------\Service_routing-------\Service_sotpeca-------\Service_tdxdowkc-------\Service_tdydowkc-------\Service_wsldoekd(((((((((((((((((((((((((   Pliki utworzone od 2009-04-28 do 2009-05-29  ))))))))))))))))))))))))))))))).2009-05-20 19:23 . 2009-05-20 19:23	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.12009-05-20 19:23 . 2009-05-20 18:55	38200	----a-w	c:\documents and settings\Administrator\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe2009-05-20 18:55 . 2009-05-20 18:55	--------	d-----w	c:\program files\Common Files\Adobe AIR2009-05-20 18:53 . 2009-05-20 18:53	--------	d-----w	c:\documents and settings\Administrator\Moje dokumenty2009-05-16 15:03 . 2009-05-16 15:05	--------	d-----w	c:\program files\Tremulous2009-05-16 09:45 . 2009-05-16 09:45	--------	d-----w	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Help2009-05-15 17:58 . 2009-05-15 17:58	--------	d-----w	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera2009-05-15 17:57 . 2009-05-16 06:56	--------	d-----w	c:\program files\Opera2009-05-13 16:23 . 2009-05-13 16:23	--------	d-----w	c:\program files\Youdagames2009-05-10 14:40 . 2009-05-10 14:40	15086	----a-r	c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe2009-05-10 14:40 . 2009-05-10 14:40	15086	----a-r	c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe2009-05-09 09:14 . 2009-05-09 09:14	--------	d-----w	c:\documents and settings\saas\Dane aplikacji\Gadu-Gadu2009-05-09 09:11 . 2009-05-09 09:11	--------	d-----w	c:\documents and settings\saas\Gadu-Gadu2009-05-09 06:41 . 2009-05-09 06:41	644384	----a-w	c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-05-09 06:35 . 2009-05-09 06:35	112144	----a-w	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\X86\kl1.sys2009-05-09 06:35 . 2009-05-09 06:35	682512	----a-w	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\updater.dll2009-05-09 06:35 . 2009-05-09 06:35	194320	----a-w	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\klif.sys2009-05-09 06:35 . 2009-05-09 06:35	150032	----a-w	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\diffs.dll2009-05-09 06:35 . 2009-05-09 06:35	342544	----a-w	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\ckahum.dll2009-05-09 06:23 . 2009-05-09 06:23	--------	d-----w	c:\documents and settings\saas\Dane aplikacji\BESTplayer2009-05-09 06:19 . 2009-05-09 06:19	--------	d-----w	c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Identities2009-05-09 06:16 . 2009-05-20 16:18	94643	----a-w	c:\windows\system32\drivers\klick.dat2009-05-09 06:16 . 2009-05-20 16:18	105395	----a-w	c:\windows\system32\drivers\klin.dat2009-05-09 06:15 . 2009-05-29 14:09	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab2009-05-09 06:15 . 2009-05-29 14:25	11624736	--sha-w	c:\windows\system32\drivers\fidbox.dat2009-05-09 06:15 . 2009-05-29 14:25	174624	--sha-w	c:\windows\system32\drivers\fidbox2.dat2009-05-09 06:09 . 2009-05-09 06:09	--------	d-----w	c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Mozilla2009-05-09 06:06 . 2009-05-09 06:06	--------	d-----w	c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Google2009-05-09 06:04 . 2009-05-09 06:04	--------	d-----w	c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Scansoft2009-05-03 19:22 . 2009-05-05 13:19	--------	d-----w	c:\windows\A3W_DATA2009-05-03 19:21 . 1994-09-20 22:00	12800	----a-w	c:\windows\system32\WING32.DLL2009-05-03 19:21 . 1994-09-20 22:00	92208	----a-w	c:\windows\system\WING.DLL2009-05-03 19:21 . 1994-09-20 22:00	6736	----a-w	c:\windows\system\WINGDIB.DRV2009-05-03 19:21 . 1994-08-23 22:00	188960	----a-w	c:\windows\system\WINGDE.DLL2009-05-03 18:47 . 2009-05-03 18:47	--------	d-----w	C:\MPS2009-05-01 16:20 . 2007-12-26 15:30	679936	----a-w	c:\windows\system32\D3DX81ab.dll2009-05-01 16:20 . 2007-12-26 15:30	1970176	----a-w	c:\windows\system32\d3dx9.dll.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-29 14:27 . 2008-06-18 15:35	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Skype2009-05-29 14:23 . 2009-05-09 06:15	21500	--sha-w	c:\windows\system32\drivers\fidbox2.idx2009-05-29 14:23 . 2009-05-09 06:15	161792	--sha-w	c:\windows\system32\drivers\fidbox.idx2009-05-28 19:15 . 2008-06-18 15:35	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\skypePM2009-05-28 17:44 . 2009-01-04 11:06	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\AIMP2009-05-27 17:25 . 2009-04-19 08:35	--------	d-----w	c:\program files\Google2009-05-20 18:55 . 2008-06-18 12:52	--------	d-----w	c:\program files\Common Files\Adobe2009-05-13 17:02 . 2009-02-15 12:14	--------	d-----w	c:\program files\NAPI-PROJEKT2009-05-12 16:11 . 2008-10-27 18:53	--------	d-----w	c:\program files\Kaspersky Lab2009-05-10 14:52 . 2008-06-30 14:40	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\BitTorrent2009-05-09 06:35 . 2007-04-28 14:51	112144	----a-w	c:\windows\system32\drivers\kl1.sys2009-05-09 05:38 . 2008-08-04 08:02	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2009-05-05 14:11 . 2008-06-18 12:40	--------	d--h--w	c:\program files\InstallShield Installation Information2009-04-25 12:34 . 2009-04-25 12:19	--------	d-----w	c:\program files\Valve2009-04-23 11:36 . 2001-10-26 16:15	49712	----a-w	c:\windows\system32\perfc015.dat2009-04-23 11:36 . 2001-10-26 16:15	355830	----a-w	c:\windows\system32\perfh015.dat2009-04-23 11:35 . 2009-04-23 11:06	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\PC Suite2009-04-23 11:35 . 2009-04-23 11:06	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\PC Suite2009-04-23 11:34 . 2009-04-23 11:34	0	---ha-w	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf2009-04-23 11:34 . 2009-04-23 11:34	0	---ha-w	c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf2009-04-23 11:06 . 2009-04-23 11:06	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Nokia2009-04-23 11:05 . 2009-04-23 11:05	--------	d-----w	c:\program files\Common Files\PCSuite2009-04-23 11:05 . 2009-04-23 11:05	--------	d-----w	c:\program files\Common Files\Nokia2009-04-23 11:05 . 2009-04-23 11:04	--------	d-----w	c:\program files\Nokia2009-04-23 11:05 . 2009-04-23 11:05	--------	d-----w	c:\program files\DIFX2009-04-23 11:05 . 2009-04-23 11:05	--------	d-----w	c:\program files\PC Connectivity Solution2009-04-23 11:04 . 2009-04-23 11:04	8192	----a-w	c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe2009-04-23 11:04 . 2009-04-23 11:04	61440	----a-w	c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe2009-04-23 11:04 . 2009-04-23 11:04	10240	----a-w	c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe2009-04-23 11:03 . 2009-04-23 11:03	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Installations2009-04-23 11:03 . 2009-04-23 11:04	34040128	----a-w	c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_pol_web.exe2009-04-23 10:55 . 2009-04-23 10:55	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Downloaded Installations2009-04-21 14:09 . 2008-06-18 15:54	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Canon2009-04-21 14:04 . 2008-06-18 15:43	--------	d-----w	c:\program files\Canon2009-04-21 13:57 . 2009-04-21 13:57	--------	d-----w	c:\program files\Common Files\ScanSoft Shared2009-04-21 13:53 . 2009-04-21 13:53	--------	d--h--w	c:\documents and settings\All Users\Dane aplikacji\CanonBJ2009-04-21 13:49 . 2009-04-21 13:49	--------	d--h--w	c:\program files\CanonBJ2009-04-21 13:35 . 2009-04-21 13:35	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantage2009-04-08 16:10 . 2009-04-08 16:10	--------	d-----w	c:\program files\Audio Phonics, Inc2009-04-05 12:28 . 2008-07-23 19:11	--------	d-----w	c:\program files\vanBasco's Karaoke Player2009-04-05 05:44 . 2009-04-05 05:44	--------	d-----w	c:\windows\system32\config\systemprofile\Dane aplikacji\Skype2009-03-16 14:53 . 2008-06-18 12:34	644448	----a-w	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT.------- Sigcheck -------[-] 2008-04-14 17:20	1571840	A9ED600F08A92143253C10EDB5651ECF	c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\sfcfiles.dll[-] 2008-01-24 09:43	1548288	44A87287F63395AE9E7950D266A73160	c:\windows\system32\sfcfiles.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]"Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TBPanel"="c:\program files\VDOTool\TBPanel.exe" [2008-01-29 2157096]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]"OpwareSE4"="f:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-27 16844800]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-01-08 1626112][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X]"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-01-24 124928][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Adobe Gamma.lnk]path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Adobe Gamma.lnkbackup=c:\windows\pss\Adobe Gamma.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Styler.lnk]path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Styler.lnkbackup=c:\windows\pss\Styler.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Thoosje Vista Sidebar.lnk]path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Thoosje Vista Sidebar.lnkbackup=c:\windows\pss\Thoosje Vista Sidebar.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnkbackup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="d:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\WINDOWS\\system32\\sessmgr.exe"="e:\\Program Files\\jazzjack\\jazz2tsf[CVR.pl]\\Jazz2.exe"="e:\\Program Files\\jazzjack\\jazz2tsf[CVR.pl]\\Jazz2+.exe"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"="c:\\totalcmd\\TOTALCMD.EXE"="c:\\cs1\\Counter-Strike 1.6 + Half-Life\\hl.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="e:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"="f:\\Program Files\\BitTorrent\\bittorrent.exe"="f:\\Program Files\\Cream Software\\Pajaczek 5 NxG\\Pajaczek.exe"="c:\\Program Files\\Tremulous\\tremulous.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [2008-07-10 6852]R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-06-18 36864]R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-04-04 24344]S2 gupdate1c9c0c9e3af75ba;Google Update Service (gupdate1c9c0c9e3af75ba);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 133104]S2 solewxte;solewxte;c:\windows\system32\solewxte.exe --> c:\windows\system32\solewxte.exe [?]S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-07-08 16512].Zawartość folderu 'Zaplanowane zadania'2009-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]2009-05-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 08:35].- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-DAEMON Tools - f:\program files\DAEMON Tools\daemon.exeNotify-WgaLogon - (no file)SafeBoot-procexp90.Sys.------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/uInternet Connection Wizard,ShellNext = iexploreIE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cabFF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\uru0eq4j.default\FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=FF - prefs.js: browser.startup.homepage - www.google.plFF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=FF - component: c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\uru0eq4j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dllFF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dllFF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dllFF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dllFF - plugin: f:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll..------- Skojarzenia plików -------.txtfile="%1".**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-29 16:25Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run  BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?????????????? skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-329068152-706699826-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1080)c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dllc:\windows\system32\klogon.dll- - - - - - - > 'lsass.exe'(1136)c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dllc:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll- - - - - - - > 'explorer.exe'(716)f:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dllc:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dllc:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dllc:\progra~1\WINDOW~2\wmpband.dllc:\windows\system32\msi.dllc:\windows\system32\wpdshserviceobj.dllc:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dllc:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLLc:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_pol.nlrc:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngrc:\windows\system32\portabledevicetypes.dllc:\windows\system32\portabledeviceapi.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exec:\program files\Canon\IJPLM\ijplmsvc.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\windows\system32\nvsvc32.exec:\windows\system32\rundll32.exec:\program files\Skype\Plugin Manager\skypePM.exe.**************************************************************************.Czas ukończenia: 2009-05-29 16:30 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt  2009-05-29 14:30Przed: 43 839 545 344 bajtów wolnychPo: 46 747 664 384 bajtów wolnych343

poza tym, nie związane z tym ComboFix zrobił mi ikonkę Internet Explorera na pulpicie i nie mogę jej usunąć :P

Gość
komentarz
komentarz

Użyj programu Malwarebytes' Anti-Malware i daj z niego raport.

.

kubassksiezpol
komentarz
komentarz

log z tego programu:

Malwarebytes' Anti-Malware 1.37Wersja bazy definicji: 2192Windows 5.1.2600 Dodatek Service Pack 22009-05-29 18:07:46mbam-log-2009-05-29 (18-07-46).txtTyp skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|)Przeskanowane obiekty: 198194Upłynęło: 1 hour(s), 10 minute(s), 32 second(s)Zainfekowane procesy w pamięci: 0Zainfekowane moduły pamięci: 0Zainfekowane klucze rejestru: 30Zainfekowane wartości rejestru: 1Zainfekowane pliki rejestru: 2Zainfekowane foldery: 0Zainfekowane pliki: 45Zainfekowane procesy w pamięci:(Nie wykryto groźnych plików)Zainfekowane moduły pamięci:(Nie wykryto groźnych plików)Zainfekowane klucze rejestru:HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{37b85a20-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Applications\nxtepad.exe (Hijack.Notepad) -> Quarantined and deleted successfully.Zainfekowane wartości rejestru:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.Zainfekowane pliki rejestru:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Zainfekowane foldery:(Nie wykryto groźnych plików)Zainfekowane pliki:c:\Qoobox\quarantine\C\WINDOWS\system32\msncache.dll.vir (Backdoor.Bot) -> Quarantined and deleted successfully.c:\Qoobox\quarantine\C\WINDOWS\system32\tpszxyd.sys.vir (Backdoor.Bot) -> Quarantined and deleted successfully.c:\Qoobox\quarantine\C\WINDOWS\system32\wtukd32.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP148\A0073283.old (Trojan.Downloader) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP149\A0079406.exe (Trojan.Agent) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP149\A0079409.exe (Trojan.Refpron) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP163\A0085672.old (Trojan.Downloader) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP177\A0095899.old (Trojan.VB) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP192\A0103043.dll (Trojan.Backdoor) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP192\A0103053.sys (Trojan.Dropper) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP192\A0103059.old (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP192\A0103060.dll (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\rp192\A0103085.exe (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\rp192\A0103103.old (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP192\A0103116.old (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP193\A0103140.exe (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP193\A0103146.old (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP193\A0103198.sys (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP193\A0103199.old (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP193\A0103203.exe (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP193\A0103219.exe (Trojan.Delf) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP193\A0103281.old (Backdoor.Refpron) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP193\A0103282.dll (Trojan.Backdoor) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP193\A0103283.exe (Backdoor.Refpron) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP194\A0103287.sys (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP194\A0103321.old (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP194\A0103322.sys (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP194\A0103320.exe (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP194\A0103411.old (Trojan.Refpron) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP194\A0103413.old (Trojan.Agent) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP194\A0103414.dll (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP194\A0103416.exe (Trojan.Refpron) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP194\A0103417.sys (Trojan.Refpron) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP195\A0103461.exe (Trojan.Downloader) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP195\A0103463.old (Trojan.Downloader) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP195\A0103524.sys (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP195\A0103525.exe (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP195\A0103462.sys (Trojan.Downloader) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP196\A0103555.dll (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP196\A0103558.sys (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP196\A0103560.exe (Backdoor.Bot) -> Quarantined and deleted successfully.c:\WINDOWS\system32\t1p0_55121164326.b1k (Trojan.VB) -> Quarantined and deleted successfully.c:\WINDOWS\system32\tmpxr_705254172996.bk (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\dlctsd32.sys (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\dctool32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
Gość
komentarz
komentarz

Daj teraz najświeży log z ComboFixa.

.

kubassksiezpol
komentarz
komentarz

log z ComboFIxa

ComboFix 09-05-28.07 - Administrator 2009-05-30  7:28.2 - NTFSx86Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exeAV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.(((((((((((((((((((((((((   Pliki utworzone od 2009-04-28 do 2009-05-30  ))))))))))))))))))))))))))))))).2009-05-29 16:54 . 2009-05-29 16:55	--------	d-s---w	C:\mój komp2009-05-29 14:55 . 2009-05-29 14:55	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Malwarebytes2009-05-29 14:55 . 2009-05-26 11:20	40160	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys2009-05-29 14:55 . 2009-05-29 14:55	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Malwarebytes2009-05-29 14:55 . 2009-05-29 14:55	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware2009-05-29 14:55 . 2009-05-26 11:19	19096	----a-w	c:\windows\system32\drivers\mbam.sys2009-05-20 19:23 . 2009-05-20 19:23	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.12009-05-20 19:23 . 2009-05-20 18:55	38200	----a-w	c:\documents and settings\Administrator\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe2009-05-20 18:55 . 2009-05-20 18:55	--------	d-----w	c:\program files\Common Files\Adobe AIR2009-05-20 18:53 . 2009-05-20 18:53	--------	d-----w	c:\documents and settings\Administrator\Moje dokumenty2009-05-16 15:03 . 2009-05-16 15:05	--------	d-----w	c:\program files\Tremulous2009-05-16 09:45 . 2009-05-16 09:45	--------	d-----w	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Help2009-05-15 17:58 . 2009-05-15 17:58	--------	d-----w	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera2009-05-15 17:57 . 2009-05-16 06:56	--------	d-----w	c:\program files\Opera2009-05-13 16:23 . 2009-05-13 16:23	--------	d-----w	c:\program files\Youdagames2009-05-10 14:40 . 2009-05-10 14:40	15086	----a-r	c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe2009-05-10 14:40 . 2009-05-10 14:40	15086	----a-r	c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe2009-05-09 09:14 . 2009-05-09 09:14	--------	d-----w	c:\documents and settings\saas\Dane aplikacji\Gadu-Gadu2009-05-09 09:11 . 2009-05-09 09:11	--------	d-----w	c:\documents and settings\saas\Gadu-Gadu2009-05-09 06:41 . 2009-05-09 06:41	644384	----a-w	c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-05-09 06:35 . 2009-05-09 06:35	112144	----a-w	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\X86\kl1.sys2009-05-09 06:35 . 2009-05-09 06:35	682512	----a-w	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\updater.dll2009-05-09 06:35 . 2009-05-09 06:35	194320	----a-w	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\klif.sys2009-05-09 06:35 . 2009-05-09 06:35	150032	----a-w	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\diffs.dll2009-05-09 06:35 . 2009-05-09 06:35	342544	----a-w	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\ckahum.dll2009-05-09 06:23 . 2009-05-09 06:23	--------	d-----w	c:\documents and settings\saas\Dane aplikacji\BESTplayer2009-05-09 06:19 . 2009-05-09 06:19	--------	d-----w	c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Identities2009-05-09 06:16 . 2009-05-20 16:18	94643	----a-w	c:\windows\system32\drivers\klick.dat2009-05-09 06:16 . 2009-05-20 16:18	105395	----a-w	c:\windows\system32\drivers\klin.dat2009-05-09 06:15 . 2009-05-30 05:08	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab2009-05-09 06:15 . 2009-05-30 05:31	11852320	--sha-w	c:\windows\system32\drivers\fidbox.dat2009-05-09 06:15 . 2009-05-30 05:30	182560	--sha-w	c:\windows\system32\drivers\fidbox2.dat2009-05-09 06:09 . 2009-05-09 06:09	--------	d-----w	c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Mozilla2009-05-09 06:06 . 2009-05-09 06:06	--------	d-----w	c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Google2009-05-09 06:03 . 2008-06-18 14:15	--------	d-----r	c:\documents and settings\saas\Menu Start2009-05-09 06:03 . 2008-06-18 12:20	--------	d--h--w	c:\documents and settings\saas\Szablony2009-05-09 06:03 . 2009-05-09 09:11	--------	d-----w	c:\documents and settings\saas2009-05-03 19:22 . 2009-05-05 13:19	--------	d-----w	c:\windows\A3W_DATA2009-05-03 19:21 . 1994-09-20 22:00	12800	----a-w	c:\windows\system32\WING32.DLL2009-05-03 19:21 . 1994-09-20 22:00	92208	----a-w	c:\windows\system\WING.DLL2009-05-03 19:21 . 1994-09-20 22:00	6736	----a-w	c:\windows\system\WINGDIB.DRV2009-05-03 19:21 . 1994-08-23 22:00	188960	----a-w	c:\windows\system\WINGDE.DLL2009-05-03 18:47 . 2009-05-03 18:47	--------	d-----w	C:\MPS2009-05-01 16:20 . 2007-12-26 15:30	679936	----a-w	c:\windows\system32\D3DX81ab.dll2009-05-01 16:20 . 2007-12-26 15:30	1970176	----a-w	c:\windows\system32\d3dx9.dll.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-30 05:27 . 2008-06-18 15:35	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Skype2009-05-30 05:12 . 2009-01-04 11:06	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\AIMP2009-05-30 05:08 . 2008-06-18 15:35	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\skypePM2009-05-29 19:46 . 2009-05-09 06:15	22004	--sha-w	c:\windows\system32\drivers\fidbox2.idx2009-05-29 19:46 . 2009-05-09 06:15	164144	--sha-w	c:\windows\system32\drivers\fidbox.idx2009-05-27 17:25 . 2009-04-19 08:35	--------	d-----w	c:\program files\Google2009-05-20 18:55 . 2008-06-18 12:52	--------	d-----w	c:\program files\Common Files\Adobe2009-05-13 17:02 . 2009-02-15 12:14	--------	d-----w	c:\program files\NAPI-PROJEKT2009-05-12 16:11 . 2008-10-27 18:53	--------	d-----w	c:\program files\Kaspersky Lab2009-05-10 14:52 . 2008-06-30 14:40	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\BitTorrent2009-05-09 06:35 . 2007-04-28 14:51	112144	----a-w	c:\windows\system32\drivers\kl1.sys2009-05-09 05:38 . 2008-08-04 08:02	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2009-05-05 14:11 . 2008-06-18 12:40	--------	d--h--w	c:\program files\InstallShield Installation Information2009-04-25 12:34 . 2009-04-25 12:19	--------	d-----w	c:\program files\Valve2009-04-23 11:36 . 2001-10-26 16:15	49712	----a-w	c:\windows\system32\perfc015.dat2009-04-23 11:36 . 2001-10-26 16:15	355830	----a-w	c:\windows\system32\perfh015.dat2009-04-23 11:35 . 2009-04-23 11:06	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\PC Suite2009-04-23 11:35 . 2009-04-23 11:06	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\PC Suite2009-04-23 11:34 . 2009-04-23 11:34	0	---ha-w	c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf2009-04-23 11:34 . 2009-04-23 11:34	0	---ha-w	c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf2009-04-23 11:06 . 2009-04-23 11:06	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Nokia2009-04-23 11:05 . 2009-04-23 11:05	--------	d-----w	c:\program files\Common Files\PCSuite2009-04-23 11:05 . 2009-04-23 11:05	--------	d-----w	c:\program files\Common Files\Nokia2009-04-23 11:05 . 2009-04-23 11:04	--------	d-----w	c:\program files\Nokia2009-04-23 11:05 . 2009-04-23 11:05	--------	d-----w	c:\program files\DIFX2009-04-23 11:05 . 2009-04-23 11:05	--------	d-----w	c:\program files\PC Connectivity Solution2009-04-23 11:04 . 2009-04-23 11:04	8192	----a-w	c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe2009-04-23 11:04 . 2009-04-23 11:04	61440	----a-w	c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe2009-04-23 11:04 . 2009-04-23 11:04	10240	----a-w	c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe2009-04-23 11:03 . 2009-04-23 11:03	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Installations2009-04-23 11:03 . 2009-04-23 11:04	34040128	----a-w	c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_pol_web.exe2009-04-23 10:55 . 2009-04-23 10:55	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Downloaded Installations2009-04-21 14:09 . 2008-06-18 15:54	--------	d-----w	c:\documents and settings\Administrator\Dane aplikacji\Canon2009-04-21 14:04 . 2008-06-18 15:43	--------	d-----w	c:\program files\Canon2009-04-21 13:57 . 2009-04-21 13:57	--------	d-----w	c:\program files\Common Files\ScanSoft Shared2009-04-21 13:53 . 2009-04-21 13:53	--------	d--h--w	c:\documents and settings\All Users\Dane aplikacji\CanonBJ2009-04-21 13:49 . 2009-04-21 13:49	--------	d--h--w	c:\program files\CanonBJ2009-04-21 13:35 . 2009-04-21 13:35	--------	d-----w	c:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantage2009-04-08 16:10 . 2009-04-08 16:10	--------	d-----w	c:\program files\Audio Phonics, Inc2009-04-05 12:28 . 2008-07-23 19:11	--------	d-----w	c:\program files\vanBasco's Karaoke Player2009-04-05 05:44 . 2009-04-05 05:44	--------	d-----w	c:\windows\system32\config\systemprofile\Dane aplikacji\Skype2009-03-16 14:53 . 2008-06-18 12:34	644448	----a-w	c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT.------- Sigcheck -------[-] 2008-04-14 17:20	1571840	A9ED600F08A92143253C10EDB5651ECF	c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\sfcfiles.dll[-] 2008-01-24 09:43	1548288	44A87287F63395AE9E7950D266A73160	c:\windows\system32\sfcfiles.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]"Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TBPanel"="c:\program files\VDOTool\TBPanel.exe" [2008-01-29 2157096]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]"OpwareSE4"="f:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-27 16844800]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-01-08 1626112][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X]"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-01-24 124928][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Adobe Gamma.lnk]path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Adobe Gamma.lnkbackup=c:\windows\pss\Adobe Gamma.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Styler.lnk]path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Styler.lnkbackup=c:\windows\pss\Styler.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Thoosje Vista Sidebar.lnk]path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Thoosje Vista Sidebar.lnkbackup=c:\windows\pss\Thoosje Vista Sidebar.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnkbackup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="d:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\WINDOWS\\system32\\sessmgr.exe"="e:\\Program Files\\jazzjack\\jazz2tsf[CVR.pl]\\Jazz2.exe"="e:\\Program Files\\jazzjack\\jazz2tsf[CVR.pl]\\Jazz2+.exe"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"="c:\\totalcmd\\TOTALCMD.EXE"="c:\\cs1\\Counter-Strike 1.6 + Half-Life\\hl.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="e:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"="f:\\Program Files\\BitTorrent\\bittorrent.exe"="f:\\Program Files\\Cream Software\\Pajaczek 5 NxG\\Pajaczek.exe"="c:\\Program Files\\Tremulous\\tremulous.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [2008-07-10 6852]R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-06-18 36864]R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-04-04 24344]S2 gupdate1c9c0c9e3af75ba;Google Update Service (gupdate1c9c0c9e3af75ba);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 133104]S2 solewxte;solewxte;c:\windows\system32\solewxte.exe --> c:\windows\system32\solewxte.exe [?]S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-07-08 16512].Zawartość folderu 'Zaplanowane zadania'2009-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]2009-05-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 08:35]..------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/uInternet Connection Wizard,ShellNext = iexploreIE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cabFF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\uru0eq4j.default\FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=FF - prefs.js: browser.startup.homepage - www.google.plFF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=FF - component: c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\uru0eq4j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dllFF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dllFF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dllFF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dllFF - plugin: f:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll..------- Skojarzenia plików -------.txtfile="%1".**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-30 07:31Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ...  skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run  BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?????????????? skanowanie ukrytych plików ...  skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-329068152-706699826-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1084)c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dllc:\windows\system32\klogon.dll- - - - - - - > 'lsass.exe'(1140)c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dllc:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll- - - - - - - > 'explorer.exe'(2776)f:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dllc:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dllc:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dllc:\progra~1\WINDOW~2\wmpband.dllc:\windows\system32\msi.dllc:\windows\system32\wpdshserviceobj.dllc:\windows\system32\portabledevicetypes.dllc:\windows\system32\portabledeviceapi.dll.Czas ukończenia: 2009-05-30  7:32ComboFix-quarantined-files.txt  2009-05-30 05:32ComboFix2.txt  2009-05-29 14:30Przed: 46 717 755 392 bajtów wolnychPo: 46 690 127 872 bajtów wolnych247
Gość
komentarz
komentarz

Wklej do Notatnika:

File::c:\windows\system32\solewxte.exeFolder::c:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantagec:\program files\Audio Phonics, Incc:\program files\vanBasco's Karaoke PlayerDriver::solewxtegupdate1c9c0c9e3af75baAtcL001Registry::[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"=-"Skype"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TBPanel"=-"NvCplDaemon"=-"NvMediaCenter"=-"SunJavaUpdateSched"=-"BigDog303"=-"SSBkgdUpdate"=-"OpwareSE4"=-"Adobe Reader Speed Launcher"=-"SkyTel"=-"RTHDCPL"=-"nwiz"=-

>>Plik>>Zapisz jako... >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

-->cfscriptb5b4me3.gif

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

.

kubassksiezpol
komentarz
komentarz (edytowane)

Pisze z drugiego komputera. Zrobiłem to co mi powiedziałeś. Niestety, ale nie mogę dojść do internetu ze swojego komputera :( W panelu sterowania w połączeniach sieciowych mam pusto (zawsze miałem 1 połączenie lokalne). Proszę o pomoc, jak to przywrócić. Mam liveboxa tp. Wystarczy tylko zainstalowanie sterownika z płyty liveboxa?

Proszę o szybką odpowiedź :)

:)

Mateusz J.
komentarz
komentarz (edytowane)
Wystarczy tylko zainstalowanie sterownika z płyty liveboxa?
Zainstaluj sterowniki

Poczytaj: http://www.hopin.pl/content/view/243/95/

kubassksiezpol
komentarz
komentarz (edytowane)

Dzięki. djdresik: Dlaczego w logu do combofixa dałeś żebym usunął van basco' karaoke player? Jest to mój program do karaoke :P

Dzięki wielkie. Temat lock proszę :). djdresik: dlaczego usunąłeś mi coś w rejestrze które było związane z kartą sieciową? Musiałem instalować stery do karty sieciowej :(

Gość
komentarz
komentarz

Jeśli to były stery = to przepraszam bardzo, mój błąd. :(

.

kubassksiezpol
komentarz
komentarz

tak wogóle to log z ComboFixa

ComboFix 09-05-28.07 - Administrator 2009-05-30 7:55.3 - NTFSx86

Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\Administrator\Pulpit\CFScript.txt

AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!

FILE ::

"c:\windows\system32\solewxte.exe"

.

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantage

c:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantage\data\data.dat

c:\program files\Audio Phonics, Inc

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\_DEISREG.ISR

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\_ISREG32.DLL

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\APGTHelp.htm

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\APGuitarTuner.exe

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\APLogo.bmp

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\APLogoOp.bmp

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\apSmall.bmp

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\circle.bmp

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\cpuinf32.dll

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\DeIsL1.isu

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\gBar.bmp

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\gTic.bmp

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\label.bmp

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\NotesBev.bmp

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\NotesClr.bmp

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\NumBev.bmp

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\NumClr.bmp

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\preset.txt

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\state.txt

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\string1.bmp

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\string2.bmp

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\string3.bmp

c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\usr.dll

c:\program files\vanBasco's Karaoke Player

c:\program files\vanBasco's Karaoke Player\(default).vpl

c:\program files\vanBasco's Karaoke Player\(domylnie).vpl

c:\program files\vanBasco's Karaoke Player\chango.mid

c:\program files\vanBasco's Karaoke Player\default.lyt

c:\program files\vanBasco's Karaoke Player\doodap.kar

c:\program files\vanBasco's Karaoke Player\everlast.kar

c:\program files\vanBasco's Karaoke Player\jashisth.mid

c:\program files\vanBasco's Karaoke Player\jpeg.dll

c:\program files\vanBasco's Karaoke Player\karback.bmp

c:\program files\vanBasco's Karaoke Player\midi16.dll

c:\program files\vanBasco's Karaoke Player\midi32.dll

c:\program files\vanBasco's Karaoke Player\midi95.dll

c:\program files\vanBasco's Karaoke Player\nicenjaz.mid

c:\program files\vanBasco's Karaoke Player\salsa.mid

c:\program files\vanBasco's Karaoke Player\Sample Playlist.vpl

c:\program files\vanBasco's Karaoke Player\sogreen.mid

c:\program files\vanBasco's Karaoke Player\uninst.exe

c:\program files\vanBasco's Karaoke Player\vmidi.exe

c:\program files\vanBasco's Karaoke Player\vmidi_de.chm

c:\program files\vanBasco's Karaoke Player\vmidi_de.dll

c:\program files\vanBasco's Karaoke Player\vmidi_en.chm

c:\program files\vanBasco's Karaoke Player\vmidi_en.dll

c:\program files\vanBasco's Karaoke Player\vmidi_es.chm

c:\program files\vanBasco's Karaoke Player\vmidi_es.dll

c:\program files\vanBasco's Karaoke Player\vmidi_it.chm

c:\program files\vanBasco's Karaoke Player\vmidi_it.dll

c:\program files\vanBasco's Karaoke Player\vmidi_pl.chm

c:\program files\vanBasco's Karaoke Player\vmidi_pl.dll

c:\program files\vanBasco's Karaoke Player\yourtrue.kar

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_GUPDATE1C9C0C9E3AF75BA

-------\Legacy_SOLEWXTE

-------\Service_AtcL001

-------\Service_gupdate1c9c0c9e3af75ba

-------\Service_solewxte

((((((((((((((((((((((((( Pliki utworzone od 2009-04-28 do 2009-05-30 )))))))))))))))))))))))))))))))

.

2009-05-29 16:54 . 2009-05-29 16:55 -------- d-s---w C:\mój komp

2009-05-29 14:55 . 2009-05-29 14:55 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Malwarebytes

2009-05-29 14:55 . 2009-05-26 11:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-29 14:55 . 2009-05-29 14:55 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Malwarebytes

2009-05-29 14:55 . 2009-05-29 14:55 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

2009-05-29 14:55 . 2009-05-26 11:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys

2009-05-20 19:23 . 2009-05-20 19:23 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2009-05-20 19:23 . 2009-05-20 18:55 38200 ----a-w c:\documents and settings\Administrator\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

2009-05-20 18:55 . 2009-05-20 18:55 -------- d-----w c:\program files\Common Files\Adobe AIR

2009-05-20 18:53 . 2009-05-20 18:53 -------- d-----w c:\documents and settings\Administrator\Moje dokumenty

2009-05-16 15:03 . 2009-05-16 15:05 -------- d-----w c:\program files\Tremulous

2009-05-16 09:45 . 2009-05-16 09:45 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Help

2009-05-15 17:58 . 2009-05-15 17:58 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera

2009-05-15 17:57 . 2009-05-16 06:56 -------- d-----w c:\program files\Opera

2009-05-13 16:23 . 2009-05-13 16:23 -------- d-----w c:\program files\Youdagames

2009-05-10 14:40 . 2009-05-10 14:40 15086 ----a-r c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe

2009-05-10 14:40 . 2009-05-10 14:40 15086 ----a-r c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe

2009-05-09 09:14 . 2009-05-09 09:14 -------- d-----w c:\documents and settings\saas\Dane aplikacji\Gadu-Gadu

2009-05-09 09:11 . 2009-05-09 09:11 -------- d-----w c:\documents and settings\saas\Gadu-Gadu

2009-05-09 06:41 . 2009-05-09 06:41 644384 ----a-w c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-05-09 06:35 . 2009-05-09 06:35 112144 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\X86\kl1.sys

2009-05-09 06:35 . 2009-05-09 06:35 682512 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\updater.dll

2009-05-09 06:35 . 2009-05-09 06:35 194320 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\klif.sys

2009-05-09 06:35 . 2009-05-09 06:35 150032 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\diffs.dll

2009-05-09 06:35 . 2009-05-09 06:35 342544 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\ckahum.dll

2009-05-09 06:23 . 2009-05-09 06:23 -------- d-----w c:\documents and settings\saas\Dane aplikacji\BESTplayer

2009-05-09 06:19 . 2009-05-09 06:19 -------- d-----w c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Identities

2009-05-09 06:16 . 2009-05-20 16:18 94643 ----a-w c:\windows\system32\drivers\klick.dat

2009-05-09 06:16 . 2009-05-20 16:18 105395 ----a-w c:\windows\system32\drivers\klin.dat

2009-05-09 06:15 . 2009-05-30 05:34 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab

2009-05-09 06:15 . 2009-05-30 06:01 11936544 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-05-09 06:15 . 2009-05-30 05:59 186656 --sha-w c:\windows\system32\drivers\fidbox2.dat

2009-05-09 06:09 . 2009-05-09 06:09 -------- d-----w c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Mozilla

2009-05-09 06:06 . 2009-05-09 06:06 -------- d-----w c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Google

2009-05-09 06:03 . 2008-06-18 14:15 -------- d-----r c:\documents and settings\saas\Menu Start

2009-05-09 06:03 . 2008-06-18 12:20 -------- d--h--w c:\documents and settings\saas\Szablony

2009-05-09 06:03 . 2009-05-09 09:11 -------- d-----w c:\documents and settings\saas

2009-05-03 19:22 . 2009-05-05 13:19 -------- d-----w c:\windows\A3W_DATA

2009-05-03 19:21 . 1994-09-20 22:00 12800 ----a-w c:\windows\system32\WING32.DLL

2009-05-03 19:21 . 1994-09-20 22:00 92208 ----a-w c:\windows\system\WING.DLL

2009-05-03 19:21 . 1994-09-20 22:00 6736 ----a-w c:\windows\system\WINGDIB.DRV

2009-05-03 19:21 . 1994-08-23 22:00 188960 ----a-w c:\windows\system\WINGDE.DLL

2009-05-03 18:47 . 2009-05-03 18:47 -------- d-----w C:\MPS

2009-05-01 16:20 . 2007-12-26 15:30 679936 ----a-w c:\windows\system32\D3DX81ab.dll

2009-05-01 16:20 . 2007-12-26 15:30 1970176 ----a-w c:\windows\system32\d3dx9.dll

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-30 05:58 . 2009-05-09 06:15 22676 --sha-w c:\windows\system32\drivers\fidbox2.idx

2009-05-30 05:58 . 2009-05-09 06:15 165968 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-05-30 05:27 . 2008-06-18 15:35 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Skype

2009-05-30 05:12 . 2009-01-04 11:06 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\AIMP

2009-05-30 05:08 . 2008-06-18 15:35 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\skypePM

2009-05-27 17:25 . 2009-04-19 08:35 -------- d-----w c:\program files\Google

2009-05-20 18:55 . 2008-06-18 12:52 -------- d-----w c:\program files\Common Files\Adobe

2009-05-13 17:02 . 2009-02-15 12:14 -------- d-----w c:\program files\NAPI-PROJEKT

2009-05-12 16:11 . 2008-10-27 18:53 -------- d-----w c:\program files\Kaspersky Lab

2009-05-10 14:52 . 2008-06-30 14:40 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\BitTorrent

2009-05-09 06:35 . 2007-04-28 14:51 112144 ----a-w c:\windows\system32\drivers\kl1.sys

2009-05-09 05:38 . 2008-08-04 08:02 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2009-05-05 14:11 . 2008-06-18 12:40 -------- d--h--w c:\program files\InstallShield Installation Information

2009-04-25 12:34 . 2009-04-25 12:19 -------- d-----w c:\program files\Valve

2009-04-23 11:36 . 2001-10-26 16:15 49712 ----a-w c:\windows\system32\perfc015.dat

2009-04-23 11:36 . 2001-10-26 16:15 355830 ----a-w c:\windows\system32\perfh015.dat

2009-04-23 11:35 . 2009-04-23 11:06 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\PC Suite

2009-04-23 11:35 . 2009-04-23 11:06 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Suite

2009-04-23 11:34 . 2009-04-23 11:34 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf

2009-04-23 11:34 . 2009-04-23 11:34 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf

2009-04-23 11:06 . 2009-04-23 11:06 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Nokia

2009-04-23 11:05 . 2009-04-23 11:05 -------- d-----w c:\program files\Common Files\PCSuite

2009-04-23 11:05 . 2009-04-23 11:05 -------- d-----w c:\program files\Common Files\Nokia

2009-04-23 11:05 . 2009-04-23 11:04 -------- d-----w c:\program files\Nokia

2009-04-23 11:05 . 2009-04-23 11:05 -------- d-----w c:\program files\DIFX

2009-04-23 11:05 . 2009-04-23 11:05 -------- d-----w c:\program files\PC Connectivity Solution

2009-04-23 11:04 . 2009-04-23 11:04 8192 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe

2009-04-23 11:04 . 2009-04-23 11:04 61440 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2009-04-23 11:04 . 2009-04-23 11:04 10240 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe

2009-04-23 11:03 . 2009-04-23 11:03 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Installations

2009-04-23 11:03 . 2009-04-23 11:04 34040128 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_pol_web.exe

2009-04-23 10:55 . 2009-04-23 10:55 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Downloaded Installations

2009-04-21 14:09 . 2008-06-18 15:54 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Canon

2009-04-21 14:04 . 2008-06-18 15:43 -------- d-----w c:\program files\Canon

2009-04-21 13:57 . 2009-04-21 13:57 -------- d-----w c:\program files\Common Files\ScanSoft Shared

2009-04-21 13:53 . 2009-04-21 13:53 -------- d--h--w c:\documents and settings\All Users\Dane aplikacji\CanonBJ

2009-04-21 13:49 . 2009-04-21 13:49 -------- d--h--w c:\program files\CanonBJ

2009-04-05 05:44 . 2009-04-05 05:44 -------- d-----w c:\windows\system32\config\systemprofile\Dane aplikacji\Skype

2009-03-16 14:53 . 2008-06-18 12:34 644448 ----a-w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

.

------- Sigcheck -------

[-] 2008-04-14 17:20 1571840 A9ED600F08A92143253C10EDB5651ECF c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\sfcfiles.dll

[-] 2008-01-24 09:43 1548288 44A87287F63395AE9E7950D266A73160 c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-01-24 124928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Adobe Gamma.lnk]

path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Styler.lnk]

path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Styler.lnk

backup=c:\windows\pss\Styler.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Thoosje Vista Sidebar.lnk]

path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Thoosje Vista Sidebar.lnk

backup=c:\windows\pss\Thoosje Vista Sidebar.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Program Files\\Gadu-Gadu\\gg.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"e:\\Program Files\\jazzjack\\jazz2tsf[CVR.pl]\\Jazz2.exe"=

"e:\\Program Files\\jazzjack\\jazz2tsf[CVR.pl]\\Jazz2+.exe"=

"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"=

"c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"=

"c:\\totalcmd\\TOTALCMD.EXE"=

"c:\\cs1\\Counter-Strike 1.6 + Half-Life\\hl.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"e:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=

"f:\\Program Files\\BitTorrent\\bittorrent.exe"=

"f:\\Program Files\\Cream Software\\Pajaczek 5 NxG\\Pajaczek.exe"=

"c:\\Program Files\\Tremulous\\tremulous.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [2008-07-10 6852]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-04-04 24344]

S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-07-08 16512]

.

Zawartość folderu 'Zaplanowane zadania'

2009-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

2009-05-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 08:35]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.google.pl/

uInternet Connection Wizard,ShellNext = iexplore

IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab

FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\uru0eq4j.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.startup.homepage - www.google.pl

FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=

FF - component: c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\uru0eq4j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll

FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll

FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: f:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-30 08:00

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

skanowanie ukrytych plików ...

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-329068152-706699826-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(736)

c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\windows\system32\klogon.dll

- - - - - - - > 'lsass.exe'(792)

c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll

c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

- - - - - - - > 'explorer.exe'(3416)

c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll

c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\msi.dll

c:\windows\system32\wpdshserviceobj.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_pol.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

c:\program files\Canon\IJPLM\ijplmsvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Czas ukończenia: 2009-05-30 8:04 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-05-30 06:03

ComboFix2.txt 2009-05-30 05:32

ComboFix3.txt 2009-05-29 14:30

Przed: 46 717 022 208 bajtów wolnych

Po: 46 683 340 800 bajtów wolnych

303

Gość
komentarz
komentarz

Czysto.

1. Posprzątaj po ComboFixie i różnych narzędziach >>> OTCleanIt.

2. Z folderu "System Volume Information" usuniesz poprzez chwilowe wyłączenie "Przywracania Systemu":

>Panel Sterowania>System>Przywracanie Systemu>>zaznacz w okienku przy "Wyłącz przywracanie na wszystkich dyskach">Zastosuj>OK.

Potem możesz powrócić do poprzedniego ustawienia (czyli usunąć zaznaczenie z okienka).

3. Wykonaj optymalizację systemu

4.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

.

kubassksiezpol
komentarz
komentarz

A jeżeli mam kasperskiego internet security 7.0, to mogę dać raport z jego skanowania?

Gość
komentarz
komentarz

Możesz. :)

.

kubassksiezpol
komentarz
komentarz (edytowane)

Skanuj Mój komputer : zakończono

--------------------------------

Przeskanowanych: 406335

Wykrytych: 0

Nieprzetworzonych: 0

Uruchomiono: 2009-05-31 21:37:09

Czas działania: 01:35:51

Zakończono: 2009-05-31 23:13:00

djdresik i co??

Gość
komentarz
komentarz

Czyli masz czysto. :)

.

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.