kubassksiezpol utworzono 11 maja 2009 utworzono 11 maja 2009 Witam! Mam kłopotliwy problem <_< ... Mam kasperskiego internet security 7.0. Codziennie skanuje komputer i codziennie są nowe wirusy. Bardzo często występują tam wirusy w procesach afiscx.exe, mabidwe.exe, tyxdowkl.exe itp. kaspersky wykrywa je jako Trojan-Downloader.Win32.Delf.tqx. Często ściąga też wirusy z niewiadomo jakich stron np. http://174.133.73.178. zasysa trojany packed.win32.koblu.b, oraz Trojan-PSW.Win32.Agent.mwh. Nie mam pojęcia co robić... Proszę o szybką odpowiedź // Przenoszę do odpowiedniego działu. // djdresik
Gość komentarz 11 maja 2009 komentarz 11 maja 2009 Kaspersky słaby. Zrób formata bo należy go zrobić i zainstaluj NOD32
kubassksiezpol komentarz 11 maja 2009 Autor komentarz 11 maja 2009 (edytowane) nod32 tez nie zadzialal..., bo go instalowalem
kubassksiezpol komentarz 29 maja 2009 Autor komentarz 29 maja 2009 (edytowane) Log z ComboFixa ComboFix 09-05-28.07 - Administrator 2009-05-29 16:18.1 - NTFSx86Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exeAV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Utworzono nowy punkt przywracaniaUWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))).c:\program files\FunWebProductsc:\windows\Install.txtc:\windows\system32\atsxyzd.sysc:\windows\system32\comsa32.sysc:\windows\system32\dxonool32.sysc:\windows\system32\FInstall.sysc:\windows\system32\Install.txtc:\windows\system32\msncache.dllc:\windows\system32\sopidkc.exec:\windows\system32\tdxdowkc.exec:\windows\system32\tmp0_144199755038.bkc:\windows\system32\tmp0_145251178283.bkc:\windows\system32\tmp0_246005649504.bkc:\windows\system32\tmp0_262763188577.bkc:\windows\system32\tmp0_279203443537.bkc:\windows\system32\tmp0_28365982431.bkc:\windows\system32\tmp0_296326544204.bkc:\windows\system32\tmp0_310752173133.bkc:\windows\system32\tmp0_318946399828.bkc:\windows\system32\tmp0_329322614066.bkc:\windows\system32\tmp0_33833513557.bkc:\windows\system32\tmp0_355749288033.bkc:\windows\system32\tmp0_394767281958.bkc:\windows\system32\tmp0_475010553335.bkc:\windows\system32\tmp0_47904780420.bkc:\windows\system32\tmp0_588541393749.bkc:\windows\system32\tmp0_689767578663.bkc:\windows\system32\tmp0_736389188130.bkc:\windows\system32\tmp0_785601349102.bkc:\windows\system32\tmp0_815584447428.bkc:\windows\system32\tmp0_862582734350.bkc:\windows\system32\tmp1_11931448050.bkc:\windows\system32\tmp1_12793680515.bkc:\windows\system32\tmp1_63754464929.bkc:\windows\system32\tmp2_18018293780.bkc:\windows\system32\tmp2_433429788361.bkc:\windows\system32\tmp2_605910718359.bkc:\windows\system32\tmp3_178272594016.bkc:\windows\system32\tmp3_240266295299.bkc:\windows\system32\tmp3_497847655847.bkc:\windows\system32\tmp4_143373228924.bkc:\windows\system32\tmp4_545360198993.bkc:\windows\system32\tmp4_799644418281.bkc:\windows\system32\tpszxyd.sysc:\windows\system32\udxfytw.sysc:\windows\system32\wtukd32.exe.((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_AFINDING-------\Legacy_AFISICX-------\Legacy_MABIDWE-------\Legacy_MACIDWE-------\Legacy_MSNCACHE-------\Legacy_NOBICYT-------\Legacy_NOXTCYR-------\Legacy_NOYTCYR-------\Legacy_PERFMONS-------\Legacy_POWERMANAGER-------\Legacy_ROUTING-------\Legacy_ROXTCTM-------\Legacy_ROYTCTM-------\Legacy_SOBICYT-------\Legacy_SOPIDKC-------\Legacy_SOTPECA-------\Legacy_SOXPECA-------\Legacy_TDCTXTE-------\Legacy_TDXDOWKC-------\Legacy_TDYDOWKC-------\Legacy_WSERVING-------\Legacy_WSLDOEKD-------\Service_afinding-------\Service_macidwe-------\Service_msncache-------\Service_nobicyt-------\Service_noxtcyr-------\Service_routing-------\Service_sotpeca-------\Service_tdxdowkc-------\Service_tdydowkc-------\Service_wsldoekd((((((((((((((((((((((((( Pliki utworzone od 2009-04-28 do 2009-05-29 ))))))))))))))))))))))))))))))).2009-05-20 19:23 . 2009-05-20 19:23 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.12009-05-20 19:23 . 2009-05-20 18:55 38200 ----a-w c:\documents and settings\Administrator\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe2009-05-20 18:55 . 2009-05-20 18:55 -------- d-----w c:\program files\Common Files\Adobe AIR2009-05-20 18:53 . 2009-05-20 18:53 -------- d-----w c:\documents and settings\Administrator\Moje dokumenty2009-05-16 15:03 . 2009-05-16 15:05 -------- d-----w c:\program files\Tremulous2009-05-16 09:45 . 2009-05-16 09:45 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Help2009-05-15 17:58 . 2009-05-15 17:58 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera2009-05-15 17:57 . 2009-05-16 06:56 -------- d-----w c:\program files\Opera2009-05-13 16:23 . 2009-05-13 16:23 -------- d-----w c:\program files\Youdagames2009-05-10 14:40 . 2009-05-10 14:40 15086 ----a-r c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe2009-05-10 14:40 . 2009-05-10 14:40 15086 ----a-r c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe2009-05-09 09:14 . 2009-05-09 09:14 -------- d-----w c:\documents and settings\saas\Dane aplikacji\Gadu-Gadu2009-05-09 09:11 . 2009-05-09 09:11 -------- d-----w c:\documents and settings\saas\Gadu-Gadu2009-05-09 06:41 . 2009-05-09 06:41 644384 ----a-w c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-05-09 06:35 . 2009-05-09 06:35 112144 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\X86\kl1.sys2009-05-09 06:35 . 2009-05-09 06:35 682512 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\updater.dll2009-05-09 06:35 . 2009-05-09 06:35 194320 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\klif.sys2009-05-09 06:35 . 2009-05-09 06:35 150032 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\diffs.dll2009-05-09 06:35 . 2009-05-09 06:35 342544 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\ckahum.dll2009-05-09 06:23 . 2009-05-09 06:23 -------- d-----w c:\documents and settings\saas\Dane aplikacji\BESTplayer2009-05-09 06:19 . 2009-05-09 06:19 -------- d-----w c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Identities2009-05-09 06:16 . 2009-05-20 16:18 94643 ----a-w c:\windows\system32\drivers\klick.dat2009-05-09 06:16 . 2009-05-20 16:18 105395 ----a-w c:\windows\system32\drivers\klin.dat2009-05-09 06:15 . 2009-05-29 14:09 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab2009-05-09 06:15 . 2009-05-29 14:25 11624736 --sha-w c:\windows\system32\drivers\fidbox.dat2009-05-09 06:15 . 2009-05-29 14:25 174624 --sha-w c:\windows\system32\drivers\fidbox2.dat2009-05-09 06:09 . 2009-05-09 06:09 -------- d-----w c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Mozilla2009-05-09 06:06 . 2009-05-09 06:06 -------- d-----w c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Google2009-05-09 06:04 . 2009-05-09 06:04 -------- d-----w c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Scansoft2009-05-03 19:22 . 2009-05-05 13:19 -------- d-----w c:\windows\A3W_DATA2009-05-03 19:21 . 1994-09-20 22:00 12800 ----a-w c:\windows\system32\WING32.DLL2009-05-03 19:21 . 1994-09-20 22:00 92208 ----a-w c:\windows\system\WING.DLL2009-05-03 19:21 . 1994-09-20 22:00 6736 ----a-w c:\windows\system\WINGDIB.DRV2009-05-03 19:21 . 1994-08-23 22:00 188960 ----a-w c:\windows\system\WINGDE.DLL2009-05-03 18:47 . 2009-05-03 18:47 -------- d-----w C:\MPS2009-05-01 16:20 . 2007-12-26 15:30 679936 ----a-w c:\windows\system32\D3DX81ab.dll2009-05-01 16:20 . 2007-12-26 15:30 1970176 ----a-w c:\windows\system32\d3dx9.dll.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-29 14:27 . 2008-06-18 15:35 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Skype2009-05-29 14:23 . 2009-05-09 06:15 21500 --sha-w c:\windows\system32\drivers\fidbox2.idx2009-05-29 14:23 . 2009-05-09 06:15 161792 --sha-w c:\windows\system32\drivers\fidbox.idx2009-05-28 19:15 . 2008-06-18 15:35 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\skypePM2009-05-28 17:44 . 2009-01-04 11:06 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\AIMP2009-05-27 17:25 . 2009-04-19 08:35 -------- d-----w c:\program files\Google2009-05-20 18:55 . 2008-06-18 12:52 -------- d-----w c:\program files\Common Files\Adobe2009-05-13 17:02 . 2009-02-15 12:14 -------- d-----w c:\program files\NAPI-PROJEKT2009-05-12 16:11 . 2008-10-27 18:53 -------- d-----w c:\program files\Kaspersky Lab2009-05-10 14:52 . 2008-06-30 14:40 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\BitTorrent2009-05-09 06:35 . 2007-04-28 14:51 112144 ----a-w c:\windows\system32\drivers\kl1.sys2009-05-09 05:38 . 2008-08-04 08:02 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2009-05-05 14:11 . 2008-06-18 12:40 -------- d--h--w c:\program files\InstallShield Installation Information2009-04-25 12:34 . 2009-04-25 12:19 -------- d-----w c:\program files\Valve2009-04-23 11:36 . 2001-10-26 16:15 49712 ----a-w c:\windows\system32\perfc015.dat2009-04-23 11:36 . 2001-10-26 16:15 355830 ----a-w c:\windows\system32\perfh015.dat2009-04-23 11:35 . 2009-04-23 11:06 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\PC Suite2009-04-23 11:35 . 2009-04-23 11:06 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Suite2009-04-23 11:34 . 2009-04-23 11:34 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf2009-04-23 11:34 . 2009-04-23 11:34 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf2009-04-23 11:06 . 2009-04-23 11:06 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Nokia2009-04-23 11:05 . 2009-04-23 11:05 -------- d-----w c:\program files\Common Files\PCSuite2009-04-23 11:05 . 2009-04-23 11:05 -------- d-----w c:\program files\Common Files\Nokia2009-04-23 11:05 . 2009-04-23 11:04 -------- d-----w c:\program files\Nokia2009-04-23 11:05 . 2009-04-23 11:05 -------- d-----w c:\program files\DIFX2009-04-23 11:05 . 2009-04-23 11:05 -------- d-----w c:\program files\PC Connectivity Solution2009-04-23 11:04 . 2009-04-23 11:04 8192 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe2009-04-23 11:04 . 2009-04-23 11:04 61440 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe2009-04-23 11:04 . 2009-04-23 11:04 10240 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe2009-04-23 11:03 . 2009-04-23 11:03 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Installations2009-04-23 11:03 . 2009-04-23 11:04 34040128 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_pol_web.exe2009-04-23 10:55 . 2009-04-23 10:55 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Downloaded Installations2009-04-21 14:09 . 2008-06-18 15:54 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Canon2009-04-21 14:04 . 2008-06-18 15:43 -------- d-----w c:\program files\Canon2009-04-21 13:57 . 2009-04-21 13:57 -------- d-----w c:\program files\Common Files\ScanSoft Shared2009-04-21 13:53 . 2009-04-21 13:53 -------- d--h--w c:\documents and settings\All Users\Dane aplikacji\CanonBJ2009-04-21 13:49 . 2009-04-21 13:49 -------- d--h--w c:\program files\CanonBJ2009-04-21 13:35 . 2009-04-21 13:35 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantage2009-04-08 16:10 . 2009-04-08 16:10 -------- d-----w c:\program files\Audio Phonics, Inc2009-04-05 12:28 . 2008-07-23 19:11 -------- d-----w c:\program files\vanBasco's Karaoke Player2009-04-05 05:44 . 2009-04-05 05:44 -------- d-----w c:\windows\system32\config\systemprofile\Dane aplikacji\Skype2009-03-16 14:53 . 2008-06-18 12:34 644448 ----a-w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT.------- Sigcheck -------[-] 2008-04-14 17:20 1571840 A9ED600F08A92143253C10EDB5651ECF c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\sfcfiles.dll[-] 2008-01-24 09:43 1548288 44A87287F63395AE9E7950D266A73160 c:\windows\system32\sfcfiles.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]"Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TBPanel"="c:\program files\VDOTool\TBPanel.exe" [2008-01-29 2157096]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]"OpwareSE4"="f:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-27 16844800]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-01-08 1626112][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X]"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-01-24 124928][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Adobe Gamma.lnk]path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Adobe Gamma.lnkbackup=c:\windows\pss\Adobe Gamma.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Styler.lnk]path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Styler.lnkbackup=c:\windows\pss\Styler.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Thoosje Vista Sidebar.lnk]path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Thoosje Vista Sidebar.lnkbackup=c:\windows\pss\Thoosje Vista Sidebar.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnkbackup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001"UpdatesDisableNotify"=dword:00000001"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="d:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\WINDOWS\\system32\\sessmgr.exe"="e:\\Program Files\\jazzjack\\jazz2tsf[CVR.pl]\\Jazz2.exe"="e:\\Program Files\\jazzjack\\jazz2tsf[CVR.pl]\\Jazz2+.exe"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"="c:\\totalcmd\\TOTALCMD.EXE"="c:\\cs1\\Counter-Strike 1.6 + Half-Life\\hl.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="e:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"="f:\\Program Files\\BitTorrent\\bittorrent.exe"="f:\\Program Files\\Cream Software\\Pajaczek 5 NxG\\Pajaczek.exe"="c:\\Program Files\\Tremulous\\tremulous.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [2008-07-10 6852]R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-06-18 36864]R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-04-04 24344]S2 gupdate1c9c0c9e3af75ba;Google Update Service (gupdate1c9c0c9e3af75ba);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 133104]S2 solewxte;solewxte;c:\windows\system32\solewxte.exe --> c:\windows\system32\solewxte.exe [?]S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-07-08 16512].Zawartość folderu 'Zaplanowane zadania'2009-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]2009-05-29 c:\windows\Tasks\GoogleUpdateTaskMachine.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 08:35].- - - - USUNIĘTO PUSTE WPISY - - - -HKLM-Run-DAEMON Tools - f:\program files\DAEMON Tools\daemon.exeNotify-WgaLogon - (no file)SafeBoot-procexp90.Sys.------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/uInternet Connection Wizard,ShellNext = iexploreIE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cabFF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\uru0eq4j.default\FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=FF - prefs.js: browser.startup.homepage - www.google.plFF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=FF - component: c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\uru0eq4j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dllFF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dllFF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dllFF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dllFF - plugin: f:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll..------- Skojarzenia plików -------.txtfile="%1".**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-29 16:25Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-329068152-706699826-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1080)c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dllc:\windows\system32\klogon.dll- - - - - - - > 'lsass.exe'(1136)c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dllc:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll- - - - - - - > 'explorer.exe'(716)f:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dllc:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dllc:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dllc:\progra~1\WINDOW~2\wmpband.dllc:\windows\system32\msi.dllc:\windows\system32\wpdshserviceobj.dllc:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dllc:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLLc:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_pol.nlrc:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngrc:\windows\system32\portabledevicetypes.dllc:\windows\system32\portabledeviceapi.dll.------------------------ Pozostałe uruchomione procesy ------------------------.c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exec:\program files\Canon\IJPLM\ijplmsvc.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\windows\system32\nvsvc32.exec:\windows\system32\rundll32.exec:\program files\Skype\Plugin Manager\skypePM.exe.**************************************************************************.Czas ukończenia: 2009-05-29 16:30 - komputer został uruchomiony ponownieComboFix-quarantined-files.txt 2009-05-29 14:30Przed: 43 839 545 344 bajtów wolnychPo: 46 747 664 384 bajtów wolnych343 poza tym, nie związane z tym ComboFix zrobił mi ikonkę Internet Explorera na pulpicie i nie mogę jej usunąć
Gość komentarz 29 maja 2009 komentarz 29 maja 2009 Użyj programu Malwarebytes' Anti-Malware i daj z niego raport. .
kubassksiezpol komentarz 29 maja 2009 Autor komentarz 29 maja 2009 log z tego programu: Malwarebytes' Anti-Malware 1.37Wersja bazy definicji: 2192Windows 5.1.2600 Dodatek Service Pack 22009-05-29 18:07:46mbam-log-2009-05-29 (18-07-46).txtTyp skanowania: Pełne skanowanie (C:\|D:\|E:\|F:\|)Przeskanowane obiekty: 198194Upłynęło: 1 hour(s), 10 minute(s), 32 second(s)Zainfekowane procesy w pamięci: 0Zainfekowane moduły pamięci: 0Zainfekowane klucze rejestru: 30Zainfekowane wartości rejestru: 1Zainfekowane pliki rejestru: 2Zainfekowane foldery: 0Zainfekowane pliki: 45Zainfekowane procesy w pamięci:(Nie wykryto groźnych plików)Zainfekowane moduły pamięci:(Nie wykryto groźnych plików)Zainfekowane klucze rejestru:HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\myglobalsearchbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\myglobalsearchbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{37b85a2a-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{37b85a2c-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{ef281620-a3a3-4f08-874f-d68cfc9b7945} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{37b85a20-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a21-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Applications\nxtepad.exe (Hijack.Notepad) -> Quarantined and deleted successfully.Zainfekowane wartości rejestru:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.Zainfekowane pliki rejestru:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.Zainfekowane foldery:(Nie wykryto groźnych plików)Zainfekowane pliki:c:\Qoobox\quarantine\C\WINDOWS\system32\msncache.dll.vir (Backdoor.Bot) -> Quarantined and deleted successfully.c:\Qoobox\quarantine\C\WINDOWS\system32\tpszxyd.sys.vir (Backdoor.Bot) -> Quarantined and deleted successfully.c:\Qoobox\quarantine\C\WINDOWS\system32\wtukd32.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP148\A0073283.old (Trojan.Downloader) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP149\A0079406.exe (Trojan.Agent) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP149\A0079409.exe (Trojan.Refpron) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP163\A0085672.old (Trojan.Downloader) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP177\A0095899.old (Trojan.VB) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP192\A0103043.dll (Trojan.Backdoor) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP192\A0103053.sys (Trojan.Dropper) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP192\A0103059.old (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP192\A0103060.dll (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\rp192\A0103085.exe (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\rp192\A0103103.old (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP192\A0103116.old (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP193\A0103140.exe (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP193\A0103146.old (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP193\A0103198.sys (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP193\A0103199.old (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP193\A0103203.exe (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP193\A0103219.exe (Trojan.Delf) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP193\A0103281.old (Backdoor.Refpron) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP193\A0103282.dll (Trojan.Backdoor) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP193\A0103283.exe (Backdoor.Refpron) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP194\A0103287.sys (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP194\A0103321.old (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP194\A0103322.sys (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP194\A0103320.exe (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP194\A0103411.old (Trojan.Refpron) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP194\A0103413.old (Trojan.Agent) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP194\A0103414.dll (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP194\A0103416.exe (Trojan.Refpron) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP194\A0103417.sys (Trojan.Refpron) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP195\A0103461.exe (Trojan.Downloader) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP195\A0103463.old (Trojan.Downloader) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP195\A0103524.sys (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP195\A0103525.exe (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP195\A0103462.sys (Trojan.Downloader) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP196\A0103555.dll (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP196\A0103558.sys (Backdoor.Bot) -> Quarantined and deleted successfully.c:\system volume information\_restore{2a66e9ba-d784-4e0d-9297-10d1d3bbe9b3}\RP196\A0103560.exe (Backdoor.Bot) -> Quarantined and deleted successfully.c:\WINDOWS\system32\t1p0_55121164326.b1k (Trojan.VB) -> Quarantined and deleted successfully.c:\WINDOWS\system32\tmpxr_705254172996.bk (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\dlctsd32.sys (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\dctool32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
kubassksiezpol komentarz 30 maja 2009 Autor komentarz 30 maja 2009 log z ComboFIxa ComboFix 09-05-28.07 - Administrator 2009-05-30 7:28.2 - NTFSx86Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exeAV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!.((((((((((((((((((((((((( Pliki utworzone od 2009-04-28 do 2009-05-30 ))))))))))))))))))))))))))))))).2009-05-29 16:54 . 2009-05-29 16:55 -------- d-s---w C:\mój komp2009-05-29 14:55 . 2009-05-29 14:55 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Malwarebytes2009-05-29 14:55 . 2009-05-26 11:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys2009-05-29 14:55 . 2009-05-29 14:55 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Malwarebytes2009-05-29 14:55 . 2009-05-29 14:55 -------- d-----w c:\program files\Malwarebytes' Anti-Malware2009-05-29 14:55 . 2009-05-26 11:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys2009-05-20 19:23 . 2009-05-20 19:23 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.12009-05-20 19:23 . 2009-05-20 18:55 38200 ----a-w c:\documents and settings\Administrator\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe2009-05-20 18:55 . 2009-05-20 18:55 -------- d-----w c:\program files\Common Files\Adobe AIR2009-05-20 18:53 . 2009-05-20 18:53 -------- d-----w c:\documents and settings\Administrator\Moje dokumenty2009-05-16 15:03 . 2009-05-16 15:05 -------- d-----w c:\program files\Tremulous2009-05-16 09:45 . 2009-05-16 09:45 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Help2009-05-15 17:58 . 2009-05-15 17:58 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera2009-05-15 17:57 . 2009-05-16 06:56 -------- d-----w c:\program files\Opera2009-05-13 16:23 . 2009-05-13 16:23 -------- d-----w c:\program files\Youdagames2009-05-10 14:40 . 2009-05-10 14:40 15086 ----a-r c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe2009-05-10 14:40 . 2009-05-10 14:40 15086 ----a-r c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe2009-05-09 09:14 . 2009-05-09 09:14 -------- d-----w c:\documents and settings\saas\Dane aplikacji\Gadu-Gadu2009-05-09 09:11 . 2009-05-09 09:11 -------- d-----w c:\documents and settings\saas\Gadu-Gadu2009-05-09 06:41 . 2009-05-09 06:41 644384 ----a-w c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT2009-05-09 06:35 . 2009-05-09 06:35 112144 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\X86\kl1.sys2009-05-09 06:35 . 2009-05-09 06:35 682512 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\updater.dll2009-05-09 06:35 . 2009-05-09 06:35 194320 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\klif.sys2009-05-09 06:35 . 2009-05-09 06:35 150032 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\diffs.dll2009-05-09 06:35 . 2009-05-09 06:35 342544 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\ckahum.dll2009-05-09 06:23 . 2009-05-09 06:23 -------- d-----w c:\documents and settings\saas\Dane aplikacji\BESTplayer2009-05-09 06:19 . 2009-05-09 06:19 -------- d-----w c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Identities2009-05-09 06:16 . 2009-05-20 16:18 94643 ----a-w c:\windows\system32\drivers\klick.dat2009-05-09 06:16 . 2009-05-20 16:18 105395 ----a-w c:\windows\system32\drivers\klin.dat2009-05-09 06:15 . 2009-05-30 05:08 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab2009-05-09 06:15 . 2009-05-30 05:31 11852320 --sha-w c:\windows\system32\drivers\fidbox.dat2009-05-09 06:15 . 2009-05-30 05:30 182560 --sha-w c:\windows\system32\drivers\fidbox2.dat2009-05-09 06:09 . 2009-05-09 06:09 -------- d-----w c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Mozilla2009-05-09 06:06 . 2009-05-09 06:06 -------- d-----w c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Google2009-05-09 06:03 . 2008-06-18 14:15 -------- d-----r c:\documents and settings\saas\Menu Start2009-05-09 06:03 . 2008-06-18 12:20 -------- d--h--w c:\documents and settings\saas\Szablony2009-05-09 06:03 . 2009-05-09 09:11 -------- d-----w c:\documents and settings\saas2009-05-03 19:22 . 2009-05-05 13:19 -------- d-----w c:\windows\A3W_DATA2009-05-03 19:21 . 1994-09-20 22:00 12800 ----a-w c:\windows\system32\WING32.DLL2009-05-03 19:21 . 1994-09-20 22:00 92208 ----a-w c:\windows\system\WING.DLL2009-05-03 19:21 . 1994-09-20 22:00 6736 ----a-w c:\windows\system\WINGDIB.DRV2009-05-03 19:21 . 1994-08-23 22:00 188960 ----a-w c:\windows\system\WINGDE.DLL2009-05-03 18:47 . 2009-05-03 18:47 -------- d-----w C:\MPS2009-05-01 16:20 . 2007-12-26 15:30 679936 ----a-w c:\windows\system32\D3DX81ab.dll2009-05-01 16:20 . 2007-12-26 15:30 1970176 ----a-w c:\windows\system32\d3dx9.dll.(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-05-30 05:27 . 2008-06-18 15:35 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Skype2009-05-30 05:12 . 2009-01-04 11:06 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\AIMP2009-05-30 05:08 . 2008-06-18 15:35 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\skypePM2009-05-29 19:46 . 2009-05-09 06:15 22004 --sha-w c:\windows\system32\drivers\fidbox2.idx2009-05-29 19:46 . 2009-05-09 06:15 164144 --sha-w c:\windows\system32\drivers\fidbox.idx2009-05-27 17:25 . 2009-04-19 08:35 -------- d-----w c:\program files\Google2009-05-20 18:55 . 2008-06-18 12:52 -------- d-----w c:\program files\Common Files\Adobe2009-05-13 17:02 . 2009-02-15 12:14 -------- d-----w c:\program files\NAPI-PROJEKT2009-05-12 16:11 . 2008-10-27 18:53 -------- d-----w c:\program files\Kaspersky Lab2009-05-10 14:52 . 2008-06-30 14:40 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\BitTorrent2009-05-09 06:35 . 2007-04-28 14:51 112144 ----a-w c:\windows\system32\drivers\kl1.sys2009-05-09 05:38 . 2008-08-04 08:02 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files2009-05-05 14:11 . 2008-06-18 12:40 -------- d--h--w c:\program files\InstallShield Installation Information2009-04-25 12:34 . 2009-04-25 12:19 -------- d-----w c:\program files\Valve2009-04-23 11:36 . 2001-10-26 16:15 49712 ----a-w c:\windows\system32\perfc015.dat2009-04-23 11:36 . 2001-10-26 16:15 355830 ----a-w c:\windows\system32\perfh015.dat2009-04-23 11:35 . 2009-04-23 11:06 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\PC Suite2009-04-23 11:35 . 2009-04-23 11:06 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Suite2009-04-23 11:34 . 2009-04-23 11:34 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf2009-04-23 11:34 . 2009-04-23 11:34 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf2009-04-23 11:06 . 2009-04-23 11:06 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Nokia2009-04-23 11:05 . 2009-04-23 11:05 -------- d-----w c:\program files\Common Files\PCSuite2009-04-23 11:05 . 2009-04-23 11:05 -------- d-----w c:\program files\Common Files\Nokia2009-04-23 11:05 . 2009-04-23 11:04 -------- d-----w c:\program files\Nokia2009-04-23 11:05 . 2009-04-23 11:05 -------- d-----w c:\program files\DIFX2009-04-23 11:05 . 2009-04-23 11:05 -------- d-----w c:\program files\PC Connectivity Solution2009-04-23 11:04 . 2009-04-23 11:04 8192 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe2009-04-23 11:04 . 2009-04-23 11:04 61440 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe2009-04-23 11:04 . 2009-04-23 11:04 10240 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe2009-04-23 11:03 . 2009-04-23 11:03 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Installations2009-04-23 11:03 . 2009-04-23 11:04 34040128 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_pol_web.exe2009-04-23 10:55 . 2009-04-23 10:55 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Downloaded Installations2009-04-21 14:09 . 2008-06-18 15:54 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Canon2009-04-21 14:04 . 2008-06-18 15:43 -------- d-----w c:\program files\Canon2009-04-21 13:57 . 2009-04-21 13:57 -------- d-----w c:\program files\Common Files\ScanSoft Shared2009-04-21 13:53 . 2009-04-21 13:53 -------- d--h--w c:\documents and settings\All Users\Dane aplikacji\CanonBJ2009-04-21 13:49 . 2009-04-21 13:49 -------- d--h--w c:\program files\CanonBJ2009-04-21 13:35 . 2009-04-21 13:35 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantage2009-04-08 16:10 . 2009-04-08 16:10 -------- d-----w c:\program files\Audio Phonics, Inc2009-04-05 12:28 . 2008-07-23 19:11 -------- d-----w c:\program files\vanBasco's Karaoke Player2009-04-05 05:44 . 2009-04-05 05:44 -------- d-----w c:\windows\system32\config\systemprofile\Dane aplikacji\Skype2009-03-16 14:53 . 2008-06-18 12:34 644448 ----a-w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT.------- Sigcheck -------[-] 2008-04-14 17:20 1571840 A9ED600F08A92143253C10EDB5651ECF c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\sfcfiles.dll[-] 2008-01-24 09:43 1548288 44A87287F63395AE9E7950D266A73160 c:\windows\system32\sfcfiles.dll.((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]"Gadu-Gadu"="d:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TBPanel"="c:\program files\VDOTool\TBPanel.exe" [2008-01-29 2157096]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-08 8523776]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-08 81920]"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]"OpwareSE4"="f:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]"Adobe Reader Speed Launcher"="f:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-27 16844800]"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-01-08 1626112][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]"nltide_2"="shell32" [X]"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-01-24 124928][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver"[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Adobe Gamma.lnk]path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Adobe Gamma.lnkbackup=c:\windows\pss\Adobe Gamma.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Styler.lnk]path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Styler.lnkbackup=c:\windows\pss\Styler.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Thoosje Vista Sidebar.lnk]path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Thoosje Vista Sidebar.lnkbackup=c:\windows\pss\Thoosje Vista Sidebar.lnkStartup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnkbackup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001"FirewallOverride"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="d:\\Program Files\\Gadu-Gadu\\gg.exe"="c:\\WINDOWS\\system32\\sessmgr.exe"="e:\\Program Files\\jazzjack\\jazz2tsf[CVR.pl]\\Jazz2.exe"="e:\\Program Files\\jazzjack\\jazz2tsf[CVR.pl]\\Jazz2+.exe"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"="c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"="c:\\totalcmd\\TOTALCMD.EXE"="c:\\cs1\\Counter-Strike 1.6 + Half-Life\\hl.exe"="c:\\WINDOWS\\system32\\dplaysvr.exe"="e:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"="f:\\Program Files\\BitTorrent\\bittorrent.exe"="f:\\Program Files\\Cream Software\\Pajaczek 5 NxG\\Pajaczek.exe"="c:\\Program Files\\Tremulous\\tremulous.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [2008-07-10 6852]R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-06-18 36864]R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-04-04 24344]S2 gupdate1c9c0c9e3af75ba;Google Update Service (gupdate1c9c0c9e3af75ba);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 133104]S2 solewxte;solewxte;c:\windows\system32\solewxte.exe --> c:\windows\system32\solewxte.exe [?]S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-07-08 16512].Zawartość folderu 'Zaplanowane zadania'2009-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]2009-05-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 08:35]..------- Skan uzupełniający -------.uStart Page = hxxp://www.google.pl/uInternet Connection Wizard,ShellNext = iexploreIE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cabFF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\uru0eq4j.default\FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=FF - prefs.js: browser.startup.homepage - www.google.plFF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=FF - component: c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\uru0eq4j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dllFF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dllFF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dllFF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dllFF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dllFF - plugin: f:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll..------- Skojarzenia plików -------.txtfile="%1".**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2009-05-30 07:31Windows 5.1.2600 Dodatek Service Pack 2 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@?????????????? skanowanie ukrytych plików ... skanowanie pomyślnie ukończoneukryte pliki: 0**************************************************************************.--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------[HKEY_USERS\S-1-5-21-329068152-706699826-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode).--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------- - - - - - - > 'winlogon.exe'(1084)c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dllc:\windows\system32\klogon.dll- - - - - - - > 'lsass.exe'(1140)c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dllc:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll- - - - - - - > 'explorer.exe'(2776)f:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dllc:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dllc:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dllc:\progra~1\WINDOW~2\wmpband.dllc:\windows\system32\msi.dllc:\windows\system32\wpdshserviceobj.dllc:\windows\system32\portabledevicetypes.dllc:\windows\system32\portabledeviceapi.dll.Czas ukończenia: 2009-05-30 7:32ComboFix-quarantined-files.txt 2009-05-30 05:32ComboFix2.txt 2009-05-29 14:30Przed: 46 717 755 392 bajtów wolnychPo: 46 690 127 872 bajtów wolnych247
Gość komentarz 30 maja 2009 komentarz 30 maja 2009 Wklej do Notatnika: File::c:\windows\system32\solewxte.exeFolder::c:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantagec:\program files\Audio Phonics, Incc:\program files\vanBasco's Karaoke PlayerDriver::solewxtegupdate1c9c0c9e3af75baAtcL001Registry::[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"=-"Skype"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TBPanel"=-"NvCplDaemon"=-"NvMediaCenter"=-"SunJavaUpdateSched"=-"BigDog303"=-"SSBkgdUpdate"=-"OpwareSE4"=-"Adobe Reader Speed Launcher"=-"SkyTel"=-"RTHDCPL"=-"nwiz"=- >>Plik>>Zapisz jako... >>> CFScript Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe --> Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania. Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox. .
kubassksiezpol komentarz 30 maja 2009 Autor komentarz 30 maja 2009 (edytowane) Pisze z drugiego komputera. Zrobiłem to co mi powiedziałeś. Niestety, ale nie mogę dojść do internetu ze swojego komputera W panelu sterowania w połączeniach sieciowych mam pusto (zawsze miałem 1 połączenie lokalne). Proszę o pomoc, jak to przywrócić. Mam liveboxa tp. Wystarczy tylko zainstalowanie sterownika z płyty liveboxa? Proszę o szybką odpowiedź
Mateusz J. komentarz 30 maja 2009 komentarz 30 maja 2009 (edytowane) Wystarczy tylko zainstalowanie sterownika z płyty liveboxa?Zainstaluj sterownikiPoczytaj: http://www.hopin.pl/content/view/243/95/
kubassksiezpol komentarz 31 maja 2009 Autor komentarz 31 maja 2009 (edytowane) Dzięki. djdresik: Dlaczego w logu do combofixa dałeś żebym usunął van basco' karaoke player? Jest to mój program do karaoke Dzięki wielkie. Temat lock proszę . djdresik: dlaczego usunąłeś mi coś w rejestrze które było związane z kartą sieciową? Musiałem instalować stery do karty sieciowej
Gość komentarz 31 maja 2009 komentarz 31 maja 2009 Jeśli to były stery = to przepraszam bardzo, mój błąd. .
kubassksiezpol komentarz 31 maja 2009 Autor komentarz 31 maja 2009 tak wogóle to log z ComboFixa ComboFix 09-05-28.07 - Administrator 2009-05-30 7:55.3 - NTFSx86 Uruchomiony z: c:\documents and settings\Administrator\Pulpit\ComboFix.exe Użyto następujących komend :: c:\documents and settings\Administrator\Pulpit\CFScript.txt AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: ZoneAlarm Pro Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! FILE :: "c:\windows\system32\solewxte.exe" . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantage c:\documents and settings\All Users\Dane aplikacji\Office Genuine Advantage\data\data.dat c:\program files\Audio Phonics, Inc c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\_DEISREG.ISR c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\_ISREG32.DLL c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\APGTHelp.htm c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\APGuitarTuner.exe c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\APLogo.bmp c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\APLogoOp.bmp c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\apSmall.bmp c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\circle.bmp c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\cpuinf32.dll c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\DeIsL1.isu c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\gBar.bmp c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\gTic.bmp c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\label.bmp c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\NotesBev.bmp c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\NotesClr.bmp c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\NumBev.bmp c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\NumClr.bmp c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\preset.txt c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\state.txt c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\string1.bmp c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\string2.bmp c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\string3.bmp c:\program files\Audio Phonics, Inc\AP Guitar Tuner 1.02\usr.dll c:\program files\vanBasco's Karaoke Player c:\program files\vanBasco's Karaoke Player\(default).vpl c:\program files\vanBasco's Karaoke Player\(domylnie).vpl c:\program files\vanBasco's Karaoke Player\chango.mid c:\program files\vanBasco's Karaoke Player\default.lyt c:\program files\vanBasco's Karaoke Player\doodap.kar c:\program files\vanBasco's Karaoke Player\everlast.kar c:\program files\vanBasco's Karaoke Player\jashisth.mid c:\program files\vanBasco's Karaoke Player\jpeg.dll c:\program files\vanBasco's Karaoke Player\karback.bmp c:\program files\vanBasco's Karaoke Player\midi16.dll c:\program files\vanBasco's Karaoke Player\midi32.dll c:\program files\vanBasco's Karaoke Player\midi95.dll c:\program files\vanBasco's Karaoke Player\nicenjaz.mid c:\program files\vanBasco's Karaoke Player\salsa.mid c:\program files\vanBasco's Karaoke Player\Sample Playlist.vpl c:\program files\vanBasco's Karaoke Player\sogreen.mid c:\program files\vanBasco's Karaoke Player\uninst.exe c:\program files\vanBasco's Karaoke Player\vmidi.exe c:\program files\vanBasco's Karaoke Player\vmidi_de.chm c:\program files\vanBasco's Karaoke Player\vmidi_de.dll c:\program files\vanBasco's Karaoke Player\vmidi_en.chm c:\program files\vanBasco's Karaoke Player\vmidi_en.dll c:\program files\vanBasco's Karaoke Player\vmidi_es.chm c:\program files\vanBasco's Karaoke Player\vmidi_es.dll c:\program files\vanBasco's Karaoke Player\vmidi_it.chm c:\program files\vanBasco's Karaoke Player\vmidi_it.dll c:\program files\vanBasco's Karaoke Player\vmidi_pl.chm c:\program files\vanBasco's Karaoke Player\vmidi_pl.dll c:\program files\vanBasco's Karaoke Player\yourtrue.kar . ((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GUPDATE1C9C0C9E3AF75BA -------\Legacy_SOLEWXTE -------\Service_AtcL001 -------\Service_gupdate1c9c0c9e3af75ba -------\Service_solewxte ((((((((((((((((((((((((( Pliki utworzone od 2009-04-28 do 2009-05-30 ))))))))))))))))))))))))))))))) . 2009-05-29 16:54 . 2009-05-29 16:55 -------- d-s---w C:\mój komp 2009-05-29 14:55 . 2009-05-29 14:55 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Malwarebytes 2009-05-29 14:55 . 2009-05-26 11:20 40160 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-29 14:55 . 2009-05-29 14:55 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Malwarebytes 2009-05-29 14:55 . 2009-05-29 14:55 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-29 14:55 . 2009-05-26 11:19 19096 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-20 19:23 . 2009-05-20 19:23 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-05-20 19:23 . 2009-05-20 18:55 38200 ----a-w c:\documents and settings\Administrator\Dane aplikacji\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-05-20 18:55 . 2009-05-20 18:55 -------- d-----w c:\program files\Common Files\Adobe AIR 2009-05-20 18:53 . 2009-05-20 18:53 -------- d-----w c:\documents and settings\Administrator\Moje dokumenty 2009-05-16 15:03 . 2009-05-16 15:05 -------- d-----w c:\program files\Tremulous 2009-05-16 09:45 . 2009-05-16 09:45 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Help 2009-05-15 17:58 . 2009-05-15 17:58 -------- d-----w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\Opera 2009-05-15 17:57 . 2009-05-16 06:56 -------- d-----w c:\program files\Opera 2009-05-13 16:23 . 2009-05-13 16:23 -------- d-----w c:\program files\Youdagames 2009-05-10 14:40 . 2009-05-10 14:40 15086 ----a-r c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_7b12541d.exe 2009-05-10 14:40 . 2009-05-10 14:40 15086 ----a-r c:\documents and settings\Administrator\Dane aplikacji\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe 2009-05-09 09:14 . 2009-05-09 09:14 -------- d-----w c:\documents and settings\saas\Dane aplikacji\Gadu-Gadu 2009-05-09 09:11 . 2009-05-09 09:11 -------- d-----w c:\documents and settings\saas\Gadu-Gadu 2009-05-09 06:41 . 2009-05-09 06:41 644384 ----a-w c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT 2009-05-09 06:35 . 2009-05-09 06:35 112144 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\X86\kl1.sys 2009-05-09 06:35 . 2009-05-09 06:35 682512 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\updater.dll 2009-05-09 06:35 . 2009-05-09 06:35 194320 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\klif.sys 2009-05-09 06:35 . 2009-05-09 06:35 150032 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\diffs.dll 2009-05-09 06:35 . 2009-05-09 06:35 342544 ----a-w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab\AVP7\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\7.0.0.119\ckahum.dll 2009-05-09 06:23 . 2009-05-09 06:23 -------- d-----w c:\documents and settings\saas\Dane aplikacji\BESTplayer 2009-05-09 06:19 . 2009-05-09 06:19 -------- d-----w c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Identities 2009-05-09 06:16 . 2009-05-20 16:18 94643 ----a-w c:\windows\system32\drivers\klick.dat 2009-05-09 06:16 . 2009-05-20 16:18 105395 ----a-w c:\windows\system32\drivers\klin.dat 2009-05-09 06:15 . 2009-05-30 05:34 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2009-05-09 06:15 . 2009-05-30 06:01 11936544 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-05-09 06:15 . 2009-05-30 05:59 186656 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-05-09 06:09 . 2009-05-09 06:09 -------- d-----w c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Mozilla 2009-05-09 06:06 . 2009-05-09 06:06 -------- d-----w c:\documents and settings\saas\Ustawienia lokalne\Dane aplikacji\Google 2009-05-09 06:03 . 2008-06-18 14:15 -------- d-----r c:\documents and settings\saas\Menu Start 2009-05-09 06:03 . 2008-06-18 12:20 -------- d--h--w c:\documents and settings\saas\Szablony 2009-05-09 06:03 . 2009-05-09 09:11 -------- d-----w c:\documents and settings\saas 2009-05-03 19:22 . 2009-05-05 13:19 -------- d-----w c:\windows\A3W_DATA 2009-05-03 19:21 . 1994-09-20 22:00 12800 ----a-w c:\windows\system32\WING32.DLL 2009-05-03 19:21 . 1994-09-20 22:00 92208 ----a-w c:\windows\system\WING.DLL 2009-05-03 19:21 . 1994-09-20 22:00 6736 ----a-w c:\windows\system\WINGDIB.DRV 2009-05-03 19:21 . 1994-08-23 22:00 188960 ----a-w c:\windows\system\WINGDE.DLL 2009-05-03 18:47 . 2009-05-03 18:47 -------- d-----w C:\MPS 2009-05-01 16:20 . 2007-12-26 15:30 679936 ----a-w c:\windows\system32\D3DX81ab.dll 2009-05-01 16:20 . 2007-12-26 15:30 1970176 ----a-w c:\windows\system32\d3dx9.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-30 05:58 . 2009-05-09 06:15 22676 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-05-30 05:58 . 2009-05-09 06:15 165968 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-05-30 05:27 . 2008-06-18 15:35 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Skype 2009-05-30 05:12 . 2009-01-04 11:06 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\AIMP 2009-05-30 05:08 . 2008-06-18 15:35 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\skypePM 2009-05-27 17:25 . 2009-04-19 08:35 -------- d-----w c:\program files\Google 2009-05-20 18:55 . 2008-06-18 12:52 -------- d-----w c:\program files\Common Files\Adobe 2009-05-13 17:02 . 2009-02-15 12:14 -------- d-----w c:\program files\NAPI-PROJEKT 2009-05-12 16:11 . 2008-10-27 18:53 -------- d-----w c:\program files\Kaspersky Lab 2009-05-10 14:52 . 2008-06-30 14:40 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\BitTorrent 2009-05-09 06:35 . 2007-04-28 14:51 112144 ----a-w c:\windows\system32\drivers\kl1.sys 2009-05-09 05:38 . 2008-08-04 08:02 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2009-05-05 14:11 . 2008-06-18 12:40 -------- d--h--w c:\program files\InstallShield Installation Information 2009-04-25 12:34 . 2009-04-25 12:19 -------- d-----w c:\program files\Valve 2009-04-23 11:36 . 2001-10-26 16:15 49712 ----a-w c:\windows\system32\perfc015.dat 2009-04-23 11:36 . 2001-10-26 16:15 355830 ----a-w c:\windows\system32\perfh015.dat 2009-04-23 11:35 . 2009-04-23 11:06 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\PC Suite 2009-04-23 11:35 . 2009-04-23 11:06 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\PC Suite 2009-04-23 11:34 . 2009-04-23 11:34 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2009-04-23 11:34 . 2009-04-23 11:34 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-04-23 11:06 . 2009-04-23 11:06 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Nokia 2009-04-23 11:05 . 2009-04-23 11:05 -------- d-----w c:\program files\Common Files\PCSuite 2009-04-23 11:05 . 2009-04-23 11:05 -------- d-----w c:\program files\Common Files\Nokia 2009-04-23 11:05 . 2009-04-23 11:04 -------- d-----w c:\program files\Nokia 2009-04-23 11:05 . 2009-04-23 11:05 -------- d-----w c:\program files\DIFX 2009-04-23 11:05 . 2009-04-23 11:05 -------- d-----w c:\program files\PC Connectivity Solution 2009-04-23 11:04 . 2009-04-23 11:04 8192 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstCCD.exe 2009-04-23 11:04 . 2009-04-23 11:04 61440 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-04-23 11:04 . 2009-04-23 11:04 10240 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Installer\CommonCustomActions\UninstPCS.exe 2009-04-23 11:03 . 2009-04-23 11:03 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Installations 2009-04-23 11:03 . 2009-04-23 11:04 34040128 ----a-w c:\documents and settings\All Users\Dane aplikacji\Installations\{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}\Nokia_PC_Suite_7_1_18_0_pol_web.exe 2009-04-23 10:55 . 2009-04-23 10:55 -------- d-----w c:\documents and settings\All Users\Dane aplikacji\Downloaded Installations 2009-04-21 14:09 . 2008-06-18 15:54 -------- d-----w c:\documents and settings\Administrator\Dane aplikacji\Canon 2009-04-21 14:04 . 2008-06-18 15:43 -------- d-----w c:\program files\Canon 2009-04-21 13:57 . 2009-04-21 13:57 -------- d-----w c:\program files\Common Files\ScanSoft Shared 2009-04-21 13:53 . 2009-04-21 13:53 -------- d--h--w c:\documents and settings\All Users\Dane aplikacji\CanonBJ 2009-04-21 13:49 . 2009-04-21 13:49 -------- d--h--w c:\program files\CanonBJ 2009-04-05 05:44 . 2009-04-05 05:44 -------- d-----w c:\windows\system32\config\systemprofile\Dane aplikacji\Skype 2009-03-16 14:53 . 2008-06-18 12:34 644448 ----a-w c:\documents and settings\Administrator\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT . ------- Sigcheck ------- [-] 2008-04-14 17:20 1571840 A9ED600F08A92143253C10EDB5651ECF c:\windows\SoftwareDistribution\Download\bb44941ebc6c98c13a74d1f65de46494\sfcfiles.dll [-] 2008-01-24 09:43 1548288 44A87287F63395AE9E7950D266A73160 c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-01-24 124928] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Adobe Gamma.lnk] path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Styler.lnk] path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Styler.lnk backup=c:\windows\pss\Styler.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Menu Start^Programy^Autostart^Thoosje Vista Sidebar.lnk] path=c:\documents and settings\Administrator\Menu Start\Programy\Autostart\Thoosje Vista Sidebar.lnk backup=c:\windows\pss\Thoosje Vista Sidebar.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "d:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "e:\\Program Files\\jazzjack\\jazz2tsf[CVR.pl]\\Jazz2.exe"= "e:\\Program Files\\jazzjack\\jazz2tsf[CVR.pl]\\Jazz2+.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\Polish\\setup.exe"= "c:\\Documents and Settings\\All Users\\Dane aplikacji\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\Polish\\setup.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\cs1\\Counter-Strike 1.6 + Half-Life\\hl.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "e:\\Program Files\\Firefly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"= "f:\\Program Files\\BitTorrent\\bittorrent.exe"= "f:\\Program Files\\Cream Software\\Pajaczek 5 NxG\\Pajaczek.exe"= "c:\\Program Files\\Tremulous\\tremulous.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [2008-07-10 6852] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-04-04 24344] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-07-08 16512] . Zawartość folderu 'Zaplanowane zadania' 2009-05-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42] 2009-05-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 08:35] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ uInternet Connection Wizard,ShellNext = iexplore IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: {68282C51-9459-467B-95BF-3C0E89627E55} - hxxp://www.mks.com.pl/skaner/SkanerOnline.cab FF - ProfilePath - c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\uru0eq4j.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.startup.homepage - www.google.pl FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q= FF - component: c:\documents and settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\uru0eq4j.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: f:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-30 08:00 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_USERS\S-1-5-21-329068152-706699826-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(736) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\windows\system32\klogon.dll - - - - - - - > 'lsass.exe'(792) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll - - - - - - - > 'explorer.exe'(3416) c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\msi.dll c:\windows\system32\wpdshserviceobj.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_pol.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Pozostałe uruchomione procesy ------------------------ . c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe c:\program files\Canon\IJPLM\ijplmsvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Czas ukończenia: 2009-05-30 8:04 - komputer został uruchomiony ponownie ComboFix-quarantined-files.txt 2009-05-30 06:03 ComboFix2.txt 2009-05-30 05:32 ComboFix3.txt 2009-05-29 14:30 Przed: 46 717 022 208 bajtów wolnych Po: 46 683 340 800 bajtów wolnych 303
Gość komentarz 31 maja 2009 komentarz 31 maja 2009 Czysto. 1. Posprzątaj po ComboFixie i różnych narzędziach >>> OTCleanIt. 2. Z folderu "System Volume Information" usuniesz poprzez chwilowe wyłączenie "Przywracania Systemu": >Panel Sterowania>System>Przywracanie Systemu>>zaznacz w okienku przy "Wyłącz przywracanie na wszystkich dyskach">Zastosuj>OK.Potem możesz powrócić do poprzedniego ustawienia (czyli usunąć zaznaczenie z okienka). 3. Wykonaj optymalizację systemu 4.Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum. .
kubassksiezpol komentarz 31 maja 2009 Autor komentarz 31 maja 2009 A jeżeli mam kasperskiego internet security 7.0, to mogę dać raport z jego skanowania?
kubassksiezpol komentarz 1 czerwca 2009 Autor komentarz 1 czerwca 2009 (edytowane) Skanuj Mój komputer : zakończono -------------------------------- Przeskanowanych: 406335 Wykrytych: 0 Nieprzetworzonych: 0 Uruchomiono: 2009-05-31 21:37:09 Czas działania: 01:35:51 Zakończono: 2009-05-31 23:13:00 djdresik i co??
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.