Sprawdzenie loga - robak?


(Cezary Piwowarczyk) #1

Proszę o sprawdzenie loga. Z góry dziękuję!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:49:56, on 2008-09-16

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

F:\Program Files\PowerISO\PWRISOVM.EXE

F:\Program Files\Comodo\Comodo AntiVirus\CMain.exe

C:\Program Files\COMODO\SafeSurf\cssurf.exe

F:\Program Files\Comodo\Firewall\cfp.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\xp\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

F:\Program Files\Comodo\Firewall\cmdagent.exe

C:\Program Files\Comodo\common\CAVASpy\cavasm.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

F:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe

C:\WINDOWS\System32\svchost.exe

E:\Download\Instalki\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O1 - Hosts: 212.162.52.233 irc.westwood.com

O1 - Hosts: 212.162.52.233 servserv.westwood.com

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe Reader 6.0 CE\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [cnfgCav] "F:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"

O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s

O4 - HKLM\..\Run: [COMODO Firewall Pro] "F:\Program Files\Comodo\Firewall\cfp.exe" -h

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU\..\Run: [OM2_Monitor] "F:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart

O4 - HKCU\..\Run: [Time Organizer] Nie

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\xp\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c

O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - F:\Program Files\Comodo\Firewall\cmdagent.exe

O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - F:\Program Files\RealVNC\VNC4\WinVNC4.exe



--

End of file - 7061 bytes

(huber2t) #2

fix w hijackthis

Podaj log z Combofix


(Cezary Piwowarczyk) #3
ComboFix 08-09-16.05 - xp 2008-09-16 20:34:33.3 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.673 [GMT 2:00]

Uruchomiony z: E:\Download\Combo-Fix.exe

 * Utworzono nowy punkt przywracania


[color=red][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA [/b][/color]

.

	/wow section - STAGE 31

FINDSTR: Nie moľna otworzy† temp00

Nie moľna wykona† ľĄdanej operacji na pliku z otwartĄ sekcjĄ mapowania uľytkownika.



((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


C:\WINDOWS\308.exe

E:\6.bat

E:\njibyekk.com

F:\6.bat

F:\njibyekk.com


.

((((((((((((((((((((((((( Pliki utworzone od 2008-08-16 do 2008-09-16 )))))))))))))))))))))))))))))))

.


2008-09-10 20:11 . 2008-06-12 09:46	20,992	--a------	C:\WINDOWS\system32\vncmirror.dll

2008-09-10 20:11 . 2008-06-12 09:46	4,608	--a------	C:\WINDOWS\system32\drivers\vncmirror.sys

2008-08-20 20:40 . 2008-08-20 20:39	720,896	--a------	C:\WINDOWS\iun6002.exe


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-09-15 16:29	---------	d-----w	C:\Documents and Settings\xp\Dane aplikacji\OpenOffice.org2

2008-09-08 19:57	---------	d-----w	C:\Documents and Settings\xp\Dane aplikacji\Skype

2008-09-08 18:56	---------	d-----w	C:\Documents and Settings\xp\Dane aplikacji\skypePM

2008-08-30 09:05	---------	d-----w	C:\Documents and Settings\xp\Dane aplikacji\DNA

2008-08-30 07:51	---------	d-----w	C:\Program Files\DNA

2008-08-28 09:53	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard

2008-08-20 22:14	---------	d-----w	C:\Documents and Settings\xp\Dane aplikacji\BitTorrent

2008-08-19 11:54	---------	d--h--w	C:\Program Files\InstallShield Installation Information

2008-08-14 16:14	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles

2008-08-11 06:10	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Codemasters

2008-08-11 06:08	---------	d-----w	C:\Program Files\OpenAL

2008-08-11 05:34	---------	d-----w	C:\Program Files\Codemasters

2008-08-03 19:12	---------	d-----w	C:\Program Files\QuickTime

2008-07-23 12:54	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Comodo

2008-07-23 12:37	---------	d-----w	C:\Program Files\Comodo

2008-07-23 12:37	---------	d-----w	C:\Program Files\AskSBar

2008-07-23 12:36	87,056	----a-w	C:\WINDOWS\system32\drivers\cmdguard.sys

2008-07-23 12:36	24,208	----a-w	C:\WINDOWS\system32\drivers\cmdhlp.sys

2008-07-23 12:36	---------	d-----w	C:\Documents and Settings\xp\Dane aplikacji\Comodo

2008-07-23 12:33	102,400	----a-w	C:\WINDOWS\system32\drivers\cavasm.sys

2008-07-23 09:54	---------	d-----w	C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab

2008-07-21 06:26	---------	d-----w	C:\Program Files\Ashampoo

2008-07-18 15:06	---------	d-----w	C:\Program Files\Common Files\Skype

.


((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane 

REGEDIT4


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]

"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 81920]

"OM2_Monitor"="F:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-02-22 95536]

"Google Update"="C:\Documents and Settings\xp\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2008-09-10 133104]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 8429568]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 81920]

"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]

"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]

"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-14 35328]

"PWRISOVM.EXE"="F:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]

"cnfgCav"="F:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2008-07-23 110592]

"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-07-23 278264]

"COMODO Firewall Pro"="F:\Program Files\Comodo\Firewall\cfp.exe" [2008-07-23 1655552]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]

"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 C:\WINDOWS\RTHDCPL.exe]

"nwiz"="nwiz.exe" [2007-05-11 C:\WINDOWS\system32\nwiz.exe]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]

2008-07-23 14:33 216576 C:\WINDOWS\system32\monln.dll


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3fhg"= mp3fhg.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"VIDC.YV12"= yv12vfw.dll

"msacm.divxa32"= divxa32.acm

"MSACM.SPEEXACM"= SPEEXW.ACM


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS.exe]

"Debugger"=dummy.dat


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS20.exe]

"Debugger"=dummy.dat


[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"F:\\Program Files\\Gadu-Gadu\\gg.exe"=

"E:\\Program Files\\Call of Duty\\CoDMP.exe"=

"E:\\Gry\\Km TPR\\KM_TPR.exe"=

"E:\\Program Files\\CS\\hl.exe"=

"C:\\WINDOWS\\system32\\dplaysvr.exe"=

"F:\\Program Files\\BearShare\\BearShare.exe"=

"E:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=

"E:\\Program Files\\Ubisoft\\Eagle Dynamics\\Lock On\\LockOn.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"E:\\Program Files\\Soldat\\Soldat.exe"=

"C:\\Program Files\\DNA\\btdna.exe"=

"E:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"E:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"E:\\Program Files\\Kolekcja Klasyki\\Twierdza\\Stronghold.exe"=

"E:\\Program Files\\BitTorrent\\bittorrent.exe"=

"F:\\Czarek\\CS\\hl.exe"=

"E:\\Gry\\Doom 3\\DOOM3.exe"=

"F:\\OTS\\TurionServer\\TurionWindows.exe"=

"E:\\server2\\ots\\YurOTS.exe"=

"E:\\server\\illusion\\illusion\\devland.exe"=

"E:\\server\\illusion\\illusion\\Work.exe"=

"E:\\server\\illusionion\\illusion\\devland.exe"=

"E:\\server\\illusion3\\illusion\\devland.exe"=

"E:\\server2\\Hollandia\\Hollandia\\Server\\Hollandia.exe"=

"C:\\Program Files\\Codemasters\\GRID Demo\\GRID.exe"=

"E:\\Download\\MiniRacingOnline\\MiniRacingOnline\\MiniRacingOnLine.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

"F:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8461:TCP"= 8461:TCP:GoD High Port

"8462:TCP"= 8462:TCP:GoD Low Port


R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-23 87056]

R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-23 24208]

S3 V0010bVd;Creative WebCam Vista #2;C:\WINDOWS\system32\DRIVERS\V0010bVd.sys [2003-04-21 186551]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aad561fa-3e0b-11dd-978b-000ce5e8c9b3}]

\Shell\AutoRun\command - 6l6w8.com

\Shell\explore\Command - 6l6w8.com

\Shell\open\Command - 6l6w8.com


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd7f35c6-f9c6-11dc-960a-000ce5e8c9b3}]

\Shell\AutoRun\command - H:\e9ehn1m8.com

\Shell\explore\Command - H:\e9ehn1m8.com

\Shell\open\Command - H:\e9ehn1m8.com

.

Zawartość folderu 'Zaplanowane zadania'

.

.

------- Skan uzupełniający -------

.

FireFox -: Profile - C:\Documents and Settings\xp\Dane aplikacji\Mozilla\Firefox\Profiles\2ng5mn9l.default\

FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.pl

FF -: plugin - C:\Documents and Settings\xp\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.131.11\npGoogleOneClick5.dll

FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll

FF -: plugin - F:\Program Files\Adobe Reader 6.0 CE\Reader\browser\nppdf32.dll

FF -: plugin - F:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - F:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll

FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll

FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npnul32.dll

FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll

.


**************************************************************************


catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-16 20:40:09

Windows 5.1.2600 Dodatek Service Pack 2 NTFS


skanowanie ukrytych procesów ... 


skanowanie ukrytych wpisów autostartu ...


skanowanie ukrytych plików ... 


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]

"ImagePath"="\??\C:\DOCUME~1\xp\USTAWI~1\Temp\ASFWHide"

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

F:\Program Files\Comodo\Firewall\cmdagent.exe

C:\Program Files\Comodo\Common\CAVASpy\cavasm.exe

C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Common Files\Teleca Shared\Generic.exe

F:\Program Files\Comodo\Comodo AntiVirus\cavse.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

F:\Program Files\Comodo\Comodo AntiVirus\cavse.exe

F:\Program Files\Comodo\Comodo AntiVirus\CavAUD.exe

.

**************************************************************************

.

Czas ukończenia: 2008-09-16 20:43:01 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2008-09-16 18:42:56

ComboFix2.txt 2008-07-23 09:35:55


Przed: 27,314,036,736 bajt˘w wolnych

Po: 27,241,164,800 bajt˘w wolnych


196	--- E O F ---	2008-09-09 13:02:21[/code]

(huber2t) #4

Pobierz ComboFix, ale nie uruchamiaj

Otwórz notatnik i wklej do niego:

Folder::

C:\Program Files\AskSBar


Registry::

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aad561fa-3e0b-11dd-978b-000ce5e8c9b3}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd7f35c6-f9c6-11dc-960a-000ce5e8c9b3}]

Plik -> zapisz jako -> CFScript.txt.

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu->

cfscript10uc2.gif

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklej.eu lub na http://wklej.org a w poście dajesz tylko link