gurupl
(Cezary Piwowarczyk)
#1
Proszę o sprawdzenie loga. Z góry dziękuję!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:56, on 2008-09-16
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
F:\Program Files\PowerISO\PWRISOVM.EXE
F:\Program Files\Comodo\Comodo AntiVirus\CMain.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
F:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\xp\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
F:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
F:\Program Files\Comodo\Comodo AntiVirus\Cavaud.exe
C:\WINDOWS\System32\svchost.exe
E:\Download\Instalki\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 - Hosts: 212.162.52.233 irc.westwood.com
O1 - Hosts: 212.162.52.233 servserv.westwood.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe Reader 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] F:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [cnfgCav] "F:\Program Files\Comodo\Comodo AntiVirus\CMain.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "F:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [OM2_Monitor] "F:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [Time Organizer] Nie
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\xp\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O20 - Winlogon Notify: monln - C:\WINDOWS\SYSTEM32\monln.dll
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - F:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Comodo Anti-Virus and Anti-Spyware Service - Comodo Inc. - C:\Program Files\Comodo\common\CAVASpy\cavasm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - F:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 7061 bytes
gurupl
(Cezary Piwowarczyk)
#3
ComboFix 08-09-16.05 - xp 2008-09-16 20:34:33.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.673 [GMT 2:00]
Uruchomiony z: E:\Download\Combo-Fix.exe
* Utworzono nowy punkt przywracania
[color=red][b]UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA [/b][/color]
.
/wow section - STAGE 31
FINDSTR: Nie moľna otworzy† temp00
Nie moľna wykona† ľĄdanej operacji na pliku z otwartĄ sekcjĄ mapowania uľytkownika.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\308.exe
E:\6.bat
E:\njibyekk.com
F:\6.bat
F:\njibyekk.com
.
((((((((((((((((((((((((( Pliki utworzone od 2008-08-16 do 2008-09-16 )))))))))))))))))))))))))))))))
.
2008-09-10 20:11 . 2008-06-12 09:46 20,992 --a------ C:\WINDOWS\system32\vncmirror.dll
2008-09-10 20:11 . 2008-06-12 09:46 4,608 --a------ C:\WINDOWS\system32\drivers\vncmirror.sys
2008-08-20 20:40 . 2008-08-20 20:39 720,896 --a------ C:\WINDOWS\iun6002.exe
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 16:29 --------- d-----w C:\Documents and Settings\xp\Dane aplikacji\OpenOffice.org2
2008-09-08 19:57 --------- d-----w C:\Documents and Settings\xp\Dane aplikacji\Skype
2008-09-08 18:56 --------- d-----w C:\Documents and Settings\xp\Dane aplikacji\skypePM
2008-08-30 09:05 --------- d-----w C:\Documents and Settings\xp\Dane aplikacji\DNA
2008-08-30 07:51 --------- d-----w C:\Program Files\DNA
2008-08-28 09:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-20 22:14 --------- d-----w C:\Documents and Settings\xp\Dane aplikacji\BitTorrent
2008-08-19 11:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-14 16:14 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-08-11 06:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Codemasters
2008-08-11 06:08 --------- d-----w C:\Program Files\OpenAL
2008-08-11 05:34 --------- d-----w C:\Program Files\Codemasters
2008-08-03 19:12 --------- d-----w C:\Program Files\QuickTime
2008-07-23 12:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Comodo
2008-07-23 12:37 --------- d-----w C:\Program Files\Comodo
2008-07-23 12:37 --------- d-----w C:\Program Files\AskSBar
2008-07-23 12:36 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-07-23 12:36 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-07-23 12:36 --------- d-----w C:\Documents and Settings\xp\Dane aplikacji\Comodo
2008-07-23 12:33 102,400 ----a-w C:\WINDOWS\system32\drivers\cavasm.sys
2008-07-23 09:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-07-21 06:26 --------- d-----w C:\Program Files\Ashampoo
2008-07-18 15:06 --------- d-----w C:\Program Files\Common Files\Skype
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 81920]
"OM2_Monitor"="F:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-02-22 95536]
"Google Update"="C:\Documents and Settings\xp\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe" [2008-09-10 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-11 8429568]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-11 81920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-01-14 35328]
"PWRISOVM.EXE"="F:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"cnfgCav"="F:\Program Files\Comodo\Comodo AntiVirus\CMain.exe" [2008-07-23 110592]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-07-23 278264]
"COMODO Firewall Pro"="F:\Program Files\Comodo\Firewall\cfp.exe" [2008-07-23 1655552]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-05-11 C:\WINDOWS\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\monln]
2008-07-23 14:33 216576 C:\WINDOWS\system32\monln.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
"MSACM.SPEEXACM"= SPEEXW.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS.exe]
"Debugger"=dummy.dat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iPMS20.exe]
"Debugger"=dummy.dat
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"F:\\Program Files\\Gadu-Gadu\\gg.exe"=
"E:\\Program Files\\Call of Duty\\CoDMP.exe"=
"E:\\Gry\\Km TPR\\KM_TPR.exe"=
"E:\\Program Files\\CS\\hl.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"F:\\Program Files\\BearShare\\BearShare.exe"=
"E:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"E:\\Program Files\\Ubisoft\\Eagle Dynamics\\Lock On\\LockOn.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Program Files\\Soldat\\Soldat.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"E:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"E:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"E:\\Program Files\\Kolekcja Klasyki\\Twierdza\\Stronghold.exe"=
"E:\\Program Files\\BitTorrent\\bittorrent.exe"=
"F:\\Czarek\\CS\\hl.exe"=
"E:\\Gry\\Doom 3\\DOOM3.exe"=
"F:\\OTS\\TurionServer\\TurionWindows.exe"=
"E:\\server2\\ots\\YurOTS.exe"=
"E:\\server\\illusion\\illusion\\devland.exe"=
"E:\\server\\illusion\\illusion\\Work.exe"=
"E:\\server\\illusionion\\illusion\\devland.exe"=
"E:\\server\\illusion3\\illusion\\devland.exe"=
"E:\\server2\\Hollandia\\Hollandia\\Server\\Hollandia.exe"=
"C:\\Program Files\\Codemasters\\GRID Demo\\GRID.exe"=
"E:\\Download\\MiniRacingOnline\\MiniRacingOnline\\MiniRacingOnLine.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"F:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8461:TCP"= 8461:TCP:GoD High Port
"8462:TCP"= 8462:TCP:GoD Low Port
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-23 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-23 24208]
S3 V0010bVd;Creative WebCam Vista #2;C:\WINDOWS\system32\DRIVERS\V0010bVd.sys [2003-04-21 186551]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aad561fa-3e0b-11dd-978b-000ce5e8c9b3}]
\Shell\AutoRun\command - 6l6w8.com
\Shell\explore\Command - 6l6w8.com
\Shell\open\Command - 6l6w8.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd7f35c6-f9c6-11dc-960a-000ce5e8c9b3}]
\Shell\AutoRun\command - H:\e9ehn1m8.com
\Shell\explore\Command - H:\e9ehn1m8.com
\Shell\open\Command - H:\e9ehn1m8.com
.
Zawartość folderu 'Zaplanowane zadania'
.
.
------- Skan uzupełniający -------
.
FireFox -: Profile - C:\Documents and Settings\xp\Dane aplikacji\Mozilla\Firefox\Profiles\2ng5mn9l.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.pl
FF -: plugin - C:\Documents and Settings\xp\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - F:\Program Files\Adobe Reader 6.0 CE\Reader\browser\nppdf32.dll
FF -: plugin - F:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - F:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npnul32.dll
FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
FF -: plugin - F:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 20:40:09
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\xp\USTAWI~1\Temp\ASFWHide"
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
F:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Comodo\Common\CAVASpy\cavasm.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
F:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
F:\Program Files\Comodo\Comodo AntiVirus\cavse.exe
F:\Program Files\Comodo\Comodo AntiVirus\CavAUD.exe
.
**************************************************************************
.
Czas ukończenia: 2008-09-16 20:43:01 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-09-16 18:42:56
ComboFix2.txt 2008-07-23 09:35:55
Przed: 27,314,036,736 bajt˘w wolnych
Po: 27,241,164,800 bajt˘w wolnych
196 --- E O F --- 2008-09-09 13:02:21[/code]
huber2t
(huber2t)
#4
Pobierz ComboFix, ale nie uruchamiaj
Otwórz notatnik i wklej do niego:
Folder::
C:\Program Files\AskSBar
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aad561fa-3e0b-11dd-978b-000ce5e8c9b3}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd7f35c6-f9c6-11dc-960a-000ce5e8c9b3}]
Plik -> zapisz jako -> CFScript.txt.
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu->
Rozpocznie się usuwanie i powstanie log, który dasz na forum.
Logi dajesz na http://wklej.eu lub na http://wklej.org a w poście dajesz tylko link