Tak na początek to jestem nowy i się jeszcze w tym wszystkim nie orjentuję, ale złapałem wirusa i zminiła mi sie tapetka na Spyware detected on Your computer. Niby chyba wszystko pousuwałem różnymi programami, ale nie wiem czykomputer jest już czysty więc prosze o sprawdzenie loga.
ComboFix 08-09-14.02 - Sako Met 2008-09-15 10:24:22.3 - FAT32 x86
Uruchomiony z: C:\Documents and Settings\Sako Met\Pulpit\ComboFix.exe
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA
.
((((((((((((((((((((((((( Pliki utworzone od 2008-08-15 do 2008-09-15 )))))))))))))))))))))))))))))))
.
2008-09-15 09:49 . 2008-09-15 09:49
2008-09-15 09:49 . 2008-09-15 09:49
2008-09-15 09:37 . 2008-09-15 09:37
2008-09-15 09:12 . 2008-09-15 09:12
2008-09-15 09:12 . 2008-09-15 09:12
2008-09-15 08:58 . 2008-09-15 08:58
2008-09-04 12:57 . 2008-09-04 12:57
2008-08-21 08:48 . 2007-09-28 18:35 196,608 --a------ C:\WINDOWS\RunInf.exe
2008-08-21 08:48 . 2007-09-28 18:35 102,400 --a------ C:\WINDOWS\system32\R3DTWIA.dll
2008-08-20 10:35 . 2008-08-20 10:35
2008-08-20 07:03 . 2008-08-20 07:03
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Komunikator”=“C:\Program Files\Tlen.pl\tlen.exe” [2008-01-15 6290944]
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ATICCC”=“C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” [2005-08-06 61440]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe” [2005-11-10 36975]
“OrderReminder”=“C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe” [2006-01-30 98304]
“AvMenu”=“C:\Program Files\ArcaBit\ArcaVir\AVMenu.exe” [2008-08-14 514568]
“ABRegmon”=“C:\Program Files\ArcaBit\ArcaVir\ABregmon.exe” [2007-10-23 348160]
“ArcaCheck”=“C:\Program Files\ArcaBit\ArcaVir\ArcaCheck.exe” [2008-06-19 637448]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
ATI CATALYST - pasek zadaä.lnk - C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe [2005-08-06 61440]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “C:\Program Files\SUPERAntiSpyware\SASSEH.DLL” [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!saswinlogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kaf66.sys]
@=“Driver”
[HKLM~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Rupsmon Daemon.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Rupsmon Daemon.lnk
backup=C:\WINDOWS\pss\Rupsmon Daemon.lnkCommon Startup
[HKLM~\startupfolder\C:^Documents and Settings^Sako Met^Menu Start^Programy^Autostart^OpenOffice.org 2.0.3.lnk]
path=C:\Documents and Settings\Sako Met\Menu Start\Programy\Autostart\OpenOffice.org 2.0.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.3.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
–a------ 2005-04-12 10:11 229376 C:\Program Files\lg_fwupdate\fwupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\NetView\NNV.exe”=
“C:\Program Files\Tlen.pl\tlen.exe”=
R1 ABTDI;ABTDI;C:\Program Files\ArcaBit\ArcaVir\ABTDI.sys [2008-02-29 51208]
R2 ABFileMon;ArcaBit FileMonitor;C:\Program Files\ArcaBit\ArcaVir\FileMonSV.exe [2008-05-21 154120]
R2 ArcaBit.TaskScheduler;ArcaBit.TaskScheduler;C:\Program Files\ArcaBit\Common\TaskScheduler.exe [2007-10-25 151552]
R2 AVUpdate;ArcaBit Update Service;C:\PROGRA~1\ARCABIT\ARCAUP~1\update.exe [2008-04-01 117256]
R2 MSSQL$INSERTGT;SQL Server (INSERTGT);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R3 ABFLT;ArcaBit File Monitor Driver;C:\PROGRA~1\ARCABIT\ARCAVIR\ABFLT.sys [2008-01-22 37896]
R3 ArcaBit.Core.Configurator;ArcaBit.Core.Configurator;C:\Program Files\ArcaBit\Common\ArcaBit.Core.Configurator2.exe [2008-02-01 200704]
R3 ArcaBit.Core.LoggingService;ArcaBit.Core.LoggingService;C:\Program Files\ArcaBit\Common\ArcaBit.Core.LoggingService.exe [2008-02-01 237568]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{599195e0-3d0f-11dd-a5bc-0015f2d986c0}]
\Shell\AutoRun\command - wscript.exe ..vbs
\Shell\open\command - wscript.exe ..vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5b83619e-e9db-11dc-a53e-0015f2d986c0}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{af64848c-5196-11dd-a5e3-0015f2d986c0}]
\Shell\AutoRun\command - G:\x.com
\Shell\explore\Command - G:\x.com
\Shell\open\Command - G:\x.com
.
-
-
-
- USUNIĘTO PUSTE WPISY - - - -
-
-
HKCU-Run-Winsvr - C:\WINDOWS\system32\winhst32.exe5632.exe
HKCU-Run-Gadu-Gadu - C:\Program Files\Gadu-Gadu\gg.exe
HKLM-Run-AntiVirus Update Scheduler V2.14C - C:\WINDOWS\system32\winsock32.exe
Notify-qwbcamzb - qwbcamzb.dll
MSConfigStartUp-Gadu-Gadu - C:\Program Files\Gadu-Gadu\gg.exe
.
------- Skan uzupełniający -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.wp.pl/
O8 -: Eksport do programu Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface{ACB37EAE-38A2-48A2-93E8-ECBEA51A5E87}: NameServer = 194.204.159.1,194.204.152.34
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 10:25:48
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2008-09-15 10:26:15
ComboFix-quarantined-files.txt 2008-09-15 08:26:14
Przed: 16,975,708,160 bajt˘w wolnych
Po: 16,978,575,360 bajt˘w wolnych
126 — E O F — 2008-09-15 07:38:09