Przepraszam za wcześniejsze błędne umieszczenie loga z combofixa.
Mój problem polega na tym, że musiałem gdzieś złapać wiruska virtumondo. Wykrył go windows defender, zaraz po odinstalowaniu norton internet security.
Proszę więc o przeanalizowanie loga z combofix i ew. rady.
- Kod: Zaznacz wszystko
ComboFix 08-10-12.01 - Maciek 2008-10-13 21:11:01.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1033.18.2016 [GMT 2:00]
Uruchomiony z: C:\Users\Maciek\Desktop\ComboFix.exe
* Utworzono nowy punkt przywracania
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Maciek\AppData\Local\Temp\qoMeBuvU.dll
C:\Windows\system32\cbXoMGWm.dll
C:\Windows\system32\KBL.LOG
C:\Windows\system32\opnonKEW.dll
C:\Windows\system32\rqrpMDvU.dll
.
((((((((((((((((((((((((( Pliki utworzone od 2008-09-13 do 2008-10-13 )))))))))))))))))))))))))))))))
.
2008-10-13 20:48 . 2008-10-13 20:48 0 --ah----- C:\ntuser.dat.LOG2
2008-10-13 20:48 . 2008-10-13 20:48 0 --ah----- C:\ntuser.dat.LOG1
2008-10-13 20:48 . 2008-10-13 20:48 0 --a------ C:\ntuser.dat
2008-10-13 20:12 . 2008-10-13 20:12 <DIR> d-------- C:\VundoFix Backups
2008-10-13 19:29 . 2008-10-13 20:03 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-10-13 19:29 . 2008-10-13 20:03 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-10-13 19:25 . 2008-10-13 19:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-13 18:28 . 2008-10-13 18:28 <DIR> d-------- C:\Users\All Users\ESET
2008-10-13 18:28 . 2008-10-13 18:28 <DIR> d-------- C:\ProgramData\ESET
2008-10-13 18:28 . 2008-10-13 18:28 <DIR> d-------- C:\Program Files\ESET
2008-10-11 22:37 . 2008-10-11 22:37 <DIR> d-------- C:\Users\Maciek\AppData\Roaming\Samsung
2008-10-11 22:29 . 2007-07-03 16:58 106,792 --a------ C:\Windows\System32\drivers\sscdmdm.sys
2008-10-11 22:29 . 2007-07-03 16:54 80,552 --a------ C:\Windows\System32\drivers\sscdbus.sys
2008-10-11 22:29 . 2007-07-03 16:57 11,944 --a------ C:\Windows\System32\drivers\sscdmdfl.sys
2008-10-11 22:29 . 2007-07-03 17:00 9,256 --a------ C:\Windows\System32\drivers\sscdwhnt.sys
2008-10-11 22:29 . 2007-07-03 17:00 9,256 --a------ C:\Windows\System32\drivers\sscdwh.sys
2008-10-11 22:29 . 2007-07-03 16:56 9,256 --a------ C:\Windows\System32\drivers\sscdcmnt.sys
2008-10-11 22:29 . 2007-07-03 16:56 9,256 --a------ C:\Windows\System32\drivers\sscdcm.sys
2008-10-11 22:28 . 2008-10-11 22:28 59 --a------ C:\Windows\wininit.ini
2008-10-11 22:25 . 2006-07-24 16:05 5,632 --a------ C:\Windows\System32\drivers\StarOpen.sys
2008-10-11 21:53 . 2008-10-11 22:30 <DIR> d-------- C:\Windows\System32\Samsung_USB_Drivers
2008-10-11 21:53 . 2008-10-11 21:53 <DIR> d-------- C:\Program Files\Samsung
2008-10-11 21:53 . 2005-08-28 20:51 766 --a------ C:\Windows\System32\Uninstall.ico
2008-10-04 16:20 . 2007-03-13 20:56 311,296 --------- C:\Windows\System32\fppmon3.dll
2008-10-04 16:20 . 2007-03-15 10:35 126,976 --------- C:\Windows\System32\fppr332.dll
2008-10-02 17:31 . 2008-10-02 17:32 <DIR> d-------- C:\Program Files\PhotoFiltre Studio
2008-10-02 17:31 . 2008-10-02 17:31 45 ---h----- C:\Windows\dsez1621.dat
2008-09-30 21:05 . 2008-09-30 21:05 <DIR> d-------- C:\Program Files\XviD
2008-09-30 21:05 . 2005-12-30 20:10 761,856 --a------ C:\Windows\System32\xvidcore.dll
2008-09-30 21:05 . 2005-12-30 20:18 180,224 --a------ C:\Windows\System32\xvidvfw.dll
2008-09-30 21:05 . 2005-12-30 20:16 77,824 --a------ C:\Windows\System32\xvid.ax
2008-09-30 19:52 . 2008-09-30 19:52 <DIR> d-------- C:\Program Files\Przepustowosc
2008-09-29 18:22 . 2008-09-29 18:23 <DIR> d-------- C:\Users\Maciek\ESET NOD32 AV & Smart Security 3.0.669 CRACKED (Vista Compatible)
2008-09-18 16:05 . 2008-09-18 16:06 <DIR> d----c--- C:\Windows\System32\DRVSTORE
2008-09-18 16:05 . 2006-12-29 09:57 117,760 --a------ C:\Windows\System32\hpz3l4v2.dll
2008-09-18 11:09 . 2008-09-18 11:09 <DIR> d-------- C:\Users\Maciek\Studia
2008-09-15 21:12 . 2008-09-29 21:50 <DIR> d-------- C:\Users\Maciek\Family Guy - season's 1-6 (Plus Family Guy Movies & Extras)
2008-09-15 21:03 . 2008-09-15 21:24 <DIR> d-------- C:\Users\Maciek\The Division Bell
2008-09-15 14:16 . 2008-09-15 14:16 <DIR> d-------- C:\Users\Maciek\AppData\Roaming\PeerNetworking
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-13 16:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-13 16:20 --------- d-----w C:\ProgramData\Symantec
2008-10-13 16:12 --------- d-----w C:\Users\Maciek\AppData\Roaming\Skype
2008-10-13 15:52 --------- d-----w C:\Users\Maciek\AppData\Roaming\skypePM
2008-10-11 20:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-11 20:16 --------- d-----w C:\Users\Maciek\AppData\Roaming\uTorrent
2008-10-10 20:38 --------- d-----w C:\Program Files\Hewlett-Packard
2008-10-03 20:13 --------- d-----w C:\Users\Maciek\AppData\Roaming\Hewlett-Packard
2008-10-01 19:06 --------- d-----w C:\Users\Maciek\AppData\Roaming\Tlen.pl
2008-09-18 14:07 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-09-10 15:02 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-04 14:26 --------- d-----w C:\Users\Maciek\AppData\Roaming\Autodesk
2008-09-04 14:18 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-09-04 14:18 --------- d-----w C:\Program Files\AutoCAD 2007
2008-09-04 14:17 --------- d-----w C:\Program Files\AnswerWorks 4.0
2008-09-04 14:11 --------- d-----w C:\ProgramData\Autodesk
2008-09-04 14:07 --------- d-----w C:\Program Files\Autodesk
2008-09-04 04:43 --------- d-----w C:\Program Files\Java
2008-08-28 03:25 --------- d-----w C:\Program Files\HP
2008-08-28 03:11 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-27 22:01 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-08-27 21:49 --------- d-----w C:\Program Files\XP Codec Pack
2008-08-27 16:20 --------- d-----w C:\Users\Maciek\AppData\Roaming\CyberLink
2008-08-25 17:21 --------- d-----w C:\Program Files\uTorrent
2008-08-25 16:16 --------- d-----w C:\ProgramData\Apple Computer
2008-08-25 16:16 --------- d-----w C:\Program Files\QuickTime Alternative
2008-08-23 19:54 27,430 ----a-w C:\Users\Maciek\AppData\Roaming\nvModes.dat
2008-08-23 19:52 --------- d-----w C:\ProgramData\WildTangent
2008-08-22 06:00 --------- d-----w C:\Users\Maciek\AppData\Roaming\Winamp
2008-08-22 03:48 --------- d-----w C:\Program Files\Google
2008-08-22 02:07 --------- d-----w C:\Program Files\ALLPlayer
2008-08-22 01:55 --------- d-----w C:\Program Files\Winamp
2008-08-21 15:39 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-21 14:47 --------- d-----w C:\Program Files\CCleaner
2008-08-21 14:21 --------- d-----w C:\Users\Maciek\AppData\Roaming\WildTangent
2008-08-21 13:49 --------- d-----w C:\Program Files\Picasa2
2008-08-21 13:08 --------- d-----w C:\Program Files\Tlen.pl
2008-08-21 12:58 56 ---ha-w C:\Users\All Users\ezsidmv.dat
2008-08-21 12:58 56 ---ha-w C:\ProgramData\ezsidmv.dat
2008-08-21 04:39 --------- d-----w C:\ProgramData\Skype
2008-08-21 04:39 --------- d-----w C:\Program Files\Skype
2008-08-21 04:39 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-21 04:33 --------- d-----w C:\Program Files\Odkurzacz
2008-08-21 03:58 --------- d-----w C:\Program Files\Windows Mail
2008-08-21 03:49 --------- d-----w C:\ProgramData\LightScribe
2008-08-21 03:49 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-21 03:39 --------- d-----w C:\ProgramData\CyberLink
2008-08-21 03:17 --------- d-----w C:\Users\Maciek\AppData\Roaming\muvee Technologies
2008-08-21 03:16 --------- d-----w C:\ProgramData\TEMP
2008-08-21 03:13 --------- d-----w C:\ProgramData\AOL
2008-08-21 03:11 --------- d-----w C:\ProgramData\AOL OCP
2008-08-21 02:51 --------- d-----w C:\Users\Maciek\AppData\Roaming\Symantec
2008-08-21 02:51 --------- d-----w C:\ProgramData\NVIDIA
2008-08-21 02:45 --------- d-----w C:\ProgramData\Electronic Arts
2008-08-21 02:45 --------- d-----w C:\Program Files\Electronic Arts
2008-08-21 02:40 --------- d-----w C:\Program Files\HPQ
2008-08-21 02:40 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-08-21 02:39 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF83117MT_E480576-003_4A_I30CF_SQuanta_V85.26_F.30_T080424_WV3-1_L409_M3007_J200_7AMD_8F82_92.00_#080820_N10DE054C;168C001C_(FE654UA#ABA)_XMOBILE_CN10_Z.MRK
2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 01:13 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-28 11:40 1,003,520 ----a-w C:\Windows\System32\VSFilter.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-19 02:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-19 00:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-09 311296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"pdfFactory Pro Dyspozytor v3"="C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2007-03-13 503808]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 11000]
Patch.cmd [2008-07-29 9543]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7DAAA77D-D339-4C00-A7D1-42881E692799}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{11C8DC70-3736-4C5E-AA43-D49EAA46E75F}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6435A5D5-321F-405F-AB32-F4CDD8884A4F}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{CEB005FC-A593-403D-9E0F-B5D6D6CB7B01}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D1D6E669-9DD7-4B12-8B84-4A3DF994AD90}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{7EB085B8-344E-41CB-9D92-AB651F064199}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F5FD2F6C-4959-4877-8963-91D77D16EACE}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{AF92B6E9-02ED-485F-8196-528D4296F852}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B45744D4-86A4-4417-A215-719ED5DE9E9A}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{11CF649A-B94A-4777-BBC2-B29FB89F961F}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{71E69720-498E-4AC0-B143-D5C5E53EA1E4}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{43CE5F99-CC3C-40C3-AADE-DE3D9FA42B35}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{58ED7A9C-52EA-491B-B1CF-B1BE98903387}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{71D96FCD-9939-4F61-A69D-FE90B105FF69}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{78317758-40B3-489F-8450-58DEB2B6D789}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{341D3F32-ECAA-4188-BC52-D011BCB91046}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{04EF8662-749B-46E6-AA20-3136FFCE4A1F}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D007A97C-C8E2-410D-B8B8-7F063C77E2E3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-20 271760]
R2 QPSched;QuickPlay Task Scheduler (QTS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-20 112016]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-06 165416]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Zawartość folderu 'Zaplanowane zadania'
2008-09-19 C:\Windows\Tasks\HPCeeScheduleForMaciek.job
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-09-28 20:58]
2008-10-13 C:\Windows\Tasks\User_Feed_Synchronization-{58544862-CD85-4E12-B653-A5929A121841}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-21 04:24]
.
- - - - USUNIĘTO PUSTE WPISY - - - -
HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe
.
------- Skan uzupełniający -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.onet.pl/
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_pl&c=81&bd=Pavilion&pf=laptop
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-13 21:15:10
Windows 6.0.6001 Service Pack 1 NTFS
skanowanie ukrytych procesów ...
skanowanie ukrytych wpisów autostartu ...
skanowanie ukrytych plików ...
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Czas ukończenia: 2008-10-13 21:18:24 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt 2008-10-13 19:18:06
Przed: 81 476 780 032 bytes free
Po: 81,429,749,760 bytes free
255 --- E O F --- 2008-10-11 14:38:32
Pozdrawiam Maciek
Aha przepraszam, że tak na raty, ale mam logi z VundoFix i VGB
- Kod: Zaznacz wszystko
Symantec Trojan.Vundo Removal Tool 1.5.0
Cannot scan Winlogon plugins!
C:\Documents and Settings: (not scanned)
C:\ProgramData\Application Data: (not scanned)
C:\ProgramData\Desktop: (not scanned)
C:\ProgramData\Documents: (not scanned)
C:\ProgramData\Favorites: (not scanned)
C:\ProgramData\Start Menu: (not scanned)
C:\ProgramData\Templates: (not scanned)
C:\System Volume Information: (not scanned)
C:\Users\All Users\Application Data: (not scanned)
C:\Users\All Users\Desktop: (not scanned)
C:\Users\All Users\Documents: (not scanned)
C:\Users\All Users\Favorites: (not scanned)
C:\Users\All Users\Start Menu: (not scanned)
C:\Users\All Users\Templates: (not scanned)
C:\Users\Default\AppData\Local\Application Data: (not scanned)
C:\Users\Default\AppData\Local\History: (not scanned)
C:\Users\Default\AppData\Local\Temporary Internet Files: (not scanned)
C:\Users\Default\Application Data: (not scanned)
C:\Users\Default\Cookies: (not scanned)
C:\Users\Default\Documents\My Music: (not scanned)
C:\Users\Default\Documents\My Pictures: (not scanned)
C:\Users\Default\Documents\My Videos: (not scanned)
C:\Users\Default\Local Settings: (not scanned)
C:\Users\Default\My Documents: (not scanned)
C:\Users\Default\NetHood: (not scanned)
C:\Users\Default\PrintHood: (not scanned)
C:\Users\Default\Recent: (not scanned)
C:\Users\Default\SendTo: (not scanned)
C:\Users\Default\Start Menu: (not scanned)
C:\Users\Default\Templates: (not scanned)
C:\Users\Default User: (not scanned)
C:\Users\Maciek\AppData\Local\Application Data: (not scanned)
C:\Users\Maciek\AppData\Local\History: (not scanned)
C:\Users\Maciek\AppData\Local\Temporary Internet Files: (not scanned)
C:\Users\Maciek\Application Data: (not scanned)
C:\Users\Maciek\Cookies: (not scanned)
C:\Users\Maciek\Documents\My Music: (not scanned)
C:\Users\Maciek\Documents\My Pictures: (not scanned)
C:\Users\Maciek\Documents\My Videos: (not scanned)
C:\Users\Maciek\Local Settings: (not scanned)
C:\Users\Maciek\My Documents: (not scanned)
C:\Users\Maciek\NetHood: (not scanned)
C:\Users\Maciek\PrintHood: (not scanned)
C:\Users\Maciek\Recent: (not scanned)
C:\Users\Maciek\SendTo: (not scanned)
C:\Users\Maciek\Start Menu: (not scanned)
C:\Users\Maciek\Templates: (not scanned)
C:\Users\Public\Documents\My Music: (not scanned)
C:\Users\Public\Documents\My Pictures: (not scanned)
C:\Users\Public\Documents\My Videos: (not scanned)
C:\Windows\System32\config\systemprofile\AppData\Local\Application Data: (not scanned)
C:\Windows\System32\config\systemprofile\AppData\Local\History: (not scanned)
C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files: (not scanned)
C:\Windows\System32\config\systemprofile\Application Data: (not scanned)
C:\Windows\System32\config\systemprofile\Cookies: (not scanned)
C:\Windows\System32\config\systemprofile\Documents\My Music: (not scanned)
C:\Windows\System32\config\systemprofile\Documents\My Pictures: (not scanned)
C:\Windows\System32\config\systemprofile\Documents\My Videos: (not scanned)
C:\Windows\System32\config\systemprofile\Local Settings: (not scanned)
C:\Windows\System32\config\systemprofile\My Documents: (not scanned)
C:\Windows\System32\config\systemprofile\NetHood: (not scanned)
C:\Windows\System32\config\systemprofile\PrintHood: (not scanned)
C:\Windows\System32\config\systemprofile\Recent: (not scanned)
C:\Windows\System32\config\systemprofile\SendTo: (not scanned)
C:\Windows\System32\config\systemprofile\Start Menu: (not scanned)
C:\Windows\System32\config\systemprofile\Templates: (not scanned)
C:\Windows\System32\LogFiles\WMI\RtBackup: (not scanned)
D:\System Volume Information: (not scanned)
Trojan.Vundo has not been found on your computer.
- Kod: Zaznacz wszystko
[10/13/2008, 20:57:16] - VirtumundoBeGone v1.5 ( "C:\Users\Maciek\Desktop\VirtumundoBeGone.exe" )
[10/13/2008, 20:57:25] - Detected System Information:
[10/13/2008, 20:57:25] - Windows Version: 6.0.6001, Service Pack 1
[10/13/2008, 20:57:25] - Current Username: Maciek (Admin)
[10/13/2008, 20:57:25] - Windows is in SAFE mode with Networking.
[10/13/2008, 20:57:25] - Searching for Browser Helper Objects:
[10/13/2008, 20:57:25] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[10/13/2008, 20:57:25] - BHO 2: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[10/13/2008, 20:57:25] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/13/2008, 20:57:25] - BHO 4: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
[10/13/2008, 20:57:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/13/2008, 20:57:25] - No filename found. Continuing.
[10/13/2008, 20:57:25] - BHO 5: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/13/2008, 20:57:25] - BHO 6: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} (HP Smart BHO Class)
[10/13/2008, 20:57:25] - Finished Searching Browser Helper Objects
[10/13/2008, 20:57:25] - Finishing up...
[10/13/2008, 20:57:25] - Nothing found! Exiting...
nic więcej nie rób 
