Win32:onlinegames-csl

[Slawekbe5]

Witam

Mam problem w WinXP po skanowaniu Avastem pojawia mi się wirus Win32:OnLineGames-CSL. Usuwałem go Avastem ale problem powraca. Poniżej zamieszczam logi proszę o pomoc. Podejrzewam, iż to paskudztwo zostało przyniesione przez pendrive. Wirus ten pojawił się w pliku h.exe na dysku C. Usunąłem go Avastem ale nie wiem czy jak ponownie uruchomie komputer to problem nie powróci ponieważ tak się już zdarzało.


ComboFix:

Kod: Zaznacz wszystko

ComboFix 08-08-12.01 - Sławek 2008-08-14 11:41:17.4 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.1830 [GMT 2:00]
Running from: D:\Programy\Z internetu\Aplikacje darmowe\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-07-14 to 2008-08-14  )))))))))))))))))))))))))))))))
.

2008-08-14 11:24 . 2008-08-14 11:24   <DIR>   d--------   C:\Program Files\Trend Micro
2008-08-13 09:12 . 2008-05-01 16:37   331,776   -----c---   C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 09:09 . 2008-04-11 21:06   691,712   -----c---   C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 09:06 . 2008-08-13 09:06   <DIR>   d--------   C:\WINDOWS\Sun
2008-07-27 15:50 . 2008-07-27 15:50   <DIR>   d--h-----   C:\WINDOWS\PIF
2008-07-27 08:50 . 2008-07-27 09:02   69   --a------   C:\WINDOWS\NeroDigital.ini
2008-07-27 08:45 . 2008-07-27 08:45   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\Windows Search
2008-07-27 08:22 . 2008-07-27 08:22   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\Windows Desktop Search
2008-07-27 08:21 . 2008-07-27 08:21   <DIR>   d--------   C:\WINDOWS\system32\GroupPolicy
2008-07-27 08:21 . 2008-07-27 08:21   <DIR>   d--------   C:\Program Files\Windows Desktop Search
2008-07-27 08:21 . 2008-07-27 08:21   <DIR>   d--------   C:\Program Files\Microsoft Silverlight
2008-07-27 08:21 . 2008-03-07 19:02   192,000   -----c---   C:\WINDOWS\system32\dllcache\offfilt.dll
2008-07-27 08:21 . 2008-03-07 19:02   98,304   -----c---   C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-07-27 08:21 . 2008-03-07 19:02   29,696   -----c---   C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-07-26 11:10 . 2008-07-26 11:11   <DIR>   d--------   C:\Program Files\Internet Translator 2
2008-07-26 10:44 . 2008-07-27 11:52   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\ZoomBrowser
2008-07-26 10:40 . 2008-07-26 10:42   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\GetRightToGo
2008-07-26 10:32 . 2008-07-26 10:32   <DIR>   d--------   C:\Program Files\PC Connectivity Solution
2008-07-26 10:32 . 2008-07-26 10:32   <DIR>   d--------   C:\Program Files\Common Files\PCSuite
2008-07-26 10:32 . 2008-07-26 10:32   <DIR>   d--------   C:\Program Files\Common Files\Nokia
2008-07-26 10:32 . 2007-09-17 15:53   21,632   --a------   C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-07-25 10:42 . 2008-07-25 10:42   <DIR>   d--------   C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$
2008-07-25 10:35 . 2008-07-25 10:35   <DIR>   d--------   C:\WINDOWS\SQLTools9_KB948109_ENU
2008-07-25 10:32 . 2008-07-25 10:32   <DIR>   d--------   C:\WINDOWS\SQL9_KB948109_ENU
2008-07-25 10:19 . 2008-07-25 10:19   <DIR>   d--------   C:\WINDOWS\system32\pl
2008-07-25 10:19 . 2008-07-25 10:19   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-07-25 10:19 . 2008-07-25 10:19   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-07-25 10:05 . 2008-06-14 19:36   273,024   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-25 09:57 . 2008-05-08 16:02   203,136   -----c---   C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-25 09:42 . 2008-04-14 19:20   651,264   ---------   C:\WINDOWS\system32\dot3ui.dll
2008-07-25 09:00 . 2008-05-30 14:11   3,850,760   --a------   C:\WINDOWS\system32\D3DX9_38.dll
2008-07-25 08:53 . 2008-07-25 08:53   <DIR>   d--------   C:\WINDOWS\Logs

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 09:38   ---------   d-----w   C:\Program Files\Mozilla Thunderbird
2008-08-14 06:27   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\WTablet
2008-08-13 09:43   ---------   d-----w   C:\Program Files\Java
2008-08-13 07:44   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-08-12 20:08   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\Thunderbird
2008-07-27 14:37   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\ZoomBrowser EX
2008-07-26 09:03   ---------   d-----w   C:\Program Files\FlashGet
2008-07-26 08:54   ---------   d-----w   C:\Program Files\TuneUp Utilities 2006
2008-07-26 08:44   ---------   d-----w   C:\Program Files\Canon
2008-07-26 08:33   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-07-26 08:32   ---------   d-----w   C:\Program Files\Nokia
2008-07-26 08:31   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-07-26 06:39   ---------   d-----w   C:\Program Files\Eusing Free Registry Cleaner
2008-07-26 06:31   ---------   d-----w   C:\Program Files\Common Files\LightScribe
2008-07-25 08:35   ---------   d-----w   C:\Program Files\Microsoft SQL Server
2008-07-07 20:29   253,952   ----a-w   C:\WINDOWS\system32\es.dll
2008-06-24 16:46   74,240   ----a-w   C:\WINDOWS\system32\mscms.dll
2008-06-23 16:42   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-06-20 17:48   246,784   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51   361,600   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40   138,496   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08   225,856   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:36   273,024   ------w   C:\WINDOWS\system32\drivers\bthport.sys
2008-05-30 12:19   507,400   ----a-w   C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18   238,088   ----a-w   C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17   65,032   ----a-w   C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17   25,608   ----a-w   C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11   467,984   ----a-w   C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11   1,491,992   ----a-w   C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-26 20:21   1,582,592   ------w   C:\WINDOWS\system32\tquery.dll
2008-05-26 20:21   1,418,240   ------w   C:\WINDOWS\system32\mssrch.dll
2008-05-26 20:19   97,792   ------w   C:\WINDOWS\system32\UncCplExt.dll
2008-05-26 20:19   273,408   ------w   C:\WINDOWS\system32\oeph.dll
2008-05-26 20:19   2,048   ------w   C:\WINDOWS\system32\UncRes.dll
2008-05-26 20:19   143,872   ------w   C:\WINDOWS\system32\UncDMS.dll
2008-05-26 20:19   131,072   ------w   C:\WINDOWS\system32\UncPH.dll
2008-05-26 20:19   11,264   ------w   C:\WINDOWS\system32\oephRes.dll
2008-05-26 20:19   108,032   ------w   C:\WINDOWS\system32\UncNE.dll
2008-05-26 20:18   71,680   ------w   C:\WINDOWS\system32\propdefs.dll
2008-05-26 20:18   56,320   ------w   C:\WINDOWS\system32\xmlfilter.dll
2008-05-26 20:18   44,032   ------w   C:\WINDOWS\system32\msstrc.dll
2008-05-26 20:18   439,808   ------w   C:\WINDOWS\system32\searchindexer.exe
2008-05-26 20:18   38,400   ------w   C:\WINDOWS\system32\rtffilt.dll
2008-05-26 20:18   350,208   ------w   C:\WINDOWS\system32\mssph.dll
2008-05-26 20:18   231,936   ------w   C:\WINDOWS\system32\msshsq.dll
2008-05-26 20:18   203,776   ------w   C:\WINDOWS\system32\mssphtb.dll
2008-05-26 20:18   184,832   ------w   C:\WINDOWS\system32\searchprotocolhost.exe
2008-05-26 20:17   87,552   ------w   C:\WINDOWS\system32\searchfilterhost.exe
2008-05-26 20:17   87,552   ------w   C:\WINDOWS\system32\mssitlb.dll
2008-05-26 20:17   754,176   ------w   C:\WINDOWS\system32\propsys.dll
2008-05-26 20:17   60,416   ------w   C:\WINDOWS\system32\msscntrs.dll
2008-05-26 20:17   34,816   ------w   C:\WINDOWS\system32\msscb.dll
2008-05-26 20:17   32,768   ------w   C:\WINDOWS\system32\mssprxy.dll
2008-05-26 20:17   301,568   ------w   C:\WINDOWS\system32\srchadmin.dll
2008-05-26 20:17   11,776   ------w   C:\WINDOWS\system32\msshooks.dll
2008-05-26 19:59   18,904   ------w   C:\WINDOWS\system32\structuredqueryschematrivial.bin
2008-05-26 19:59   106,605   ------w   C:\WINDOWS\system32\structuredqueryschema.bin
2004-10-01 14:00   40,960   ----a-w   C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:21 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 06:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 06:22 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-01-02 20:08 779776]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 21:41 2037352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 18:44 16120832 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2006-10-22 06:22 1622016 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 19:21 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
"HPHmon04"=C:\WINDOWS\system32\hphmon04.exe
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=

R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-02-07 14:43]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 17:23]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 12:16]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2008-04-14 19:21]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a125efa-690c-11dd-92ad-0016e656dc44}]
\Shell\AutoRun\command - O:\tyktjfww.exe
\Shell\explore\Command - O:\tyktjfww.exe
\Shell\open\Command - O:\tyktjfww.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a605ef07-b898-11dc-8c87-806d6172696f}]
\Shell\AutoRun\command - E:\ylr.exe
\Shell\explore\Command - E:\ylr.exe
\Shell\open\Command - E:\ylr.exe

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-02-01 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 17:09]

2008-08-14 C:\WINDOWS\Tasks\HP Usg Login.job
- C:\Program Files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 21:50]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Sławek\Dane aplikacji\Mozilla\Firefox\Profiles\[u]0[/u]l35zfbw.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 11:42:25
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-14 11:43:02
ComboFix-quarantined-files.txt  2008-08-14 09:43:00

Pre-Run: 52,645,023,744 bajtów wolnych
Post-Run: 52,632,412,160 bajtów wolnych

200   --- E O F ---   2008-08-13 07:45:05


Hijack

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:15, on 2008-08-14
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Ad Muncher\AdMunch.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files\Ad Muncher\AdMunch.exe" /bt
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=5M76D24R&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=5M76D24R&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=5M76D24R&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=5M76D24R&id=menu_ie_exclude
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=5M76D24R&id=menu_ie_report
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Harmonogram automatycznej usługi LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 9738 bytes


[djarta]

1)

Wylecz pendriva lub kartę pamięci
Perlovga Removal Tool
Flash Disinfector
lub format

2)

Wklej do Notatnika:

Kod: Zaznacz wszystko

File::
O:\tyktjfww.exe
C:\tyktjfww.exe
E:\tyktjfww.exe
E:\ylr.exe
C:\ylr.exe
O:\ylr.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a125efa-690c-11dd-92ad-0016e656dc44}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a605ef07-b898-11dc-8c87-806d6172696f}]


>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:\Qoobox.

3)

Użyj--->SDFix.(niżej na stronie linku).
Uruchom go w trybie awaryjnym
Pokaż Report.txt znajdujący się w folderze SDFix.

[Slawekbe5]

Log Combofix po przeprowadzonym usuwaniu. Kompa jeszcze nie restartowałem.

Kod: Zaznacz wszystko

ComboFix 08-08-12.01 - Sławek 2008-08-14 12:24:49.5 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.1923 [GMT 2:00]
Running from: D:\Programy\Z internetu\Aplikacje darmowe\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sławek\Pulpit\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\tyktjfww.exe
C:\ylr.exe
E:\tyktjfww.exe
E:\ylr.exe
O:\tyktjfww.exe
O:\ylr.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ckvo.exe

.
(((((((((((((((((((((((((   Files Created from 2008-07-14 to 2008-08-14  )))))))))))))))))))))))))))))))
.

2008-08-14 12:13 . 2008-08-14 12:13   16,244   --a------   C:\WINDOWS\system32\rrt_is.wav
2008-08-14 12:13 . 2008-08-14 12:13   7,302   --a------   C:\WINDOWS\system32\rrt_vf.wav
2008-08-14 12:13 . 2008-08-14 12:13   7,148   --a------   C:\WINDOWS\system32\rrt_tv.wav
2008-08-14 12:13 . 2008-08-14 12:13   6,282   --a------   C:\WINDOWS\system32\rrt_tn.wav
2008-08-14 12:07 . 2008-08-14 12:10   <DIR>   d--------   C:\Program Files\EsetOnlineScanner
2008-08-14 11:24 . 2008-08-14 11:24   <DIR>   d--------   C:\Program Files\Trend Micro
2008-08-13 09:12 . 2008-05-01 16:37   331,776   -----c---   C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 09:09 . 2008-04-11 21:06   691,712   -----c---   C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 09:06 . 2008-08-13 09:06   <DIR>   d--------   C:\WINDOWS\Sun
2008-07-27 15:50 . 2008-07-27 15:50   <DIR>   d--h-----   C:\WINDOWS\PIF
2008-07-27 08:50 . 2008-07-27 09:02   69   --a------   C:\WINDOWS\NeroDigital.ini
2008-07-27 08:45 . 2008-07-27 08:45   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\Windows Search
2008-07-27 08:22 . 2008-07-27 08:22   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\Windows Desktop Search
2008-07-27 08:21 . 2008-07-27 08:21   <DIR>   d--------   C:\WINDOWS\system32\GroupPolicy
2008-07-27 08:21 . 2008-07-27 08:21   <DIR>   d--------   C:\Program Files\Windows Desktop Search
2008-07-27 08:21 . 2008-07-27 08:21   <DIR>   d--------   C:\Program Files\Microsoft Silverlight
2008-07-27 08:21 . 2008-03-07 19:02   192,000   -----c---   C:\WINDOWS\system32\dllcache\offfilt.dll
2008-07-27 08:21 . 2008-03-07 19:02   98,304   -----c---   C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-07-27 08:21 . 2008-03-07 19:02   29,696   -----c---   C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-07-26 11:10 . 2008-07-26 11:11   <DIR>   d--------   C:\Program Files\Internet Translator 2
2008-07-26 10:44 . 2008-07-27 11:52   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\ZoomBrowser
2008-07-26 10:40 . 2008-07-26 10:42   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\GetRightToGo
2008-07-26 10:32 . 2008-07-26 10:32   <DIR>   d--------   C:\Program Files\PC Connectivity Solution
2008-07-26 10:32 . 2008-07-26 10:32   <DIR>   d--------   C:\Program Files\Common Files\PCSuite
2008-07-26 10:32 . 2008-07-26 10:32   <DIR>   d--------   C:\Program Files\Common Files\Nokia
2008-07-26 10:32 . 2007-09-17 15:53   21,632   --a------   C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-07-25 10:42 . 2008-07-25 10:42   <DIR>   d--------   C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$
2008-07-25 10:35 . 2008-07-25 10:35   <DIR>   d--------   C:\WINDOWS\SQLTools9_KB948109_ENU
2008-07-25 10:32 . 2008-07-25 10:32   <DIR>   d--------   C:\WINDOWS\SQL9_KB948109_ENU
2008-07-25 10:19 . 2008-07-25 10:19   <DIR>   d--------   C:\WINDOWS\system32\pl
2008-07-25 10:19 . 2008-07-25 10:19   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-07-25 10:19 . 2008-07-25 10:19   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-07-25 10:05 . 2008-06-14 19:36   273,024   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-25 09:57 . 2008-05-08 16:02   203,136   -----c---   C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-25 09:42 . 2008-04-14 19:20   651,264   ---------   C:\WINDOWS\system32\dot3ui.dll
2008-07-25 09:00 . 2008-05-30 14:11   3,850,760   --a------   C:\WINDOWS\system32\D3DX9_38.dll
2008-07-25 08:53 . 2008-07-25 08:53   <DIR>   d--------   C:\WINDOWS\Logs

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 09:58   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\WTablet
2008-08-14 09:38   ---------   d-----w   C:\Program Files\Mozilla Thunderbird
2008-08-13 09:43   ---------   d-----w   C:\Program Files\Java
2008-08-13 07:44   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-08-12 20:08   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\Thunderbird
2008-07-27 14:37   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\ZoomBrowser EX
2008-07-26 09:03   ---------   d-----w   C:\Program Files\FlashGet
2008-07-26 08:54   ---------   d-----w   C:\Program Files\TuneUp Utilities 2006
2008-07-26 08:44   ---------   d-----w   C:\Program Files\Canon
2008-07-26 08:33   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-07-26 08:32   ---------   d-----w   C:\Program Files\Nokia
2008-07-26 08:31   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-07-26 06:39   ---------   d-----w   C:\Program Files\Eusing Free Registry Cleaner
2008-07-26 06:31   ---------   d-----w   C:\Program Files\Common Files\LightScribe
2008-07-25 08:35   ---------   d-----w   C:\Program Files\Microsoft SQL Server
2008-07-07 20:29   253,952   ----a-w   C:\WINDOWS\system32\es.dll
2008-06-24 16:46   74,240   ----a-w   C:\WINDOWS\system32\mscms.dll
2008-06-23 16:42   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-06-20 17:48   246,784   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51   361,600   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40   138,496   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08   225,856   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:36   273,024   ------w   C:\WINDOWS\system32\drivers\bthport.sys
2008-05-30 12:19   507,400   ----a-w   C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18   238,088   ----a-w   C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17   65,032   ----a-w   C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17   25,608   ----a-w   C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11   467,984   ----a-w   C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11   1,491,992   ----a-w   C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-26 20:21   1,582,592   ------w   C:\WINDOWS\system32\tquery.dll
2008-05-26 20:21   1,418,240   ------w   C:\WINDOWS\system32\mssrch.dll
2008-05-26 20:19   97,792   ------w   C:\WINDOWS\system32\UncCplExt.dll
2008-05-26 20:19   273,408   ------w   C:\WINDOWS\system32\oeph.dll
2008-05-26 20:19   2,048   ------w   C:\WINDOWS\system32\UncRes.dll
2008-05-26 20:19   143,872   ------w   C:\WINDOWS\system32\UncDMS.dll
2008-05-26 20:19   131,072   ------w   C:\WINDOWS\system32\UncPH.dll
2008-05-26 20:19   11,264   ------w   C:\WINDOWS\system32\oephRes.dll
2008-05-26 20:19   108,032   ------w   C:\WINDOWS\system32\UncNE.dll
2008-05-26 20:18   71,680   ------w   C:\WINDOWS\system32\propdefs.dll
2008-05-26 20:18   56,320   ------w   C:\WINDOWS\system32\xmlfilter.dll
2008-05-26 20:18   44,032   ------w   C:\WINDOWS\system32\msstrc.dll
2008-05-26 20:18   439,808   ------w   C:\WINDOWS\system32\searchindexer.exe
2008-05-26 20:18   38,400   ------w   C:\WINDOWS\system32\rtffilt.dll
2008-05-26 20:18   350,208   ------w   C:\WINDOWS\system32\mssph.dll
2008-05-26 20:18   231,936   ------w   C:\WINDOWS\system32\msshsq.dll
2008-05-26 20:18   203,776   ------w   C:\WINDOWS\system32\mssphtb.dll
2008-05-26 20:18   184,832   ------w   C:\WINDOWS\system32\searchprotocolhost.exe
2008-05-26 20:17   87,552   ------w   C:\WINDOWS\system32\searchfilterhost.exe
2008-05-26 20:17   87,552   ------w   C:\WINDOWS\system32\mssitlb.dll
2008-05-26 20:17   754,176   ------w   C:\WINDOWS\system32\propsys.dll
2008-05-26 20:17   60,416   ------w   C:\WINDOWS\system32\msscntrs.dll
2008-05-26 20:17   34,816   ------w   C:\WINDOWS\system32\msscb.dll
2008-05-26 20:17   32,768   ------w   C:\WINDOWS\system32\mssprxy.dll
2008-05-26 20:17   301,568   ------w   C:\WINDOWS\system32\srchadmin.dll
2008-05-26 20:17   11,776   ------w   C:\WINDOWS\system32\msshooks.dll
2008-05-26 19:59   18,904   ------w   C:\WINDOWS\system32\structuredqueryschematrivial.bin
2008-05-26 19:59   106,605   ------w   C:\WINDOWS\system32\structuredqueryschema.bin
2004-10-01 14:00   40,960   ----a-w   C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((   snapshot@2008-08-14_11.42.44.06   )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-27 12:49:02   196,683   ----a-w   C:\WINDOWS\system32\lnod32apiA.dll
+ 2007-07-27 12:49:02   225,355   ----a-w   C:\WINDOWS\system32\lnod32apiW.dll
+ 2005-12-05 17:25:22   139,264   ----a-w   C:\WINDOWS\system32\lnod32umc.dll
+ 2005-12-05 10:37:10   106,496   ----a-w   C:\WINDOWS\system32\lnod32upd.dll
+ 2008-02-11 07:39:26   253,952   ----a-w   C:\WINDOWS\system32\OnlineScannerDLLA.dll
+ 2008-02-11 07:39:18   237,568   ----a-w   C:\WINDOWS\system32\OnlineScannerDLLW.dll
+ 2008-02-08 11:53:46   110,592   ----a-w   C:\WINDOWS\system32\OnlineScannerLang.dll
+ 2008-02-05 06:48:04   77,824   ----a-w   C:\WINDOWS\system32\OnlineScannerUninstaller.exe
- 2008-08-14 06:31:45   95,518   ----a-w   C:\WINDOWS\system32\perfc009.dat
+ 2008-08-14 10:03:00   95,518   ----a-w   C:\WINDOWS\system32\perfc009.dat
- 2008-08-14 06:31:45   121,388   ----a-w   C:\WINDOWS\system32\perfc015.dat
+ 2008-08-14 10:03:00   121,388   ----a-w   C:\WINDOWS\system32\perfc015.dat
- 2008-08-14 06:31:45   501,034   ----a-w   C:\WINDOWS\system32\perfh009.dat
+ 2008-08-14 10:03:00   501,034   ----a-w   C:\WINDOWS\system32\perfh009.dat
- 2008-08-14 06:31:45   581,414   ----a-w   C:\WINDOWS\system32\perfh015.dat
+ 2008-08-14 10:03:00   581,414   ----a-w   C:\WINDOWS\system32\perfh015.dat
+ 2008-08-14 09:58:46   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_430.dat
+ 2008-08-14 09:58:48   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_52c.dat
+ 2008-08-14 09:58:39   16,384   ----atw   C:\WINDOWS\Temp\Perflib_Perfdata_618.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:21 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 06:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 06:22 86016]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-01-02 20:08 779776]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 21:41 2037352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"RRT-Auto"="D:\Programy\Z internetu\Aplikacje darmowe\RRT\RRT.exe" [2008-07-20 04:54 140288]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 18:44 16120832 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2006-10-22 06:22 1622016 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 19:21 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
"HPHmon04"=C:\WINDOWS\system32\hphmon04.exe
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=

R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-02-07 14:43]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 17:23]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 12:16]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2008-04-14 19:21]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-02-01 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 17:09]

2008-08-14 C:\WINDOWS\Tasks\HP Usg Daily.job
- C:\Program Files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 21:50]

2008-08-14 C:\WINDOWS\Tasks\HP Usg Login.job
- C:\Program Files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 21:50]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-14 12:26:10
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-14 12:26:43
ComboFix-quarantined-files.txt  2008-08-14 10:26:38
ComboFix2.txt  2008-08-14 09:43:03

Pre-Run: 52,579,459,072 bajtów wolnych
Post-Run: 52,568,940,544 bajtów wolnych

232   --- E O F ---   2008-08-13 07:45:05


[djarta]

Jeszcze wykonaj tylko wskazówkę z SDFixem.

=====================
K .

[Slawekbe5]

Wykonałem wszystkie polecenia. Log z SDFixem jest za długi i nie mieści się w wątku. Nie wiem też dlaczego nie działa na wklej.org

Mam jeszcze pytanie odnośnie antywirusa. mam wrażenie, że darmowy Avast jest kiepski i wobec tego czy jest program który uchroni mnie przed takimi problemami jak opisywane wyżej. Dla bezpieczeństwa swoich danych jestem w stanie wydać te kilkadziesiąt złotych na rok.

[djarta]

Avast to sito,zainstaluj sobie Avire ew. AVG.Co do logu wklej go na wklejto.pl

Nigdy nie będziesz miał ochrony 100%.


===============
K .

[Slawekbe5]

Te programy są darmowe? Jakoś nie mam przekonania już do darmowych. Widzę że jest jakaś opcja premium Avira. Czy ten program jest dobry aby go kupić w tej wersji premium?

Tu link do loga
http://wklejto.pl/7943


Nie zmieścił się cały, nie wiem dlaczego.

[Magik]

Mam jeszcze pytanie odnośnie antywirusa. mam wrażenie, że darmowy Avast jest kiepski i wobec tego czy jest program który uchroni mnie przed takimi problemami jak opisywane wyżej. Dla bezpieczeństwa swoich danych jestem w stanie wydać te kilkadziesiąt złotych na rok.

do tego jeszcze jakis firewall//z darmowych Comodo

Jesli juz zamierzasz zainwestowac gotowke, to poswiec stowke na Kaspersky'ego lub Noda

Skocz do
C:\WINDOWS\System32\drivers\etc\

znajdz plik hosts, odhacz mu atrybut tylko do odczytu, otworz w notatniku i zostaw w nim tylko jedna linijke

Kod: Zaznacz wszystko

127.0.0.1       localhost

[Slawekbe5]

W jakim celu usuwa się pozostałe wpisy i zostawia tylko ten jeden?

[Magik]

W jakim celu usuwa się pozostałe wpisy i zostawia tylko ten jeden?

masz tam domeny odwolujace sie do stron reklamowych, spyware itd

[Slawekbe5]

OK. Usunąłem i zaznaczyłem tylko do odczytu. Odnośnie tych antywirusów - słyszałem dobre opinie na temat NOD-a choć nie wiem jak jest naprawdę. Kiedyś miałem Kaspersky (wersję półroczną z gazety) myślę, że był dobry ale jak teraz zapytałem o ten program informatyka z serwisu w sklepie to nie polecał mi go.

[Magik]

słyszałem dobre opinie na temat NOD-a choć nie wiem jak jest naprawdę. Kiedyś miałem Kaspersky (wersję półroczną z gazety) myślę, że był dobry

Nod Kaspersky jeden diabel-->oba jada na tym samym silniku od kaspra

Nod napewno bedzie lzejszy dla systemu

ale jak teraz zapytałem o ten program informatyka z serwisu w sklepie to nie polecał mi go.

nie testowalem zbyt dlugo wersji 2009, zbyt ciezka dla systemu mojego byla, ale wersja 2008 bezkonkurencyjna, nie wpuscila nic przez kilkanascie miesiecy......I w porownaniu do Nortona chociazby Kasper usuwa wsio jak leci a nie informuje komunikatem "cannot delete"

[Slawekbe5]

Po wykonaniu wszystkiego o czym wyżej pisaliście wrzucam jeszcze raz log z Combofix. Proszę o sprawdzenie czy już żadne paskudztwo nie siedzi w moim kompie

http://wklejto.pl/8071

[Magik]

http://wklejto.pl/8071

logi wrzucaj na forum w tagi 'code'!!!!!!!!!!!!!!!


by mario
1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem

[Slawekbe5]

Zrobiłem wszystko tak jak napisałeś. Wrzucam najświeższego log-a z Combofix:

Kod: Zaznacz wszystko

ComboFix 08-08-14.05 - Sławek 2008-08-15 20:36:53.7 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.1961 [GMT 2:00]
Running from: D:\Programy\Z internetu\Aplikacje darmowe\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((   Files Created from 2008-07-15 to 2008-08-15  )))))))))))))))))))))))))))))))
.

2008-08-15 19:58 . 2008-08-15 19:58   <DIR>   d--------   C:\Program Files\Avira
2008-08-15 19:58 . 2008-08-15 19:58   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Avira
2008-08-14 12:44 . 2008-08-15 20:38   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-08-14 12:44 . 2008-01-01 19:49   <DIR>   d--------   C:\Documents and Settings\Administrator\Ulubione
2008-08-14 12:44 . 2008-01-01 20:07   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2008-08-14 12:44 . 2008-08-14 12:58   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2008-08-14 12:44 . 2008-01-01 19:49   <DIR>   d--------   C:\Documents and Settings\Administrator\Moje dokumenty
2008-08-14 12:44 . 2008-01-01 19:49   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2008-08-14 12:44 . 2008-01-01 19:49   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2008-08-14 12:44 . 2008-08-14 12:44   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-08-14 12:13 . 2008-08-14 12:13   16,244   --a------   C:\WINDOWS\system32\rrt_is.wav
2008-08-14 12:13 . 2008-08-14 12:13   7,302   --a------   C:\WINDOWS\system32\rrt_vf.wav
2008-08-14 12:13 . 2008-08-14 12:13   7,148   --a------   C:\WINDOWS\system32\rrt_tv.wav
2008-08-14 12:13 . 2008-08-14 12:13   6,282   --a------   C:\WINDOWS\system32\rrt_tn.wav
2008-08-14 11:24 . 2008-08-14 11:24   <DIR>   d--------   C:\Program Files\Trend Micro
2008-08-13 09:12 . 2008-05-01 16:37   331,776   -----c---   C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 09:09 . 2008-04-11 21:06   691,712   -----c---   C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 09:06 . 2008-08-13 09:06   <DIR>   d--------   C:\WINDOWS\Sun
2008-07-27 15:50 . 2008-07-27 15:50   <DIR>   d--h-----   C:\WINDOWS\PIF
2008-07-27 08:50 . 2008-07-27 09:02   69   --a------   C:\WINDOWS\NeroDigital.ini
2008-07-27 08:45 . 2008-07-27 08:45   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\Windows Search
2008-07-27 08:45 . 2008-07-27 08:45   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\Windows Search
2008-07-27 08:45 . 2008-07-27 08:45   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\Windows Search
2008-07-27 08:22 . 2008-07-27 08:22   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\Windows Desktop Search
2008-07-27 08:22 . 2008-07-27 08:22   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\Windows Desktop Search
2008-07-27 08:22 . 2008-07-27 08:22   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\Windows Desktop Search
2008-07-27 08:21 . 2008-07-27 08:21   <DIR>   d--------   C:\WINDOWS\system32\GroupPolicy
2008-07-27 08:21 . 2008-07-27 08:21   <DIR>   d--------   C:\Program Files\Windows Desktop Search
2008-07-27 08:21 . 2008-07-27 08:21   <DIR>   d--------   C:\Program Files\Microsoft Silverlight
2008-07-27 08:21 . 2008-03-07 19:02   192,000   -----c---   C:\WINDOWS\system32\dllcache\offfilt.dll
2008-07-27 08:21 . 2008-03-07 19:02   98,304   -----c---   C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-07-27 08:21 . 2008-03-07 19:02   29,696   -----c---   C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-07-26 11:10 . 2008-07-26 11:11   <DIR>   d--------   C:\Program Files\Internet Translator 2
2008-07-26 10:44 . 2008-07-27 11:52   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\ZoomBrowser
2008-07-26 10:40 . 2008-07-26 10:42   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\GetRightToGo
2008-07-26 10:40 . 2008-07-26 10:42   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\GetRightToGo
2008-07-26 10:40 . 2008-07-26 10:42   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\GetRightToGo
2008-07-26 10:32 . 2008-07-26 10:32   <DIR>   d--------   C:\Program Files\PC Connectivity Solution
2008-07-26 10:32 . 2008-07-26 10:32   <DIR>   d--------   C:\Program Files\Common Files\PCSuite
2008-07-26 10:32 . 2008-07-26 10:32   <DIR>   d--------   C:\Program Files\Common Files\Nokia
2008-07-26 10:32 . 2007-09-17 15:53   21,632   --a------   C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-07-25 10:42 . 2008-07-25 10:42   <DIR>   d--------   C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$
2008-07-25 10:35 . 2008-07-25 10:35   <DIR>   d--------   C:\WINDOWS\SQLTools9_KB948109_ENU
2008-07-25 10:32 . 2008-07-25 10:32   <DIR>   d--------   C:\WINDOWS\SQL9_KB948109_ENU
2008-07-25 10:19 . 2008-07-25 10:19   <DIR>   d--------   C:\WINDOWS\system32\pl
2008-07-25 10:19 . 2008-07-25 10:19   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-07-25 10:19 . 2008-07-25 10:19   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-07-25 10:05 . 2008-06-14 19:36   273,024   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-25 09:57 . 2008-05-08 16:02   203,136   -----c---   C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-25 09:42 . 2008-04-14 19:20   651,264   ---------   C:\WINDOWS\system32\dot3ui.dll
2008-07-25 09:00 . 2008-05-30 14:11   3,850,760   --a------   C:\WINDOWS\system32\D3DX9_38.dll
2008-07-25 08:53 . 2008-07-25 08:53   <DIR>   d--------   C:\WINDOWS\Logs

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 18:14   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\WTablet
2008-08-15 18:14   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\WTablet
2008-08-15 18:14   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\WTablet
2008-08-15 18:01   ---------   d-----w   C:\Program Files\Mozilla Thunderbird
2008-08-14 11:15   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-08-13 09:43   ---------   d-----w   C:\Program Files\Java
2008-08-13 07:44   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-08-12 20:08   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\Thunderbird
2008-08-12 20:08   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\Thunderbird
2008-08-12 20:08   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\Thunderbird
2008-07-27 14:37   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\ZoomBrowser EX
2008-07-27 14:37   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\ZoomBrowser EX
2008-07-27 14:37   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\ZoomBrowser EX
2008-07-26 09:03   ---------   d-----w   C:\Program Files\FlashGet
2008-07-26 08:54   ---------   d-----w   C:\Program Files\TuneUp Utilities 2006
2008-07-26 08:44   ---------   d-----w   C:\Program Files\Canon
2008-07-26 08:33   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-07-26 08:32   ---------   d-----w   C:\Program Files\Nokia
2008-07-26 08:31   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-07-26 06:39   ---------   d-----w   C:\Program Files\Eusing Free Registry Cleaner
2008-07-26 06:31   ---------   d-----w   C:\Program Files\Common Files\LightScribe
2008-07-25 08:35   ---------   d-----w   C:\Program Files\Microsoft SQL Server
2008-07-07 20:29   253,952   ----a-w   C:\WINDOWS\system32\es.dll
2008-06-24 16:46   74,240   ----a-w   C:\WINDOWS\system32\mscms.dll
2008-06-23 16:42   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-06-20 17:48   246,784   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51   361,600   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40   138,496   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08   225,856   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-30 12:19   507,400   ----a-w   C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18   238,088   ----a-w   C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17   65,032   ----a-w   C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17   25,608   ----a-w   C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11   467,984   ----a-w   C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11   1,491,992   ----a-w   C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-26 20:21   1,582,592   ------w   C:\WINDOWS\system32\tquery.dll
2008-05-26 20:21   1,418,240   ------w   C:\WINDOWS\system32\mssrch.dll
2008-05-26 20:19   97,792   ------w   C:\WINDOWS\system32\UncCplExt.dll
2008-05-26 20:19   273,408   ------w   C:\WINDOWS\system32\oeph.dll
2008-05-26 20:19   2,048   ------w   C:\WINDOWS\system32\UncRes.dll
2008-05-26 20:19   143,872   ------w   C:\WINDOWS\system32\UncDMS.dll
2008-05-26 20:19   131,072   ------w   C:\WINDOWS\system32\UncPH.dll
2008-05-26 20:19   11,264   ------w   C:\WINDOWS\system32\oephRes.dll
2008-05-26 20:19   108,032   ------w   C:\WINDOWS\system32\UncNE.dll
2008-05-26 20:18   71,680   ------w   C:\WINDOWS\system32\propdefs.dll
2008-05-26 20:18   56,320   ------w   C:\WINDOWS\system32\xmlfilter.dll
2008-05-26 20:18   44,032   ------w   C:\WINDOWS\system32\msstrc.dll
2008-05-26 20:18   439,808   ------w   C:\WINDOWS\system32\searchindexer.exe
2008-05-26 20:18   38,400   ------w   C:\WINDOWS\system32\rtffilt.dll
2008-05-26 20:18   350,208   ------w   C:\WINDOWS\system32\mssph.dll
2008-05-26 20:18   231,936   ------w   C:\WINDOWS\system32\msshsq.dll
2008-05-26 20:18   203,776   ------w   C:\WINDOWS\system32\mssphtb.dll
2008-05-26 20:18   184,832   ------w   C:\WINDOWS\system32\searchprotocolhost.exe
2008-05-26 20:17   87,552   ------w   C:\WINDOWS\system32\searchfilterhost.exe
2008-05-26 20:17   87,552   ------w   C:\WINDOWS\system32\mssitlb.dll
2008-05-26 20:17   754,176   ------w   C:\WINDOWS\system32\propsys.dll
2008-05-26 20:17   60,416   ------w   C:\WINDOWS\system32\msscntrs.dll
2008-05-26 20:17   34,816   ------w   C:\WINDOWS\system32\msscb.dll
2008-05-26 20:17   32,768   ------w   C:\WINDOWS\system32\mssprxy.dll
2008-05-26 20:17   301,568   ------w   C:\WINDOWS\system32\srchadmin.dll
2008-05-26 20:17   11,776   ------w   C:\WINDOWS\system32\msshooks.dll
2008-05-26 19:59   18,904   ------w   C:\WINDOWS\system32\structuredqueryschematrivial.bin
2008-05-26 19:59   106,605   ------w   C:\WINDOWS\system32\structuredqueryschema.bin
2004-10-01 14:00   40,960   ----a-w   C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:21 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 06:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 06:22 86016]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-01-02 20:08 779776]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 21:41 2037352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 18:44 16120832 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 19:21 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg30.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 06:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
"HPHmon04"=C:\WINDOWS\system32\hphmon04.exe
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=

R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-02-07 14:43]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 17:23]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 12:16]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2008-04-14 19:21]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-02-01 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 17:09]

2008-08-15 C:\WINDOWS\Tasks\HP Usg Daily.job
- C:\Program Files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 21:50]

2008-08-15 C:\WINDOWS\Tasks\HP Usg Login.job
- C:\Program Files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 21:50]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Sławek\Dane aplikacji\Mozilla\Firefox\Profiles\[u]0[/u]l35zfbw.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 20:38:12
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-15 20:38:47
ComboFix-quarantined-files.txt  2008-08-15 18:38:43

Pre-Run: 52,761,935,872 bajtów wolnych
Post-Run: 52,747,730,944 bajtów wolnych

221   --- E O F ---   2008-08-13 07:45:05


Czy teraz jest już OK? Zainstalowałem też Avire ale kompa jeszcze nie skanowałem. Jak najlepiej ustawić ten program - dałem aby mi wszystko skanował. Pytanie ma jeszcze dot. pendrive. Mam 3 sztuki i boję się ich wkładać do USB aby znowu czegoś nie wnieść do kompa. Czy sprawdzenie ich antywirusem wystarczy czy musze zrobić jeszcze coś? Format nie wchodzi w grę mam tam ważne dane.

[djarta]

Log wygląda na czysty.

Na koniec scan tym ----> http://www.kaspersky.pl/virusscanner.html



=================
K.

[Slawekbe5]

Dzięki bardzo. Podziwiam ludzi z taką wiedzą. Ja nie wiem nawet o co w tych logach chodzi. Czy gdzieś można sobie o tym poczytać?
Co radzisz z tą moją pamięcią USB?

[djarta]

Przeskanuj Antyvirusem wszystkie peny,potem daj log znowu z ComboFixa,zobaczyć czy nic nie siedzi.Jeśli coś siedzi,usuniemy wirusy z pendriv'a nie niszcząc twojich ważnych danych.

==============================
K.

[Slawekbe5]

Przeskanowałem pierwszego pena i Avira wykrył mi 2 wirusy. Dałem na kwarantanne. Po tym pen nie chciał mi się otwierać to potraktowałem go Flash_Disinfector i teraz się otwiera. Log z Combofix

Kod: Zaznacz wszystko

ComboFix 08-08-14.05 - Sławek 2008-08-15 21:15:47.8 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1250.1.1045.18.1835 [GMT 2:00]
Running from: D:\Programy\Z internetu\Aplikacje darmowe\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

O:\autorun.inf

.
(((((((((((((((((((((((((   Files Created from 2008-07-15 to 2008-08-15  )))))))))))))))))))))))))))))))
.

2008-08-15 20:52 . 2008-08-15 20:52   <DIR>   d--------   C:\WINDOWS\system32\Kaspersky Lab
2008-08-15 20:52 . 2008-08-15 20:52   <DIR>   d--------   C:\WINDOWS\LastGood
2008-08-15 20:52 . 2008-08-15 20:52   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-08-15 19:58 . 2008-08-15 19:58   <DIR>   d--------   C:\Program Files\Avira
2008-08-15 19:58 . 2008-08-15 19:58   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Avira
2008-08-14 12:44 . 2008-08-15 21:16   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Ustawienia lokalne
2008-08-14 12:44 . 2008-01-01 19:49   <DIR>   d--------   C:\Documents and Settings\Administrator\Ulubione
2008-08-14 12:44 . 2008-01-01 20:07   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Szablony
2008-08-14 12:44 . 2008-08-14 12:58   <DIR>   d--------   C:\Documents and Settings\Administrator\Pulpit
2008-08-14 12:44 . 2008-01-01 19:49   <DIR>   d--------   C:\Documents and Settings\Administrator\Moje dokumenty
2008-08-14 12:44 . 2008-01-01 19:49   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Start
2008-08-14 12:44 . 2008-01-01 19:49   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dane aplikacji
2008-08-14 12:44 . 2008-08-14 12:44   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-08-14 12:13 . 2008-08-14 12:13   16,244   --a------   C:\WINDOWS\system32\rrt_is.wav
2008-08-14 12:13 . 2008-08-14 12:13   7,302   --a------   C:\WINDOWS\system32\rrt_vf.wav
2008-08-14 12:13 . 2008-08-14 12:13   7,148   --a------   C:\WINDOWS\system32\rrt_tv.wav
2008-08-14 12:13 . 2008-08-14 12:13   6,282   --a------   C:\WINDOWS\system32\rrt_tn.wav
2008-08-14 11:24 . 2008-08-14 11:24   <DIR>   d--------   C:\Program Files\Trend Micro
2008-08-13 09:12 . 2008-05-01 16:37   331,776   -----c---   C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 09:09 . 2008-04-11 21:06   691,712   -----c---   C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 09:06 . 2008-08-13 09:06   <DIR>   d--------   C:\WINDOWS\Sun
2008-07-27 15:50 . 2008-07-27 15:50   <DIR>   d--h-----   C:\WINDOWS\PIF
2008-07-27 08:50 . 2008-07-27 09:02   69   --a------   C:\WINDOWS\NeroDigital.ini
2008-07-27 08:45 . 2008-07-27 08:45   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\Windows Search
2008-07-27 08:45 . 2008-07-27 08:45   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\Windows Search
2008-07-27 08:45 . 2008-07-27 08:45   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\Windows Search
2008-07-27 08:22 . 2008-07-27 08:22   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\Windows Desktop Search
2008-07-27 08:22 . 2008-07-27 08:22   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\Windows Desktop Search
2008-07-27 08:22 . 2008-07-27 08:22   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\Windows Desktop Search
2008-07-27 08:21 . 2008-07-27 08:21   <DIR>   d--------   C:\WINDOWS\system32\GroupPolicy
2008-07-27 08:21 . 2008-07-27 08:21   <DIR>   d--------   C:\Program Files\Windows Desktop Search
2008-07-27 08:21 . 2008-07-27 08:21   <DIR>   d--------   C:\Program Files\Microsoft Silverlight
2008-07-27 08:21 . 2008-03-07 19:02   192,000   -----c---   C:\WINDOWS\system32\dllcache\offfilt.dll
2008-07-27 08:21 . 2008-03-07 19:02   98,304   -----c---   C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-07-27 08:21 . 2008-03-07 19:02   29,696   -----c---   C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-07-26 11:10 . 2008-07-26 11:11   <DIR>   d--------   C:\Program Files\Internet Translator 2
2008-07-26 10:44 . 2008-07-27 11:52   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\ZoomBrowser
2008-07-26 10:40 . 2008-07-26 10:42   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\GetRightToGo
2008-07-26 10:40 . 2008-07-26 10:42   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\GetRightToGo
2008-07-26 10:40 . 2008-07-26 10:42   <DIR>   d--------   C:\Documents and Settings\Sławek\Dane aplikacji\GetRightToGo
2008-07-26 10:32 . 2008-07-26 10:32   <DIR>   d--------   C:\Program Files\PC Connectivity Solution
2008-07-26 10:32 . 2008-07-26 10:32   <DIR>   d--------   C:\Program Files\Common Files\PCSuite
2008-07-26 10:32 . 2008-07-26 10:32   <DIR>   d--------   C:\Program Files\Common Files\Nokia
2008-07-26 10:32 . 2007-09-17 15:53   21,632   --a------   C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-07-25 10:42 . 2008-07-25 10:42   <DIR>   d--------   C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$
2008-07-25 10:35 . 2008-07-25 10:35   <DIR>   d--------   C:\WINDOWS\SQLTools9_KB948109_ENU
2008-07-25 10:32 . 2008-07-25 10:32   <DIR>   d--------   C:\WINDOWS\SQL9_KB948109_ENU
2008-07-25 10:19 . 2008-07-25 10:19   <DIR>   d--------   C:\WINDOWS\system32\pl
2008-07-25 10:19 . 2008-07-25 10:19   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-07-25 10:19 . 2008-07-25 10:19   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-07-25 10:05 . 2008-06-14 19:36   273,024   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-25 09:57 . 2008-05-08 16:02   203,136   -----c---   C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-25 09:42 . 2008-04-14 19:20   651,264   ---------   C:\WINDOWS\system32\dot3ui.dll
2008-07-25 09:00 . 2008-05-30 14:11   3,850,760   --a------   C:\WINDOWS\system32\D3DX9_38.dll
2008-07-25 08:53 . 2008-07-25 08:53   <DIR>   d--------   C:\WINDOWS\Logs

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 18:14   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\WTablet
2008-08-15 18:14   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\WTablet
2008-08-15 18:14   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\WTablet
2008-08-15 18:01   ---------   d-----w   C:\Program Files\Mozilla Thunderbird
2008-08-14 11:15   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy
2008-08-13 09:43   ---------   d-----w   C:\Program Files\Java
2008-08-13 07:44   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-08-12 20:08   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\Thunderbird
2008-08-12 20:08   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\Thunderbird
2008-08-12 20:08   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\Thunderbird
2008-07-27 14:37   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\ZoomBrowser EX
2008-07-27 14:37   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\ZoomBrowser EX
2008-07-27 14:37   ---------   d-----w   C:\Documents and Settings\Sławek\Dane aplikacji\ZoomBrowser EX
2008-07-26 09:03   ---------   d-----w   C:\Program Files\FlashGet
2008-07-26 08:54   ---------   d-----w   C:\Program Files\TuneUp Utilities 2006
2008-07-26 08:44   ---------   d-----w   C:\Program Files\Canon
2008-07-26 08:33   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-07-26 08:32   ---------   d-----w   C:\Program Files\Nokia
2008-07-26 08:31   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Installations
2008-07-26 06:39   ---------   d-----w   C:\Program Files\Eusing Free Registry Cleaner
2008-07-26 06:31   ---------   d-----w   C:\Program Files\Common Files\LightScribe
2008-07-25 08:35   ---------   d-----w   C:\Program Files\Microsoft SQL Server
2008-07-07 20:29   253,952   ----a-w   C:\WINDOWS\system32\es.dll
2008-06-24 16:46   74,240   ----a-w   C:\WINDOWS\system32\mscms.dll
2008-06-23 16:42   826,368   ----a-w   C:\WINDOWS\system32\wininet.dll
2008-06-20 17:48   246,784   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51   361,600   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40   138,496   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08   225,856   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-30 12:19   507,400   ----a-w   C:\WINDOWS\system32\XAudio2_1.dll
2008-05-30 12:18   238,088   ----a-w   C:\WINDOWS\system32\xactengine3_1.dll
2008-05-30 12:17   65,032   ----a-w   C:\WINDOWS\system32\XAPOFX1_0.dll
2008-05-30 12:17   25,608   ----a-w   C:\WINDOWS\system32\X3DAudio1_4.dll
2008-05-30 12:11   467,984   ----a-w   C:\WINDOWS\system32\d3dx10_38.dll
2008-05-30 12:11   1,491,992   ----a-w   C:\WINDOWS\system32\D3DCompiler_38.dll
2008-05-26 20:21   1,582,592   ------w   C:\WINDOWS\system32\tquery.dll
2008-05-26 20:21   1,418,240   ------w   C:\WINDOWS\system32\mssrch.dll
2008-05-26 20:19   97,792   ------w   C:\WINDOWS\system32\UncCplExt.dll
2008-05-26 20:19   273,408   ------w   C:\WINDOWS\system32\oeph.dll
2008-05-26 20:19   2,048   ------w   C:\WINDOWS\system32\UncRes.dll
2008-05-26 20:19   143,872   ------w   C:\WINDOWS\system32\UncDMS.dll
2008-05-26 20:19   131,072   ------w   C:\WINDOWS\system32\UncPH.dll
2008-05-26 20:19   11,264   ------w   C:\WINDOWS\system32\oephRes.dll
2008-05-26 20:19   108,032   ------w   C:\WINDOWS\system32\UncNE.dll
2008-05-26 20:18   71,680   ------w   C:\WINDOWS\system32\propdefs.dll
2008-05-26 20:18   56,320   ------w   C:\WINDOWS\system32\xmlfilter.dll
2008-05-26 20:18   44,032   ------w   C:\WINDOWS\system32\msstrc.dll
2008-05-26 20:18   439,808   ------w   C:\WINDOWS\system32\searchindexer.exe
2008-05-26 20:18   38,400   ------w   C:\WINDOWS\system32\rtffilt.dll
2008-05-26 20:18   350,208   ------w   C:\WINDOWS\system32\mssph.dll
2008-05-26 20:18   231,936   ------w   C:\WINDOWS\system32\msshsq.dll
2008-05-26 20:18   203,776   ------w   C:\WINDOWS\system32\mssphtb.dll
2008-05-26 20:18   184,832   ------w   C:\WINDOWS\system32\searchprotocolhost.exe
2008-05-26 20:17   87,552   ------w   C:\WINDOWS\system32\searchfilterhost.exe
2008-05-26 20:17   87,552   ------w   C:\WINDOWS\system32\mssitlb.dll
2008-05-26 20:17   754,176   ------w   C:\WINDOWS\system32\propsys.dll
2008-05-26 20:17   60,416   ------w   C:\WINDOWS\system32\msscntrs.dll
2008-05-26 20:17   34,816   ------w   C:\WINDOWS\system32\msscb.dll
2008-05-26 20:17   32,768   ------w   C:\WINDOWS\system32\mssprxy.dll
2008-05-26 20:17   301,568   ------w   C:\WINDOWS\system32\srchadmin.dll
2008-05-26 20:17   11,776   ------w   C:\WINDOWS\system32\msshooks.dll
2008-05-26 19:59   18,904   ------w   C:\WINDOWS\system32\structuredqueryschematrivial.bin
2008-05-26 19:59   106,605   ------w   C:\WINDOWS\system32\structuredqueryschema.bin
2004-10-01 14:00   40,960   ----a-w   C:\Program Files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:21 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 06:22 7700480]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 06:22 86016]
"Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-01-02 20:08 779776]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 21:41 2037352]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 17:38 282624]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 18:44 16120832 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 19:21 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg30.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-10-22 06:22 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
"HPHmon04"=C:\WINDOWS\system32\hphmon04.exe
"Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\FlashGet\\FlashGet.exe"=

R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-02-07 14:43]
R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 17:23]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 12:16]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2008-04-14 19:21]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-02-01 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 17:09]

2008-08-15 C:\WINDOWS\Tasks\HP Usg Daily.job
- C:\Program Files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 21:50]

2008-08-15 C:\WINDOWS\Tasks\HP Usg Login.job
- C:\Program Files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 21:50]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Sławek\Dane aplikacji\Mozilla\Firefox\Profiles\[u]0[/u]l35zfbw.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 21:16:54
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-15 21:17:27
ComboFix-quarantined-files.txt  2008-08-15 19:17:24
ComboFix2.txt  2008-08-15 18:38:49

Pre-Run: 52,715,814,912 bajtów wolnych
Post-Run: 52,706,877,440 bajtów wolnych

229   --- E O F ---   2008-08-13 07:45:05


Lepiej usuwać czy dawać do kwarantanny wykryte wirusy a może coś innego robić?

[Magik]

Lepiej usuwać czy dawać do kwarantanny wykryte wirusy a może coś innego robić?

pokaz screen z tej kwarantanny, bo nie ufam silnikowi Aviry//BTW, nie przenos pewnych plikow do kwarantanny tylko usuwaj


Avira nie jest najwyzszych lotow softem, pomysl o zmianie na cos pewneijszego