Win32:onlinegames-csl

**Posty:** 31 · przez **Slawekbe5** 15 Sie 2008, 21:44

No do dzisiaj miałem Avasta ale kilka wątków wcześniej polecano mi Avirę no i zainstalowałem. Skoro nie ona to co? (z darmowych i płatnych).
Jak wstawić obrazek na forum - funkcja dodaj załącznik wyświetla, iż niemożna dodać więcej załączników?

**Posty:** 8001 · przez **Okocza** 15 Sie 2008, 21:45

Slawekbe5 napisał(a):No do dzisiaj miałem Avasta

dobrze że już nie masz...

Slawekbe5 napisał(a):z darmowych i płatnych

Kaspersky i NOD32

Slawekbe5 napisał(a):Jak wstawić obrazek na forum

wrzucasz na up.programosy.pl i dajesz linka - albo do pelnego obrazka na forum (jesli maly) albo do miniaturki (jesli duze)

**Posty:** 7956 · przez **Magik** 15 Sie 2008, 21:46

Slawekbe5 napisał(a):Jak wstawić obrazek na forum - funkcja dodaj załącznik wyświetla, iż niemożna dodać więcej załączników?

masz screen na dysku-->wrzuc obrazek na http://up.programosy.pl/

Slawekbe5 napisał(a):No do dzisiaj miałem Avasta ale kilka wątków wcześniej polecano mi Avirę no i zainstalowałem.

oba programy są siebie warte..........z darmowych ew. Bitdefender ale tylko ze wzgledu iz stoi na silniku Kasperskiego

Platne to McAfee, Nod, Kaspersky

**Posty:** 31 · przez **Slawekbe5** 15 Sie 2008, 21:52

Screen z Aviry

**Posty:** 8001 · przez **Okocza** 15 Sie 2008, 21:53

smitfraudfix z opcji 2
(sciagasz -> uruchamiasz-> klikasz dowolny klawisz -> wpisujesz w programie 2 i enter potem czekasz chwile -> gdy wyskoczy pytanie w programie Do you want to clean the registry ? to wpisujesz literke Y i znowu enter i czekasz do wyskoczenia raportu (znak ze skan dobiegł konca)

oraz te skanery po kilka razy

VundoFix

VirtumundoBeGone

FixVundo

**Posty:** 31 · przez **Slawekbe5** 15 Sie 2008, 22:25

Skanowałem kompa Avirą i programami z poprzedniego wątku. Chyba nic nie wykryły ponieważ nie było żadnego komunikatu. Czy tak samo mam robić z pozostałymi pen-ami?

**Posty:** 7956 · przez **Magik** 15 Sie 2008, 22:26

Slawekbe5 napisał(a):Czy tak samo mam robić z pozostałymi pen-ami?

dokladnie, bo wystarczy jeden zainfekowany i problem powroci :wink:

**Posty:** 31 · przez **Slawekbe5** 16 Sie 2008, 13:36

To log z Combofix z pierwszym penem. Proszę o sprawdzenie czy jest OK.

Kod: Zaznacz wszystko: ComboFix 08-08-15.04 - Sławek 2008-08-16 13:32:50.9 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.2057 [GMT 2:00] Running from: D:\Programy\Z internetu\Aplikacje darmowe\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))) . 2008-08-15 22:07 . 2008-08-15 22:07 2,292 --a------ C:\WINDOWS\system32\tmp.reg 2008-08-15 21:17 . 2008-08-15 21:17 <DIR> d-------- C:\Documents and Settings\Sławek\Dane aplikacji\Folder przesyłania Share-to-Web 2008-08-15 20:52 . 2008-08-15 20:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-08-15 20:52 . 2008-08-15 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-08-15 19:58 . 2008-08-15 19:58 <DIR> d-------- C:\Program Files\Avira 2008-08-15 19:58 . 2008-08-15 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira 2008-08-14 12:44 . 2008-08-16 13:34 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne 2008-08-14 12:44 . 2008-01-01 19:49 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione 2008-08-14 12:44 . 2008-01-01 20:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony 2008-08-14 12:44 . 2008-08-14 12:58 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit 2008-08-14 12:44 . 2008-01-01 19:49 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty 2008-08-14 12:44 . 2008-01-01 19:49 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start 2008-08-14 12:44 . 2008-01-01 19:49 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji 2008-08-14 12:44 . 2008-08-14 12:44 <DIR> d-------- C:\Documents and Settings\Administrator 2008-08-14 12:13 . 2008-08-14 12:13 16,244 --a------ C:\WINDOWS\system32\rrt_is.wav 2008-08-14 12:13 . 2008-08-14 12:13 7,302 --a------ C:\WINDOWS\system32\rrt_vf.wav 2008-08-14 12:13 . 2008-08-14 12:13 7,148 --a------ C:\WINDOWS\system32\rrt_tv.wav 2008-08-14 12:13 . 2008-08-14 12:13 6,282 --a------ C:\WINDOWS\system32\rrt_tn.wav 2008-08-14 11:24 . 2008-08-14 11:24 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-13 09:12 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-13 09:09 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 09:06 . 2008-08-13 09:06 <DIR> d-------- C:\WINDOWS\Sun 2008-07-27 15:50 . 2008-07-27 15:50 <DIR> d--h----- C:\WINDOWS\PIF 2008-07-27 08:50 . 2008-07-27 09:02 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-07-27 08:45 . 2008-07-27 08:45 <DIR> d-------- C:\Documents and Settings\Sławek\Dane aplikacji\Windows Search 2008-07-27 08:22 . 2008-07-27 08:22 <DIR> d-------- C:\Documents and Settings\Sławek\Dane aplikacji\Windows Desktop Search 2008-07-27 08:21 . 2008-07-27 08:21 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2008-07-27 08:21 . 2008-07-27 08:21 <DIR> d-------- C:\Program Files\Windows Desktop Search 2008-07-27 08:21 . 2008-07-27 08:21 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-07-27 08:21 . 2008-03-07 19:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll 2008-07-27 08:21 . 2008-03-07 19:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll 2008-07-27 08:21 . 2008-03-07 19:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll 2008-07-26 11:10 . 2008-08-16 12:17 <DIR> d-------- C:\Program Files\Internet Translator 2 2008-07-26 10:44 . 2008-07-27 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ZoomBrowser 2008-07-26 10:40 . 2008-07-26 10:42 <DIR> d-------- C:\Documents and Settings\Sławek\Dane aplikacji\GetRightToGo 2008-07-26 10:32 . 2008-07-26 10:32 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-07-26 10:32 . 2008-07-26 10:32 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-07-26 10:32 . 2008-07-26 10:32 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-07-26 10:32 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-07-25 10:42 . 2008-07-25 10:42 <DIR> d-------- C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$ 2008-07-25 10:35 . 2008-07-25 10:35 <DIR> d-------- C:\WINDOWS\SQLTools9_KB948109_ENU 2008-07-25 10:32 . 2008-07-25 10:32 <DIR> d-------- C:\WINDOWS\SQL9_KB948109_ENU 2008-07-25 10:19 . 2008-07-25 10:19 <DIR> d-------- C:\WINDOWS\system32\pl 2008-07-25 10:19 . 2008-07-25 10:19 <DIR> d-------- C:\WINDOWS\system32\bits 2008-07-25 10:19 . 2008-07-25 10:19 <DIR> d-------- C:\WINDOWS\l2schemas 2008-07-25 10:05 . 2008-06-14 19:36 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-25 09:57 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-07-25 09:42 . 2008-04-14 19:20 651,264 --------- C:\WINDOWS\system32\dot3ui.dll 2008-07-25 09:00 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll 2008-07-25 08:53 . 2008-07-25 08:53 <DIR> d-------- C:\WINDOWS\Logs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-16 11:14 --------- d-----w C:\Documents and Settings\Sławek\Dane aplikacji\WTablet 2008-08-16 09:05 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-08-14 11:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2008-08-13 09:43 --------- d-----w C:\Program Files\Java 2008-08-13 07:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2008-08-12 20:08 --------- d-----w C:\Documents and Settings\Sławek\Dane aplikacji\Thunderbird 2008-07-27 14:37 --------- d-----w C:\Documents and Settings\Sławek\Dane aplikacji\ZoomBrowser EX 2008-07-26 09:03 --------- d-----w C:\Program Files\FlashGet 2008-07-26 08:54 --------- d-----w C:\Program Files\TuneUp Utilities 2006 2008-07-26 08:44 --------- d-----w C:\Program Files\Canon 2008-07-26 08:33 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-26 08:32 --------- d-----w C:\Program Files\Nokia 2008-07-26 08:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-07-26 06:39 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner 2008-07-26 06:31 --------- d-----w C:\Program Files\Common Files\LightScribe 2008-07-25 08:35 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-07-07 20:29 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:46 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:42 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:48 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-05-30 12:19 507,400 ----a-w C:\WINDOWS\system32\XAudio2_1.dll 2008-05-30 12:18 238,088 ----a-w C:\WINDOWS\system32\xactengine3_1.dll 2008-05-30 12:17 65,032 ----a-w C:\WINDOWS\system32\XAPOFX1_0.dll 2008-05-30 12:17 25,608 ----a-w C:\WINDOWS\system32\X3DAudio1_4.dll 2008-05-30 12:11 467,984 ----a-w C:\WINDOWS\system32\d3dx10_38.dll 2008-05-30 12:11 1,491,992 ----a-w C:\WINDOWS\system32\D3DCompiler_38.dll 2008-05-26 20:21 1,582,592 ------w C:\WINDOWS\system32\tquery.dll 2008-05-26 20:21 1,418,240 ------w C:\WINDOWS\system32\mssrch.dll 2008-05-26 20:19 97,792 ------w C:\WINDOWS\system32\UncCplExt.dll 2008-05-26 20:19 273,408 ------w C:\WINDOWS\system32\oeph.dll 2008-05-26 20:19 2,048 ------w C:\WINDOWS\system32\UncRes.dll 2008-05-26 20:19 143,872 ------w C:\WINDOWS\system32\UncDMS.dll 2008-05-26 20:19 131,072 ------w C:\WINDOWS\system32\UncPH.dll 2008-05-26 20:19 11,264 ------w C:\WINDOWS\system32\oephRes.dll 2008-05-26 20:19 108,032 ------w C:\WINDOWS\system32\UncNE.dll 2008-05-26 20:18 71,680 ------w C:\WINDOWS\system32\propdefs.dll 2008-05-26 20:18 56,320 ------w C:\WINDOWS\system32\xmlfilter.dll 2008-05-26 20:18 44,032 ------w C:\WINDOWS\system32\msstrc.dll 2008-05-26 20:18 439,808 ------w C:\WINDOWS\system32\searchindexer.exe 2008-05-26 20:18 38,400 ------w C:\WINDOWS\system32\rtffilt.dll 2008-05-26 20:18 350,208 ------w C:\WINDOWS\system32\mssph.dll 2008-05-26 20:18 231,936 ------w C:\WINDOWS\system32\msshsq.dll 2008-05-26 20:18 203,776 ------w C:\WINDOWS\system32\mssphtb.dll 2008-05-26 20:18 184,832 ------w C:\WINDOWS\system32\searchprotocolhost.exe 2008-05-26 20:17 87,552 ------w C:\WINDOWS\system32\searchfilterhost.exe 2008-05-26 20:17 87,552 ------w C:\WINDOWS\system32\mssitlb.dll 2008-05-26 20:17 754,176 ------w C:\WINDOWS\system32\propsys.dll 2008-05-26 20:17 60,416 ------w C:\WINDOWS\system32\msscntrs.dll 2008-05-26 20:17 34,816 ------w C:\WINDOWS\system32\msscb.dll 2008-05-26 20:17 32,768 ------w C:\WINDOWS\system32\mssprxy.dll 2008-05-26 20:17 301,568 ------w C:\WINDOWS\system32\srchadmin.dll 2008-05-26 20:17 11,776 ------w C:\WINDOWS\system32\msshooks.dll 2008-05-26 19:59 18,904 ------w C:\WINDOWS\system32\structuredqueryschematrivial.bin 2008-05-26 19:59 106,605 ------w C:\WINDOWS\system32\structuredqueryschema.bin 2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:21 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 06:22 7700480] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 06:22 86016] "Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-01-02 20:08 779776] "Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 21:41 2037352] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 18:44 16120832 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 19:21 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= vdrcodec.dll "VIDC.MJPG"= Pvmjpg30.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Windows Search.lnk] backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-10-22 06:22 1622016 C:\WINDOWS\system32\nwiz.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" "LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" "HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" "HPHmon04"=C:\WINDOWS\system32\hphmon04.exe "Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe "InCD"=C:\Program Files\Ahead\InCD\InCD.exe "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\FlashGet\\FlashGet.exe"= R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-02-07 14:43] R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 17:23] R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 12:16] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2008-04-14 19:21] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30] R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2008-02-01 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 17:09] 2008-08-16 C:\WINDOWS\Tasks\HP Usg Daily.job - C:\Program Files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 21:50] 2008-08-16 C:\WINDOWS\Tasks\HP Usg Login.job - C:\Program Files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 21:50] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Sławek\Dane aplikacji\Mozilla\Firefox\Profiles\[u]0[/u]l35zfbw.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.pl/ ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-16 13:34:14 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-08-16 13:34:47 ComboFix-quarantined-files.txt 2008-08-16 11:34:45 Pre-Run: 52,684,435,456 bajtów wolnych Post-Run: 52,672,053,248 bajtów wolnych 210 --- E O F --- 2008-08-13 07:45:05

**Posty:** 18165 · przez **wojtas** 16 Sie 2008, 14:15

tu nic nie ma

**Posty:** 31 · przez **Slawekbe5** 16 Sie 2008, 15:59

Mam nadzieje że to już ostatni log z Combofix po oczyszczeniu dwóch pozostałych penów. Proszę o sprawdzenie.

Kod: Zaznacz wszystko: ComboFix 08-08-15.04 - Sławek 2008-08-16 15:50:11.10 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.1999 [GMT 2:00] Running from: D:\Programy\Z internetu\Aplikacje darmowe\ComboFix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))) . 2008-08-16 15:15 . 2008-08-16 15:15 2,444 --a------ C:\WINDOWS\system32\tmp.reg 2008-08-16 13:47 . 2008-08-16 13:47 <DIR> d-------- C:\Program Files\AskSBar 2008-08-16 13:47 . 2008-08-16 13:47 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll 2008-08-16 13:46 . 2008-08-16 15:46 <DIR> d-------- C:\Program Files\COMODO 2008-08-15 20:52 . 2008-08-15 20:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-08-15 20:52 . 2008-08-15 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-08-15 19:58 . 2008-08-15 19:58 <DIR> d-------- C:\Program Files\Avira 2008-08-15 19:58 . 2008-08-15 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira 2008-08-14 12:44 . 2008-08-16 15:51 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne 2008-08-14 12:44 . 2008-01-01 19:49 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione 2008-08-14 12:44 . 2008-01-01 20:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony 2008-08-14 12:44 . 2008-08-14 12:58 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit 2008-08-14 12:44 . 2008-01-01 19:49 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty 2008-08-14 12:44 . 2008-01-01 19:49 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start 2008-08-14 12:44 . 2008-01-01 19:49 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji 2008-08-14 12:44 . 2008-08-14 12:44 <DIR> d-------- C:\Documents and Settings\Administrator 2008-08-14 12:13 . 2008-08-14 12:13 16,244 --a------ C:\WINDOWS\system32\rrt_is.wav 2008-08-14 12:13 . 2008-08-14 12:13 7,302 --a------ C:\WINDOWS\system32\rrt_vf.wav 2008-08-14 12:13 . 2008-08-14 12:13 7,148 --a------ C:\WINDOWS\system32\rrt_tv.wav 2008-08-14 12:13 . 2008-08-14 12:13 6,282 --a------ C:\WINDOWS\system32\rrt_tn.wav 2008-08-14 11:24 . 2008-08-14 11:24 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-13 09:12 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-13 09:09 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 09:06 . 2008-08-13 09:06 <DIR> d-------- C:\WINDOWS\Sun 2008-07-27 15:50 . 2008-07-27 15:50 <DIR> d--h----- C:\WINDOWS\PIF 2008-07-27 08:50 . 2008-07-27 09:02 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-07-27 08:21 . 2008-07-27 08:21 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2008-07-27 08:21 . 2008-07-27 08:21 <DIR> d-------- C:\Program Files\Windows Desktop Search 2008-07-27 08:21 . 2008-07-27 08:21 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-07-27 08:21 . 2008-03-07 19:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll 2008-07-27 08:21 . 2008-03-07 19:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll 2008-07-27 08:21 . 2008-03-07 19:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll 2008-07-26 11:10 . 2008-08-16 12:17 <DIR> d-------- C:\Program Files\Internet Translator 2 2008-07-26 10:44 . 2008-07-27 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ZoomBrowser 2008-07-26 10:32 . 2008-07-26 10:32 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-07-26 10:32 . 2008-07-26 10:32 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-07-26 10:32 . 2008-07-26 10:32 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-07-26 10:32 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-07-25 10:42 . 2008-07-25 10:42 <DIR> d-------- C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$ 2008-07-25 10:35 . 2008-07-25 10:35 <DIR> d-------- C:\WINDOWS\SQLTools9_KB948109_ENU 2008-07-25 10:32 . 2008-07-25 10:32 <DIR> d-------- C:\WINDOWS\SQL9_KB948109_ENU 2008-07-25 10:19 . 2008-07-25 10:19 <DIR> d-------- C:\WINDOWS\system32\pl 2008-07-25 10:19 . 2008-07-25 10:19 <DIR> d-------- C:\WINDOWS\system32\bits 2008-07-25 10:19 . 2008-07-25 10:19 <DIR> d-------- C:\WINDOWS\l2schemas 2008-07-25 10:05 . 2008-06-14 19:36 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-25 09:57 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-07-25 09:42 . 2008-04-14 19:20 651,264 --------- C:\WINDOWS\system32\dot3ui.dll 2008-07-25 09:00 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll 2008-07-25 08:53 . 2008-07-25 08:53 <DIR> d-------- C:\WINDOWS\Logs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-16 12:07 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-08-14 11:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2008-08-13 09:43 --------- d-----w C:\Program Files\Java 2008-08-13 07:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2008-07-26 09:03 --------- d-----w C:\Program Files\FlashGet 2008-07-26 08:54 --------- d-----w C:\Program Files\TuneUp Utilities 2006 2008-07-26 08:44 --------- d-----w C:\Program Files\Canon 2008-07-26 08:33 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-26 08:32 --------- d-----w C:\Program Files\Nokia 2008-07-26 08:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-07-26 06:39 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner 2008-07-26 06:31 --------- d-----w C:\Program Files\Common Files\LightScribe 2008-07-25 08:35 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-08-16 13:47 66912] [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-08-16 13:47 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:21 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 06:22 7700480] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 06:22 86016] "Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-01-02 20:08 779776] "Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 21:41 2037352] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 18:44 16120832 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 19:21 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= vdrcodec.dll "VIDC.MJPG"= Pvmjpg30.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Windows Search.lnk] backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-10-22 06:22 1622016 C:\WINDOWS\system32\nwiz.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" "LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" "HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" "HPHmon04"=C:\WINDOWS\system32\hphmon04.exe "Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe "InCD"=C:\Program Files\Ahead\InCD\InCD.exe "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\FlashGet\\FlashGet.exe"= R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-02-07 14:43] R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 17:23] R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 12:16] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2008-04-14 19:21] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30] R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2008-02-01 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 17:09] 2008-08-16 C:\WINDOWS\Tasks\HP Usg Daily.job - C:\Program Files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 21:50] 2008-08-16 C:\WINDOWS\Tasks\HP Usg Login.job - C:\Program Files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 21:50] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Sławek\Dane aplikacji\Mozilla\Firefox\Profiles\[u]0[/u]l35zfbw.default\ ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-16 15:53:00 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\searchindexer.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\searchprotocolhost.exe C:\WINDOWS\system32\searchfilterhost.exe . ************************************************************************** . Completion time: 2008-08-16 15:54:55 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-16 13:54:51 Pre-Run: 52,639,166,464 bajtów wolnych Post-Run: 52,528,574,464 bajt˘w wolnych 194 --- E O F --- 2008-08-13 07:45:05

Zainstalowałem tez Comodo ale już go wyrzuciłem bo mnie denerwowały ciągle wyskakujące okienka. Czy jest podobny program w polskiej wersji językowej?

**Posty:** 18165 · przez **wojtas** 16 Sie 2008, 16:24

Otworz notatnik i wklej w nim to:

File::
C:\WINDOWS\system32\tmp.reg

Folder::
C:\Program Files\AskSBar

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=-
[-HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe


polecam jako firewalla kerio personal

**Posty:** 31 · przez **Slawekbe5** 16 Sie 2008, 16:40

Zrobiłem to co wyżej i podaje log z Combofix

Kod: Zaznacz wszystko: ComboFix 08-08-15.04 - Sławek 2008-08-16 16:26:49.11 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1045.18.1966 [GMT 2:00] Running from: D:\Programy\Z internetu\Aplikacje darmowe\ComboFix.exe Command switches used :: D:\Programy\Z internetu\Aplikacje darmowe\CFScript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE :: C:\WINDOWS\system32\tmp.reg . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\AskSBar C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.JAR C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.JAR C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL C:\Program Files\AskSBar\bar\Cache\[u]0[/u]002E555 C:\Program Files\AskSBar\bar\Cache\[u]0[/u]002E8EF C:\Program Files\AskSBar\bar\Cache\[u]0[/u]002EA56.bin C:\Program Files\AskSBar\bar\Cache\[u]0[/u]002EC0C.bin C:\Program Files\AskSBar\bar\Cache\[u]0[/u]002EE00.bin C:\Program Files\AskSBar\bar\Cache\[u]0[/u]002F245.bin C:\Program Files\AskSBar\bar\Cache\[u]0[/u]002F3AD.bin C:\Program Files\AskSBar\bar\Cache\[u]0[/u]002FA35.bin C:\Program Files\AskSBar\bar\Cache\[u]0[/u]002FCF4.bin C:\Program Files\AskSBar\bar\Cache\[u]0[/u]0030512.bin C:\Program Files\AskSBar\bar\Cache\files.ini C:\Program Files\AskSBar\bar\History\search2 C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL C:\WINDOWS\system32\tmp.reg . ((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))) . 2008-08-16 15:54 . 2008-08-16 15:54 <DIR> d-------- C:\Documents and Settings\Sławek 2008-08-16 15:54 . <DIR> C:\Documents and Settings\S-awek\Ustawienia lokalne 2008-08-16 15:54 . <DIR> C:\Documents and Settings\S-awek\Ustawienia lokalne 2008-08-16 13:47 . 2008-08-16 13:47 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll 2008-08-16 13:46 . 2008-08-16 15:46 <DIR> d-------- C:\Program Files\COMODO 2008-08-15 20:52 . 2008-08-15 20:52 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-08-15 20:52 . 2008-08-15 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2008-08-15 19:58 . 2008-08-15 19:58 <DIR> d-------- C:\Program Files\Avira 2008-08-15 19:58 . 2008-08-15 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Avira 2008-08-14 12:44 . 2008-08-16 15:54 <DIR> d--h----- C:\Documents and Settings\Administrator\Ustawienia lokalne 2008-08-14 12:44 . 2008-01-01 19:49 <DIR> d-------- C:\Documents and Settings\Administrator\Ulubione 2008-08-14 12:44 . 2008-01-01 20:07 <DIR> d--h----- C:\Documents and Settings\Administrator\Szablony 2008-08-14 12:44 . 2008-08-14 12:58 <DIR> d-------- C:\Documents and Settings\Administrator\Pulpit 2008-08-14 12:44 . 2008-01-01 19:49 <DIR> d-------- C:\Documents and Settings\Administrator\Moje dokumenty 2008-08-14 12:44 . 2008-01-01 19:49 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start 2008-08-14 12:44 . 2008-01-01 19:49 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dane aplikacji 2008-08-14 12:44 . 2008-08-14 12:44 <DIR> d-------- C:\Documents and Settings\Administrator 2008-08-14 12:13 . 2008-08-14 12:13 16,244 --a------ C:\WINDOWS\system32\rrt_is.wav 2008-08-14 12:13 . 2008-08-14 12:13 7,302 --a------ C:\WINDOWS\system32\rrt_vf.wav 2008-08-14 12:13 . 2008-08-14 12:13 7,148 --a------ C:\WINDOWS\system32\rrt_tv.wav 2008-08-14 12:13 . 2008-08-14 12:13 6,282 --a------ C:\WINDOWS\system32\rrt_tn.wav 2008-08-14 11:24 . 2008-08-14 11:24 <DIR> d-------- C:\Program Files\Trend Micro 2008-08-13 09:12 . 2008-05-01 16:37 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-13 09:09 . 2008-04-11 21:06 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-13 09:06 . 2008-08-13 09:06 <DIR> d-------- C:\WINDOWS\Sun 2008-07-27 15:50 . 2008-07-27 15:50 <DIR> d--h----- C:\WINDOWS\PIF 2008-07-27 08:50 . 2008-07-27 09:02 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-07-27 08:21 . 2008-07-27 08:21 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy 2008-07-27 08:21 . 2008-07-27 08:21 <DIR> d-------- C:\Program Files\Windows Desktop Search 2008-07-27 08:21 . 2008-07-27 08:21 <DIR> d-------- C:\Program Files\Microsoft Silverlight 2008-07-27 08:21 . 2008-03-07 19:02 192,000 -----c--- C:\WINDOWS\system32\dllcache\offfilt.dll 2008-07-27 08:21 . 2008-03-07 19:02 98,304 -----c--- C:\WINDOWS\system32\dllcache\nlhtml.dll 2008-07-27 08:21 . 2008-03-07 19:02 29,696 -----c--- C:\WINDOWS\system32\dllcache\mimefilt.dll 2008-07-26 11:10 . 2008-08-16 12:17 <DIR> d-------- C:\Program Files\Internet Translator 2 2008-07-26 10:44 . 2008-07-27 11:52 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ZoomBrowser 2008-07-26 10:32 . 2008-07-26 10:32 <DIR> d-------- C:\Program Files\PC Connectivity Solution 2008-07-26 10:32 . 2008-07-26 10:32 <DIR> d-------- C:\Program Files\Common Files\PCSuite 2008-07-26 10:32 . 2008-07-26 10:32 <DIR> d-------- C:\Program Files\Common Files\Nokia 2008-07-26 10:32 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys 2008-07-25 10:42 . 2008-07-25 10:42 <DIR> d-------- C:\WINDOWS\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$ 2008-07-25 10:35 . 2008-07-25 10:35 <DIR> d-------- C:\WINDOWS\SQLTools9_KB948109_ENU 2008-07-25 10:32 . 2008-07-25 10:32 <DIR> d-------- C:\WINDOWS\SQL9_KB948109_ENU 2008-07-25 10:19 . 2008-07-25 10:19 <DIR> d-------- C:\WINDOWS\system32\pl 2008-07-25 10:19 . 2008-07-25 10:19 <DIR> d-------- C:\WINDOWS\system32\bits 2008-07-25 10:19 . 2008-07-25 10:19 <DIR> d-------- C:\WINDOWS\l2schemas 2008-07-25 10:05 . 2008-06-14 19:36 273,024 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-25 09:57 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-07-25 09:42 . 2008-04-14 19:20 651,264 --------- C:\WINDOWS\system32\dot3ui.dll 2008-07-25 09:00 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll 2008-07-25 08:53 . 2008-07-25 08:53 <DIR> d-------- C:\WINDOWS\Logs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-16 12:07 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-08-14 11:15 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2008-08-13 09:43 --------- d-----w C:\Program Files\Java 2008-08-13 07:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help 2008-07-26 09:03 --------- d-----w C:\Program Files\FlashGet 2008-07-26 08:54 --------- d-----w C:\Program Files\TuneUp Utilities 2006 2008-07-26 08:44 --------- d-----w C:\Program Files\Canon 2008-07-26 08:33 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-26 08:32 --------- d-----w C:\Program Files\Nokia 2008-07-26 08:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Installations 2008-07-26 06:39 --------- d-----w C:\Program Files\Eusing Free Registry Cleaner 2008-07-26 06:31 --------- d-----w C:\Program Files\Common Files\LightScribe 2008-07-25 08:35 --------- d-----w C:\Program Files\Microsoft SQL Server 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe . ((((((((((((((((((((((((((((( snapshot@2008-08-16_15.54.37.53 ))))))))))))))))))))))))))))))))))))))))) . - 2008-08-16 13:51:24 95,518 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-08-16 13:57:31 95,518 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-08-16 13:51:24 121,388 ----a-w C:\WINDOWS\system32\perfc015.dat + 2008-08-16 13:57:31 121,388 ----a-w C:\WINDOWS\system32\perfc015.dat - 2008-08-16 13:51:24 501,034 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-08-16 13:57:31 501,034 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-08-16 13:51:24 581,414 ----a-w C:\WINDOWS\system32\perfh015.dat + 2008-08-16 13:57:31 581,414 ----a-w C:\WINDOWS\system32\perfh015.dat - 2008-08-16 13:53:44 49,152 ----a-w C:\WINDOWS\Temp\CompiledAdapter.dll + 2008-08-16 14:31:40 49,152 ----a-w C:\WINDOWS\Temp\CompiledAdapter.dll + 2008-08-16 14:31:00 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_764.dat + 2008-08-16 14:31:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7c4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 19:21 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 06:22 7700480] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 06:22 86016] "Ad Muncher"="C:\Program Files\Ad Muncher\AdMunch.exe" [2008-01-02 20:08 779776] "Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2007-03-28 21:41 2037352] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "RTHDCPL"="RTHDCPL.EXE" [2006-04-04 18:44 16120832 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 19:21 15360] "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 18:41 1232896] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= vdrcodec.dll "VIDC.MJPG"= Pvmjpg30.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Windows Search.lnk] backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-10-22 06:22 1622016 C:\WINDOWS\system32\nwiz.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray "PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" "LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden "Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" "HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe "RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" "HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" "HPHmon04"=C:\WINDOWS\system32\hphmon04.exe "Share-to-Web Namespace Daemon"=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe "InCD"=C:\Program Files\Ahead\InCD\InCD.exe "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "PinnacleDriverCheck"=C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Gadu-Gadu\\gg.exe"= "C:\\Program Files\\FlashGet\\FlashGet.exe"= R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-02-07 14:43] R2 Harmonogram automatycznej usługi LiveUpdate;Harmonogram automatycznej usługi LiveUpdate;C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-26 17:23] R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 12:16] R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2008-04-14 19:21] R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12:12] R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 11:30] R3 WacomVKHid;Virtual Keyboard Driver;C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 17:11] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2008-02-01 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 17:09] 2008-08-16 C:\WINDOWS\Tasks\HP Usg Daily.job - C:\Program Files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 21:50] 2008-08-16 C:\WINDOWS\Tasks\HP Usg Login.job - C:\Program Files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 21:50] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-16 16:30:53 Windows 5.1.2600 Dodatek Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\searchindexer.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\searchprotocolhost.exe C:\WINDOWS\system32\searchfilterhost.exe . ************************************************************************** . Completion time: 2008-08-16 16:33:04 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-16 14:33:00 ComboFix2.txt 2008-08-16 13:54:56 Pre-Run: 52,507,820,032 bajtów wolnych Post-Run: 52,495,085,568 bajt˘w wolnych 233 --- E O F --- 2008-08-13 07:45:05

Czy to już koniec, komp czysty czy jeszcze coś trzeba zrobić?
Dzięki za pomoc.

**Posty:** 18165 · przez **wojtas** 16 Sie 2008, 16:45

kasuj ta reszte od comodo :

C:\Program Files\COMODO

**Posty:** 31 · przez **Slawekbe5** 18 Sie 2008, 20:27

OK pokasowałem. Po skanowaniu antywirusem pokazuje że mam czysto mam nadzieje, że to na jakiś czas spokój. Dzięki za pomoc.