(log) dziwne działanie internetu.

**Posty:** 117 · przez **mysia117** 21 Wrz 2008, 15:21

od jakiegoś czasu gdy długo serfuje po stronach internetowych niemoge używac prawego przycisku myszy- niewyświetla sie otwórz kopiuj i wklej itp ytak jak by nie działał, znika mi z przeglądarki pasek manu plik edycja widok itp. oraz niemoge włączyć folderów lub dysku. bardzo prosze o sprawdzenie loga:

combofix

Kod: Zaznacz wszystko: ComboFix 08-09-20.05 - Marcin 2008-09-21 15:10:05.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1045.18.1142 [GMT 2:00] Uruchomiony z: C:\Users\Marcin\Desktop\na bieľĄco\ComboFix.exe * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Recycled\Recycled C:\Recycled\Recycled\ctfmon.exe C:\Windows\system32\AutoRun.inf D:\Autorun.inf E:\Autorun.inf F:\Autorun.inf . ((((((((((((((((((((((((( Pliki utworzone od 2008-08-21 do 2008-09-21 ))))))))))))))))))))))))))))))) . Nie utworzono żadnych nowych plików w tym okresie . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-21 13:03 --------- d-----w C:\Users\Marcin\AppData\Roaming\uTorrent 2008-09-21 12:22 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-09-17 17:25 --------- d-----w C:\Users\Marcin\AppData\Roaming\BearShare 2008-09-08 19:03 --------- d-----w C:\ProgramData\HP 2008-09-08 19:02 --------- d-----w C:\Program Files\Hewlett-Packard 2008-09-08 17:33 --------- d-----w C:\Users\Marcin\AppData\Roaming\HP 2008-09-08 17:18 --------- d-----w C:\Program Files\HP 2008-09-08 17:18 --------- d-----w C:\Program Files\Common Files\HP 2008-09-08 17:16 --------- d-----w C:\ProgramData\HPSSUPPLY 2008-09-08 15:25 262,144 ----a-w C:\ProgramData\ntuser.dat 2008-09-07 11:30 --------- d-----w C:\ProgramData\WEBREG 2008-09-07 10:02 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2008-09-07 10:00 --------- d-----w C:\ProgramData\Hewlett-Packard 2008-09-06 09:23 --------- d-----w C:\Program Files\Windows Mail 2008-09-05 16:15 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-05 16:15 --------- d-----w C:\Users\Marcin\AppData\Roaming\InstallShield 2008-09-05 16:15 --------- d-----w C:\Program Files\SAGEM 2008-08-14 19:36 --------- d-----w C:\Users\Marcin\AppData\Roaming\temp 2008-08-03 15:57 --------- d-----w C:\ProgramData\Test Drive Unlimited 2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-07-26 17:58 --------- d-----w C:\Program Files\FlashGet 2008-07-26 17:52 --------- d-----w C:\Users\Marcin\AppData\Roaming\FlashGet 2008-07-25 08:34 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-07-25 08:34 683,520 ----a-w C:\Windows\System32\divx.dll 2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-07-10 01:08 174 --sha-w C:\Program Files\desktop.ini 2008-06-30 19:07 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll 2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll 2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll 2007-05-18 16:13 53,329 ----a-w C:\Users\Marcin\fgmgr.dll 2006-06-01 21:57 457,216 ----a-w C:\Users\Marcin\koder-dekoder v0.4b.exe 2000-12-19 07:36 414,272 ----a-w C:\Users\Marcin\DivXc32f.dll 2000-12-19 07:36 414,272 ----a-w C:\Users\Marcin\DivXc32.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-22 1232896] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "DAEMON Tools Lite"="D:\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 C:\Windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "WinampAgent"="D:\Winamp\winampa.exe" [2007-05-19 35328] "QuickTime Task"="D:\QuicTime 7.2\QTTask.exe" [2007-06-29 286720] "DT PHL"="C:\Program Files\Philips Display\SmartControl II\DTHtml.exe" [2007-07-27 292352] "Adobe Reader Speed Launcher"="D:\Adobe Reader\Reader\Reader_sl.exe" [2008-01-11 39792] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 13535776] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 92704] "Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 2007088] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Tworzenie wycink˘w ekranu i uruchamianie programu OneNote 2007.lnk - D:\Microsoft Office 2007\Office12\ONENOTEM.EXE [2006-10-26 98632] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-10 113664] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{C11C61AD-4B9A-4FC4-A2E0-159934CBAED5}D:\\gadu-gadu\\gg.exe"= UDP:D:\gadu-gadu\gg.exe:Gadu-Gadu - program główny "UDP Query User{C7B910E6-ABBE-400B-9C3F-DF945DB653A0}D:\\gadu-gadu\\gg.exe"= TCP:D:\gadu-gadu\gg.exe:Gadu-Gadu - program główny "TCP Query User{483AA509-42CB-49F1-AEC1-586994D3174B}D:\\bitcomet\\bitcomet.exe"= UDP:D:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "UDP Query User{87F5705B-BE59-4ACC-BCA4-15D5A5CCC287}D:\\bitcomet\\bitcomet.exe"= TCP:D:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "TCP Query User{E5CEFD36-AFEE-4347-8BC6-0D0B18228D82}D:\\bearshare\\bearshare.exe"= UDP:D:\bearshare\bearshare.exe:BearShare "UDP Query User{33F38E44-604B-4D43-A8DD-5A906C68FF2E}D:\\bearshare\\bearshare.exe"= TCP:D:\bearshare\bearshare.exe:BearShare "TCP Query User{C1708581-6B71-421B-9B58-CAF8E31A53F8}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{50AE231B-36D1-46C2-A6FF-CF20151B0CDA}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{4F8CB37B-F6F7-4C3C-93E6-C0665BAEF045}"= UDP:D:\Microsoft Office 2007\Office12\ONENOTE.EXE:Microsoft Office OneNote "{045546C7-0301-40F8-9EDA-7671104DC6EA}"= TCP:D:\Microsoft Office 2007\Office12\ONENOTE.EXE:Microsoft Office OneNote "{E8440C38-6BE2-42FE-8597-DE47E064EF2A}"= UDP:E:\LOST Zagubieni\Lost - Zagubieni\Yeti_Final_Win32.exe:Lost - Zagubieni Game "{210D2DE3-3C63-43A6-9303-E8B2D526FD45}"= TCP:E:\LOST Zagubieni\Lost - Zagubieni\Yeti_Final_Win32.exe:Lost - Zagubieni Game "{3F913C93-B077-46ED-B27D-94B184D77E44}"= UDP:E:\LOST Zagubieni\Lost - Zagubieni\gu.exe:Lost - Zagubieni Updater "{D1E05415-3705-4CB3-9A22-1441C1F6754F}"= TCP:E:\LOST Zagubieni\Lost - Zagubieni\gu.exe:Lost - Zagubieni Updater "{1C1B7231-5EBD-42E1-B622-71B61CA19300}"= UDP:E:\LOST Zagubieni\Lost - Zagubieni\detection\Launcher.exe:Lost - Zagubieni Requirements Tool "{ECA83DF6-DB36-40F4-9CC8-11354BACE5D3}"= TCP:E:\LOST Zagubieni\Lost - Zagubieni\detection\Launcher.exe:Lost - Zagubieni Requirements Tool "TCP Query User{3C9E02AD-DA05-424C-8810-C28E46F9C054}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\polish\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe:Kaspersky Internet Security 2009 Setup "UDP Query User{AE9253F2-7E9A-4C18-83DE-BC94A9C14B6C}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\polish\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe:Kaspersky Internet Security 2009 Setup "TCP Query User{2E1A5C2C-FBB1-4C81-A4DD-DC43E141F393}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{FA6A9F03-16BA-4834-A30F-E089705F5A00}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{65FC929C-5131-4647-BB1B-82A936C09C7C}E:\\lost - zagubieni\\yeti_final_win32.exe"= UDP:E:\lost - zagubieni\yeti_final_win32.exe:Lost "UDP Query User{EDD1F751-7CD4-46F3-AE29-2199AC4A0B6E}E:\\lost - zagubieni\\yeti_final_win32.exe"= TCP:E:\lost - zagubieni\yeti_final_win32.exe:Lost "TCP Query User{FABC1FDA-83D6-4DB2-BEE1-F29A2AF0F2B4}C:\\users\\marcin\\flashget.exe"= UDP:C:\users\marcin\flashget.exe:flashget.exe "UDP Query User{0B34D834-958E-4108-88C8-E2A094F34BBE}C:\\users\\marcin\\flashget.exe"= TCP:C:\users\marcin\flashget.exe:flashget.exe "TCP Query User{296F9E6B-13E7-47A7-A2F9-9BBECFC33167}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet "UDP Query User{D25E1510-708F-4796-88BD-0EBF67030243}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet "{D7BDDA2D-378C-4E7C-89A5-83F98EDC5DF6}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{38154FCB-FF3E-4463-9A3A-6D5AE642B559}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{F4B60052-C840-4A66-95D4-7163F4F2C5B2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{A909226E-309D-4749-9684-C802B1D47DCD}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 449536] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03415590-07f1-11dd-bf84-001a4d5161b8}] \shell\AutoRun\command - H:\Autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15c498bd-2d9e-11dd-ac2f-001a4d5161b8}] \shell\AutoRun\command - M:\software.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27344b12-f848-11dc-97d9-001a4d5161b8}] \shell\AutoRun\command - F:\autorun.exe \shell\install\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{869b94da-014b-11dd-95f8-001a4d5161b8}] \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe \shell\Open(&0)\command - Recycled\ctfmon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abcc5409-7dd2-11dd-8a0c-001a4d5161b8}] \shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe \shell\Open(&0)\command - Recycled\ctfmon.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Zawartość folderu 'Zaplanowane zadania' . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-BitComet - D:\BitComet\BitComet.exe . ------- Skan uzupełniający ------- . FireFox -: Profile - C:\Users\Marcin\AppData\Roaming\Mozilla\Firefox\Profiles\w5es8op3.default\ FF -: plugin - D:\Adobe Reader\Reader\browser\nppdf32.dll FF -: plugin - D:\QuicTime 7.2\Plugins\npqtplugin.dll FF -: plugin - D:\QuicTime 7.2\Plugins\npqtplugin2.dll FF -: plugin - D:\QuicTime 7.2\Plugins\npqtplugin3.dll FF -: plugin - D:\QuicTime 7.2\Plugins\npqtplugin4.dll FF -: plugin - D:\QuicTime 7.2\Plugins\npqtplugin5.dll FF -: plugin - D:\QuicTime 7.2\Plugins\npqtplugin6.dll FF -: plugin - D:\QuicTime 7.2\Plugins\npqtplugin7.dll FF -: plugin - D:\Real Alternative\browser\plugins\nppl3260.dll FF -: plugin - D:\Real Alternative\browser\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-21 15:12:37 Windows 6.0.6000 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2008-09-21 15:14:15 ComboFix-quarantined-files.txt 2008-09-21 13:14:05 Przed: System nie moľe znale«† komunikatu dla numeru komunikatu 0x2379 w pliku komunikat˘w dla Application. Po: 151,426,920,448 bajt˘w wolnych 193 --- E O F --- 2008-09-18 20:40:00

hijack this:

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:17:59, on 2008-09-21 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16711) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe D:\Winamp\winampa.exe C:\Program Files\Philips Display\SmartControl II\dthtml.exe C:\Program Files\FlashGet\flashget.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe D:\DAEMON Tools Lite\daemon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe D:\Microsoft Office 2007\Office12\ONENOTEM.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\Explorer.exe C:\Program Files\Internet Explorer\iexplore.exe D:\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "D:\QuicTime 7.2\QTTask.exe" -atboottime O4 - HKLM\..\Run: [DT PHL] C:\Program Files\Philips Display\SmartControl II\DTHtml.exe -startup_folder O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Adobe Reader\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\daemon.exe" -autorun O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk = D:\Microsoft Office 2007\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file) O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing) O9 - Extra button: (no name) - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - (no file) O13 - Gopher Prefix: O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 5855 bytes

**Posty:** 684 · przez **djarta** 21 Wrz 2008, 17:13

Wklej do Notatnika:

Kod: Zaznacz wszystko: Windows Registry Editor Version 5.00 [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: "Wszystkie pliki" >>> Zapisz jako FIX.REG>>>
plik uruchom (dwuklik i OK- zgódź się na dodanie do Rejestru).
Zrestartuj komputer.

Wykonaj to co jest podane w tym temacie (jeśli wykonałeś/łaś to wcześniej to nie rób tego).

Usuń ręcznie folder C:\Qoobox,

Usuń instalkę ComboFix z dysku.

Wykonaj optymalizację autostartu

Przeczyść komputer ATF-Cleaner

Wyłącz i włącz przywracanie systemu na wszystkich dyskach.Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

===================================
K.

**Posty:** 117 · przez **mysia117** 21 Wrz 2008, 20:28

robiłęm wszystko po kolei wg. wskazówek, ale na systemie windows vista który popsiadam niemoge znaleść wyłaczenia przywracania systemu, a gdy chce przeskanowac komputer skanerem online i zgadazam sie z regulaminem wyświetla się komunikat bład strony i się nic nie dzieje:/ a jesli chodzi o log FixieD to wklejam tu:

Kod: Zaznacz wszystko: ******************************************************************************** * * * FixIEDef Log * * Version 1.6.10.6162 * * * ******************************************************************************** Created at 20:21:55 on Sunday, September 21, 2008 Time Zone : (GMT+01:00) Sarajewo, Skopie, Warszawa, Zagrzeb Logged On User : Marcin Operating System : Microsoft® Windows Vista™ Home Premium OS Version : 6.0.6000 System Langauge : Polish Keyboard Layout : Polish Processor : X86 Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz System Drive : C:\ Windows Directory : C:\Windows System Directory : C:\Windows\system32 System Drive Type : Fixed System Drive Status : READY System Drive Label : System Drive Size : 246.94 GB System Drive Free : 151.54 GB Total Physical Memory: 2030 MB Free Physical Memory : 1315 MB Total Page File : 2030 MB Free Page File : 3497 MB Total Virtual Memory : 2048 MB Free Virtual Memory : 1969 MB Boot State : Normal boot -------------------------------------------------------------------------------- !!! Files that have been deleted !!! C:\Windows\system32\actskn45.ocx -------------------------------------------------------------------------------- !!! Directories that have been removed !!! No malicious directories to be removed -------------------------------------------------------------------------------- !!! Registry entries that have been removed !!! No malicious Registry entries found ================================================================================ All Done :) ShadowPuterDude Safe Surfing!!!

**Posty:** 18165 · przez **wojtas** 21 Wrz 2008, 20:46

jest ok

**Posty:** 117 · przez **mysia117** 22 Wrz 2008, 20:41

ale problrm nadal występuje - możliwe że to jakaś wadliwa przeglądarka? mam najnowsza explorera wersia 7.0.6000.16711 (to ta najnowsza w której jest możliowość otwierania posczególnych stron w kartach u góry ekranu. czy u was w tej wersi też występują takie problemy?

**Posty:** 18165 · przez **wojtas** 22 Wrz 2008, 20:52

skasuj te wpisy + pogrubiony wywal do kosza:

O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)

potem wklej do notatnika :

Folder::
D:\Recycled
E:\Recycled
F:\Recycled

File::
D:\Windows\system32\AutoRun.inf
E:\Windows\system32\AutoRun.inf
F:\Windows\system32\AutoRun.inf

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->

Ma się rozpocząć usuwanie. (i powstanie log).Daj ten log, który powstanie w trakcie usuwania.

**Posty:** 117 · przez **mysia117** 24 Wrz 2008, 17:43

Kod: Zaznacz wszystko: ComboFix 08-09-22.06 - Marcin 2008-09-24 17:36:43.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1045.18.1202 [GMT 2:00] Uruchomiony z: C:\Users\Marcin\Desktop\ComboFix.exe Użyto następujących komend :: C:\Users\Marcin\Desktop\CFScript.txt * Utworzono nowy punkt przywracania FILE :: D:\Windows\system32\AutoRun.inf E:\Windows\system32\AutoRun.inf F:\Windows\system32\AutoRun.inf . ((((((((((((((((((((((((( Pliki utworzone od 2008-08-24 do 2008-09-24 ))))))))))))))))))))))))))))))) . Nie utworzono żadnych nowych plików w tym okresie . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-24 15:36 --------- d-----w C:\Users\Marcin\AppData\Roaming\uTorrent 2008-09-21 12:22 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-09-17 17:25 --------- d-----w C:\Users\Marcin\AppData\Roaming\BearShare 2008-09-08 19:03 --------- d-----w C:\ProgramData\HP 2008-09-08 19:02 --------- d-----w C:\Program Files\Hewlett-Packard 2008-09-08 17:33 --------- d-----w C:\Users\Marcin\AppData\Roaming\HP 2008-09-08 17:18 --------- d-----w C:\Program Files\HP 2008-09-08 17:18 --------- d-----w C:\Program Files\Common Files\HP 2008-09-08 17:16 --------- d-----w C:\ProgramData\HPSSUPPLY 2008-09-08 15:25 262,144 ----a-w C:\ProgramData\ntuser.dat 2008-09-07 11:30 --------- d-----w C:\ProgramData\WEBREG 2008-09-07 10:02 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2008-09-07 10:00 --------- d-----w C:\ProgramData\Hewlett-Packard 2008-09-06 09:23 --------- d-----w C:\Program Files\Windows Mail 2008-09-05 16:15 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-05 16:15 --------- d-----w C:\Users\Marcin\AppData\Roaming\InstallShield 2008-09-05 16:15 --------- d-----w C:\Program Files\SAGEM 2008-08-14 19:36 --------- d-----w C:\Users\Marcin\AppData\Roaming\temp 2008-08-03 15:57 --------- d-----w C:\ProgramData\Test Drive Unlimited 2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-07-26 17:58 --------- d-----w C:\Program Files\FlashGet 2008-07-26 17:52 --------- d-----w C:\Users\Marcin\AppData\Roaming\FlashGet 2008-07-25 08:34 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-07-25 08:34 683,520 ----a-w C:\Windows\System32\divx.dll 2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-07-10 01:08 174 --sha-w C:\Program Files\desktop.ini 2008-06-30 19:07 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll 2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll 2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll 2007-05-18 16:13 53,329 ----a-w C:\Users\Marcin\fgmgr.dll 2006-06-01 21:57 457,216 ----a-w C:\Users\Marcin\koder-dekoder v0.4b.exe 2000-12-19 07:36 414,272 ----a-w C:\Users\Marcin\DivXc32f.dll 2000-12-19 07:36 414,272 ----a-w C:\Users\Marcin\DivXc32.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-22 1232896] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 C:\Windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "WinampAgent"="D:\Winamp\winampa.exe" [2007-05-19 35328] "DT PHL"="C:\Program Files\Philips Display\SmartControl II\DTHtml.exe" [2007-07-27 292352] "Adobe Reader Speed Launcher"="D:\Adobe Reader\Reader\Reader_sl.exe" [2008-01-11 39792] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 13535776] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 92704] "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 222208] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-10 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Marcin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk] path=C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk backup=C:\Windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-04-01 11:39 486856 D:\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] --a------ 2007-09-25 10:10 2007088 C:\Program Files\FlashGet\flashget.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-12-10 21:52 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 06:24 286720 D:\QuicTime 7.2\QTTask.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{C11C61AD-4B9A-4FC4-A2E0-159934CBAED5}D:\\gadu-gadu\\gg.exe"= UDP:D:\gadu-gadu\gg.exe:Gadu-Gadu - program główny "UDP Query User{C7B910E6-ABBE-400B-9C3F-DF945DB653A0}D:\\gadu-gadu\\gg.exe"= TCP:D:\gadu-gadu\gg.exe:Gadu-Gadu - program główny "TCP Query User{483AA509-42CB-49F1-AEC1-586994D3174B}D:\\bitcomet\\bitcomet.exe"= UDP:D:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "UDP Query User{87F5705B-BE59-4ACC-BCA4-15D5A5CCC287}D:\\bitcomet\\bitcomet.exe"= TCP:D:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "TCP Query User{E5CEFD36-AFEE-4347-8BC6-0D0B18228D82}D:\\bearshare\\bearshare.exe"= UDP:D:\bearshare\bearshare.exe:BearShare "UDP Query User{33F38E44-604B-4D43-A8DD-5A906C68FF2E}D:\\bearshare\\bearshare.exe"= TCP:D:\bearshare\bearshare.exe:BearShare "TCP Query User{C1708581-6B71-421B-9B58-CAF8E31A53F8}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{50AE231B-36D1-46C2-A6FF-CF20151B0CDA}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{4F8CB37B-F6F7-4C3C-93E6-C0665BAEF045}"= UDP:D:\Microsoft Office 2007\Office12\ONENOTE.EXE:Microsoft Office OneNote "{045546C7-0301-40F8-9EDA-7671104DC6EA}"= TCP:D:\Microsoft Office 2007\Office12\ONENOTE.EXE:Microsoft Office OneNote "{E8440C38-6BE2-42FE-8597-DE47E064EF2A}"= UDP:E:\LOST Zagubieni\Lost - Zagubieni\Yeti_Final_Win32.exe:Lost - Zagubieni Game "{210D2DE3-3C63-43A6-9303-E8B2D526FD45}"= TCP:E:\LOST Zagubieni\Lost - Zagubieni\Yeti_Final_Win32.exe:Lost - Zagubieni Game "{3F913C93-B077-46ED-B27D-94B184D77E44}"= UDP:E:\LOST Zagubieni\Lost - Zagubieni\gu.exe:Lost - Zagubieni Updater "{D1E05415-3705-4CB3-9A22-1441C1F6754F}"= TCP:E:\LOST Zagubieni\Lost - Zagubieni\gu.exe:Lost - Zagubieni Updater "{1C1B7231-5EBD-42E1-B622-71B61CA19300}"= UDP:E:\LOST Zagubieni\Lost - Zagubieni\detection\Launcher.exe:Lost - Zagubieni Requirements Tool "{ECA83DF6-DB36-40F4-9CC8-11354BACE5D3}"= TCP:E:\LOST Zagubieni\Lost - Zagubieni\detection\Launcher.exe:Lost - Zagubieni Requirements Tool "TCP Query User{3C9E02AD-DA05-424C-8810-C28E46F9C054}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\polish\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe:Kaspersky Internet Security 2009 Setup "UDP Query User{AE9253F2-7E9A-4C18-83DE-BC94A9C14B6C}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\polish\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe:Kaspersky Internet Security 2009 Setup "TCP Query User{2E1A5C2C-FBB1-4C81-A4DD-DC43E141F393}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{FA6A9F03-16BA-4834-A30F-E089705F5A00}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{65FC929C-5131-4647-BB1B-82A936C09C7C}E:\\lost - zagubieni\\yeti_final_win32.exe"= UDP:E:\lost - zagubieni\yeti_final_win32.exe:Lost "UDP Query User{EDD1F751-7CD4-46F3-AE29-2199AC4A0B6E}E:\\lost - zagubieni\\yeti_final_win32.exe"= TCP:E:\lost - zagubieni\yeti_final_win32.exe:Lost "TCP Query User{FABC1FDA-83D6-4DB2-BEE1-F29A2AF0F2B4}C:\\users\\marcin\\flashget.exe"= UDP:C:\users\marcin\flashget.exe:flashget.exe "UDP Query User{0B34D834-958E-4108-88C8-E2A094F34BBE}C:\\users\\marcin\\flashget.exe"= TCP:C:\users\marcin\flashget.exe:flashget.exe "TCP Query User{296F9E6B-13E7-47A7-A2F9-9BBECFC33167}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet "UDP Query User{D25E1510-708F-4796-88BD-0EBF67030243}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet "{D7BDDA2D-378C-4E7C-89A5-83F98EDC5DF6}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{38154FCB-FF3E-4463-9A3A-6D5AE642B559}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{F4B60052-C840-4A66-95D4-7163F4F2C5B2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{A909226E-309D-4749-9684-C802B1D47DCD}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 449536] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Zawartość folderu 'Zaplanowane zadania' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-24 17:38:58 Windows 6.0.6000 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2008-09-24 17:40:26 ComboFix-quarantined-files.txt 2008-09-24 15:40:14 ComboFix2.txt 2008-09-21 13:14:16 Przed: System nie moľe znale«† komunikatu dla numeru komunikatu 0x2379 w pliku komunikat˘w dla Application. Po: 157,018,398,720 bajt˘w wolnych 169 --- E O F --- 2008-09-18 20:40:00

**Posty:** 18165 · przez **wojtas** 24 Wrz 2008, 20:40

Folder::
D:\Recycled
E:\Recycled
F:\Recycled

a wklej to i daj nowego loga

**Posty:** 117 · przez **mysia117** 24 Wrz 2008, 21:31

Kod: Zaznacz wszystko: ComboFix 08-09-24.01 - Marcin 2008-09-24 21:25:43.3 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1250.1.1045.18.1298 [GMT 2:00] Uruchomiony z: C:\Users\Marcin\Desktop\ComboFix.exe Użyto następujących komend :: C:\Users\Marcin\Desktop\CFScript.txt * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((( Pliki utworzone od 2008-08-24 do 2008-09-24 ))))))))))))))))))))))))))))))) . Nie utworzono żadnych nowych plików w tym okresie . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-24 19:21 --------- d-----w C:\Users\Marcin\AppData\Roaming\uTorrent 2008-09-21 12:22 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-09-17 17:25 --------- d-----w C:\Users\Marcin\AppData\Roaming\BearShare 2008-09-08 19:03 --------- d-----w C:\ProgramData\HP 2008-09-08 19:02 --------- d-----w C:\Program Files\Hewlett-Packard 2008-09-08 17:33 --------- d-----w C:\Users\Marcin\AppData\Roaming\HP 2008-09-08 17:18 --------- d-----w C:\Program Files\HP 2008-09-08 17:18 --------- d-----w C:\Program Files\Common Files\HP 2008-09-08 17:16 --------- d-----w C:\ProgramData\HPSSUPPLY 2008-09-08 15:25 262,144 ----a-w C:\ProgramData\ntuser.dat 2008-09-07 11:30 --------- d-----w C:\ProgramData\WEBREG 2008-09-07 10:02 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2008-09-07 10:00 --------- d-----w C:\ProgramData\Hewlett-Packard 2008-09-06 09:23 --------- d-----w C:\Program Files\Windows Mail 2008-09-05 16:15 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-05 16:15 --------- d-----w C:\Users\Marcin\AppData\Roaming\InstallShield 2008-09-05 16:15 --------- d-----w C:\Program Files\SAGEM 2008-08-14 19:36 --------- d-----w C:\Users\Marcin\AppData\Roaming\temp 2008-08-03 15:57 --------- d-----w C:\ProgramData\Test Drive Unlimited 2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll 2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-07-26 17:58 --------- d-----w C:\Program Files\FlashGet 2008-07-26 17:52 --------- d-----w C:\Users\Marcin\AppData\Roaming\FlashGet 2008-07-25 08:34 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-07-25 08:34 683,520 ----a-w C:\Windows\System32\divx.dll 2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-07-10 01:08 174 --sha-w C:\Program Files\desktop.ini 2008-06-30 19:07 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll 2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll 2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll 2007-05-18 16:13 53,329 ----a-w C:\Users\Marcin\fgmgr.dll 2006-06-01 21:57 457,216 ----a-w C:\Users\Marcin\koder-dekoder v0.4b.exe 2000-12-19 07:36 414,272 ----a-w C:\Users\Marcin\DivXc32f.dll 2000-12-19 07:36 414,272 ----a-w C:\Users\Marcin\DivXc32.dll . ((((((((((((((((((((((((((((( snapshot@2008-09-24_17.39.34.11 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-23 12:00:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-09-24 17:28:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-09-23 12:00:25 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-09-24 17:28:43 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-09-23 12:02:35 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-09-24 17:30:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-09-24 17:30:41 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-09-23 12:02:30 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-09-24 17:30:52 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-09-24 17:30:52 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-09-24 13:11:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-09-24 19:22:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-09-24 13:11:50 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-09-24 19:22:09 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-09-24 13:11:50 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-09-24 19:22:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-09-24 15:36:36 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-09-24 19:25:37 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat + 2008-09-24 19:25:37 262,144 ---ha-w C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1 - 2008-09-23 18:01:07 103,726 ----a-w C:\Windows\System32\perfc009.dat + 2008-09-24 17:15:37 103,726 ----a-w C:\Windows\System32\perfc009.dat - 2008-09-23 18:01:07 86,210 ----a-w C:\Windows\System32\perfc015.dat + 2008-09-24 17:15:37 86,210 ----a-w C:\Windows\System32\perfc015.dat - 2008-09-23 18:01:07 609,944 ----a-w C:\Windows\System32\perfh009.dat + 2008-09-24 17:15:37 609,944 ----a-w C:\Windows\System32\perfh009.dat - 2008-09-23 18:01:07 535,330 ----a-w C:\Windows\System32\perfh015.dat + 2008-09-24 17:15:37 535,330 ----a-w C:\Windows\System32\perfh015.dat - 2008-09-23 12:02:53 73,922 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-09-24 17:31:07 73,976 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-22 1232896] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 C:\Windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "WinampAgent"="D:\Winamp\winampa.exe" [2007-05-19 35328] "DT PHL"="C:\Program Files\Philips Display\SmartControl II\DTHtml.exe" [2007-07-27 292352] "Adobe Reader Speed Launcher"="D:\Adobe Reader\Reader\Reader_sl.exe" [2008-01-11 39792] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-16 13535776] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-16 92704] "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 222208] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-10 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Marcin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk] path=C:\Users\Marcin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk backup=C:\Windows\pss\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-04-01 11:39 486856 D:\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] --a------ 2007-09-25 10:10 2007088 C:\Program Files\FlashGet\flashget.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-12-10 21:52 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-06-29 06:24 286720 D:\QuicTime 7.2\QTTask.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{C11C61AD-4B9A-4FC4-A2E0-159934CBAED5}D:\\gadu-gadu\\gg.exe"= UDP:D:\gadu-gadu\gg.exe:Gadu-Gadu - program główny "UDP Query User{C7B910E6-ABBE-400B-9C3F-DF945DB653A0}D:\\gadu-gadu\\gg.exe"= TCP:D:\gadu-gadu\gg.exe:Gadu-Gadu - program główny "TCP Query User{483AA509-42CB-49F1-AEC1-586994D3174B}D:\\bitcomet\\bitcomet.exe"= UDP:D:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "UDP Query User{87F5705B-BE59-4ACC-BCA4-15D5A5CCC287}D:\\bitcomet\\bitcomet.exe"= TCP:D:\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client "TCP Query User{E5CEFD36-AFEE-4347-8BC6-0D0B18228D82}D:\\bearshare\\bearshare.exe"= UDP:D:\bearshare\bearshare.exe:BearShare "UDP Query User{33F38E44-604B-4D43-A8DD-5A906C68FF2E}D:\\bearshare\\bearshare.exe"= TCP:D:\bearshare\bearshare.exe:BearShare "TCP Query User{C1708581-6B71-421B-9B58-CAF8E31A53F8}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{50AE231B-36D1-46C2-A6FF-CF20151B0CDA}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "{4F8CB37B-F6F7-4C3C-93E6-C0665BAEF045}"= UDP:D:\Microsoft Office 2007\Office12\ONENOTE.EXE:Microsoft Office OneNote "{045546C7-0301-40F8-9EDA-7671104DC6EA}"= TCP:D:\Microsoft Office 2007\Office12\ONENOTE.EXE:Microsoft Office OneNote "{E8440C38-6BE2-42FE-8597-DE47E064EF2A}"= UDP:E:\LOST Zagubieni\Lost - Zagubieni\Yeti_Final_Win32.exe:Lost - Zagubieni Game "{210D2DE3-3C63-43A6-9303-E8B2D526FD45}"= TCP:E:\LOST Zagubieni\Lost - Zagubieni\Yeti_Final_Win32.exe:Lost - Zagubieni Game "{3F913C93-B077-46ED-B27D-94B184D77E44}"= UDP:E:\LOST Zagubieni\Lost - Zagubieni\gu.exe:Lost - Zagubieni Updater "{D1E05415-3705-4CB3-9A22-1441C1F6754F}"= TCP:E:\LOST Zagubieni\Lost - Zagubieni\gu.exe:Lost - Zagubieni Updater "{1C1B7231-5EBD-42E1-B622-71B61CA19300}"= UDP:E:\LOST Zagubieni\Lost - Zagubieni\detection\Launcher.exe:Lost - Zagubieni Requirements Tool "{ECA83DF6-DB36-40F4-9CC8-11354BACE5D3}"= TCP:E:\LOST Zagubieni\Lost - Zagubieni\detection\Launcher.exe:Lost - Zagubieni Requirements Tool "TCP Query User{3C9E02AD-DA05-424C-8810-C28E46F9C054}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\polish\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe:Kaspersky Internet Security 2009 Setup "UDP Query User{AE9253F2-7E9A-4C18-83DE-BC94A9C14B6C}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2009\\polish\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\polish\setup.exe:Kaspersky Internet Security 2009 Setup "TCP Query User{2E1A5C2C-FBB1-4C81-A4DD-DC43E141F393}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{FA6A9F03-16BA-4834-A30F-E089705F5A00}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{65FC929C-5131-4647-BB1B-82A936C09C7C}E:\\lost - zagubieni\\yeti_final_win32.exe"= UDP:E:\lost - zagubieni\yeti_final_win32.exe:Lost "UDP Query User{EDD1F751-7CD4-46F3-AE29-2199AC4A0B6E}E:\\lost - zagubieni\\yeti_final_win32.exe"= TCP:E:\lost - zagubieni\yeti_final_win32.exe:Lost "TCP Query User{FABC1FDA-83D6-4DB2-BEE1-F29A2AF0F2B4}C:\\users\\marcin\\flashget.exe"= UDP:C:\users\marcin\flashget.exe:flashget.exe "UDP Query User{0B34D834-958E-4108-88C8-E2A094F34BBE}C:\\users\\marcin\\flashget.exe"= TCP:C:\users\marcin\flashget.exe:flashget.exe "TCP Query User{296F9E6B-13E7-47A7-A2F9-9BBECFC33167}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet "UDP Query User{D25E1510-708F-4796-88BD-0EBF67030243}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet "{D7BDDA2D-378C-4E7C-89A5-83F98EDC5DF6}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{38154FCB-FF3E-4463-9A3A-6D5AE642B559}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{F4B60052-C840-4A66-95D4-7163F4F2C5B2}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{A909226E-309D-4749-9684-C802B1D47DCD}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 449536] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Zawartość folderu 'Zaplanowane zadania' . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-24 21:28:23 Windows 6.0.6000 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2008-09-24 21:29:46 ComboFix-quarantined-files.txt 2008-09-24 19:29:41 ComboFix2.txt 2008-09-24 15:40:27 ComboFix3.txt 2008-09-21 13:14:16 Przed: System nie moľe znale«† komunikatu dla numeru komunikatu 0x2379 w pliku komunikat˘w dla Application. Po: 156,412,706,816 bajt˘w wolnych 198 --- E O F --- 2008-09-18 20:40:00

Dodano 25.09.2008 19:04:19:
i co wszystko w porządku?